After upgrading one of our puppetmasters to 0.25.0 we get the following errors on the client (also running 0.25.0): err: /File[/var/puppet/lib]: Failed to generate additional resources using ''eval_generate'': Error 403 on SERVER: Forbidden request: lab- git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [search] at line 0 err: /File[/var/puppet/lib]: Failed to retrieve current state of resource: Error 403 on SERVER: Forbidden request: lab- git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [find] at line 0 Could not retrieve file metadata for puppet://puppeteer.sfbay.sun.com/plugins: Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM (10.6.48.12) access to /file_metadata/plugins [find] at line 0 err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM(10.6.48.12) access to /catalog/lab-git2.sfbay.sun.com [find] at line 0 I do not have an auth.conf file. Any hints to why this is happening are very welcome :) cheers, /Martin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Have you looked at the new auth.conf file? Chances are you need to put one into your /etc/puppet directory... Theres a sample one in the source code bundle. Greg On Sep 10, 12:31 am, Martin Englund <martin.engl...@sun.com> wrote:> After upgrading one of our puppetmasters to 0.25.0 we get the > following errors on the client (also running 0.25.0): > err: /File[/var/puppet/lib]: Failed to generate additional resources > using ''eval_generate'': Error 403 on SERVER: Forbidden request: lab- > git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins > [search] at line 0 > err: /File[/var/puppet/lib]: Failed to retrieve current state of > resource: Error 403 on SERVER: Forbidden request: lab- > git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [find] > at line 0 Could not retrieve file metadata for puppet://puppeteer.sfbay.sun.com/plugins: > Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM > (10.6.48.12) access to /file_metadata/plugins [find] at line 0 > err: Could not retrieve catalog from remote server: Error 403 on > SERVER: Forbidden request: lab-git2.SFBay.Sun.COM(10.6.48.12) access > to /catalog/lab-git2.sfbay.sun.com [find] at line 0 > > I do not have an auth.conf file. Any hints to why this is happening > are very welcome :) > > cheers, > /Martin--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Wed, 2009-09-09 at 07:31 -0700, Martin Englund wrote:> After upgrading one of our puppetmasters to 0.25.0 we get the > following errors on the client (also running 0.25.0): > err: /File[/var/puppet/lib]: Failed to generate additional resources > using ''eval_generate'': Error 403 on SERVER: Forbidden request: lab- > git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins > [search] at line 0 > err: /File[/var/puppet/lib]: Failed to retrieve current state of > resource: Error 403 on SERVER: Forbidden request: lab- > git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [find] > at line 0 Could not retrieve file metadata for puppet://puppeteer.sfbay.sun.com/plugins: > Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM > (10.6.48.12) access to /file_metadata/plugins [find] at line 0 > err: Could not retrieve catalog from remote server: Error 403 on > SERVER: Forbidden request: lab-git2.SFBay.Sun.COM(10.6.48.12) access > to /catalog/lab-git2.sfbay.sun.com [find] at line 0 > > I do not have an auth.conf file. Any hints to why this is happening > are very welcome :)Are you sure you don''t have an auth.conf file? Because without an auth.conf file the ACL for file access is just: path /file allow * Which means all unauthenticated file accesses are allowed (which basically is the kind of thing that didn''t work in your case). Can you open a redmine ticket with the whole puppetmaster log. Make sure you include all the relevant details including the master log part about the access stuff like those: info: access[^/catalog/([^/]+)$]: allowing ''method'' find ... Thanks, -- Brice Figureau My Blog: http://www.masterzen.fr/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Sep 10, 3:12 am, Brice Figureau <brice-pup...@daysofwonder.com> wrote:> On Wed, 2009-09-09 at 07:31 -0700, Martin Englund wrote: > > After upgrading one of our puppetmasters to 0.25.0 we get the > > following errors on the client (also running 0.25.0): > > err: /File[/var/puppet/lib]: Failed to generate additional resources > > using ''eval_generate'': Error 403 on SERVER: Forbidden request: lab- > > git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins > > [search] at line 0 > > err: /File[/var/puppet/lib]: Failed to retrieve current state of > > resource: Error 403 on SERVER: Forbidden request: lab- > > git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [find] > > at line 0 Could not retrieve file metadata for puppet://puppeteer.sfbay.sun.com/plugins: > > Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM > > (10.6.48.12) access to /file_metadata/plugins [find] at line 0 > > err: Could not retrieve catalog from remote server: Error 403 on > > SERVER: Forbidden request: lab-git2.SFBay.Sun.COM(10.6.48.12) access > > to /catalog/lab-git2.sfbay.sun.com [find] at line 0 > > > I do not have an auth.conf file. Any hints to why this is happening > > are very welcome :) > > Are you sure you don''t have an auth.conf file? > > Because without an auth.conf file the ACL for file access is just: > path /file > allow * > > Which means all unauthenticated file accesses are allowed (which > basically is the kind of thing that didn''t work in your case). > > Can you open a redmine ticket with the whole puppetmaster log. Make sure > you include all the relevant details including the master log part about > the access stuff like those: > info: access[^/catalog/([^/]+)$]: allowing ''method'' findBrice, I''m having a similar problem after upgrade to 0.25: look: This is the syslog at puppetmasterd: Sep 11 01:33:15 vps200 puppetmasterd[3705]: (access[/]) defaulting to no access for 67.212.94.125 Sep 11 01:33:15 vps200 puppetmasterd[3705]: Denying access: Forbidden request: 67.212.94.125(67.212.94.125) access to /catalog/ vps204.speedyrails.ca [find] at line 0 Sep 11 01:33:15 vps200 puppetmasterd[3705]: Forbidden request: 67.212.94.125(67.212.94.125) access to /catalog/vps204.speedyrails.ca [find] at line 0 and, this is the error at puppet client: vps204:~# puppetd -tv warning: peer certificate won''t be verified in this SSL session info: Caching certificate for ca warning: peer certificate won''t be verified in this SSL session err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: 67.212.94.125(67.212.94.125) access to / catalog/vps204.speedyrails.ca [find] at line 0 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Where can I find info about this auth.conf file? it has be in /etc/ puppet/auth.conf at puppetmaster or puppet client? regards, Israel> ... > > Thanks, > -- > Brice Figureau > My Blog:http://www.masterzen.fr/--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---