Puppet users - Sep 2009 - Errors after upgrade to 0.25.0

After upgrading one of our puppetmasters to 0.25.0 we get the
following errors on the client (also running 0.25.0):
err: /File[/var/puppet/lib]: Failed to generate additional resources
using ''eval_generate'': Error 403 on SERVER: Forbidden request:
lab-
git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins
[search] at line 0
err: /File[/var/puppet/lib]: Failed to retrieve current state of
resource: Error 403 on SERVER: Forbidden request: lab-
git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [find]
at line 0  Could not retrieve file metadata for
puppet://puppeteer.sfbay.sun.com/plugins:
Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM
(10.6.48.12) access to /file_metadata/plugins [find] at line 0
err: Could not retrieve catalog from remote server: Error 403 on
SERVER: Forbidden request: lab-git2.SFBay.Sun.COM(10.6.48.12) access
to /catalog/lab-git2.sfbay.sun.com [find] at line 0

I do not have an auth.conf file. Any hints to why this is happening
are very welcome :)

cheers,
/Martin
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Have you looked at the new auth.conf file? Chances are you need to put
one into
your /etc/puppet directory... Theres a sample one in the source code
bundle.

Greg

On Sep 10, 12:31 am, Martin Englund <martin.engl...@sun.com>
wrote:
> After upgrading one of our puppetmasters to 0.25.0 we get the
> following errors on the client (also running 0.25.0):
> err: /File[/var/puppet/lib]: Failed to generate additional resources
> using ''eval_generate'': Error 403 on SERVER: Forbidden
request: lab-
> git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins
> [search] at line 0
> err: /File[/var/puppet/lib]: Failed to retrieve current state of
> resource: Error 403 on SERVER: Forbidden request: lab-
> git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [find]
> at line 0  Could not retrieve file metadata for
puppet://puppeteer.sfbay.sun.com/plugins:
> Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM
> (10.6.48.12) access to /file_metadata/plugins [find] at line 0
> err: Could not retrieve catalog from remote server: Error 403 on
> SERVER: Forbidden request: lab-git2.SFBay.Sun.COM(10.6.48.12) access
> to /catalog/lab-git2.sfbay.sun.com [find] at line 0
>
> I do not have an auth.conf file. Any hints to why this is happening
> are very welcome :)
>
> cheers,
> /Martin
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Wed, 2009-09-09 at 07:31 -0700, Martin Englund wrote:
> After upgrading one of our puppetmasters to 0.25.0 we get the
> following errors on the client (also running 0.25.0):
> err: /File[/var/puppet/lib]: Failed to generate additional resources
> using ''eval_generate'': Error 403 on SERVER: Forbidden
request: lab-
> git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins
> [search] at line 0
> err: /File[/var/puppet/lib]: Failed to retrieve current state of
> resource: Error 403 on SERVER: Forbidden request: lab-
> git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [find]
> at line 0  Could not retrieve file metadata for
puppet://puppeteer.sfbay.sun.com/plugins:
> Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM
> (10.6.48.12) access to /file_metadata/plugins [find] at line 0
> err: Could not retrieve catalog from remote server: Error 403 on
> SERVER: Forbidden request: lab-git2.SFBay.Sun.COM(10.6.48.12) access
> to /catalog/lab-git2.sfbay.sun.com [find] at line 0
> 
> I do not have an auth.conf file. Any hints to why this is happening
> are very welcome :)
Are you sure you don''t have an auth.conf file?

Because without an auth.conf file the ACL for file access is just:
path /file
allow *

Which means all unauthenticated file accesses are allowed (which
basically is the kind of thing that didn''t work in your case).

Can you open a redmine ticket with the whole puppetmaster log. Make sure
you include all the relevant details including the master log part about
the access stuff like those:
info: access[^/catalog/([^/]+)$]: allowing ''method'' find
...

Thanks,
-- 
Brice Figureau
My Blog: http://www.masterzen.fr/


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Sep 10, 3:12 am, Brice Figureau <brice-pup...@daysofwonder.com>
wrote:
> On Wed, 2009-09-09 at 07:31 -0700, Martin Englund wrote:
> > After upgrading one of our puppetmasters to 0.25.0 we get the
> > following errors on the client (also running 0.25.0):
> > err: /File[/var/puppet/lib]: Failed to generate additional resources
> > using ''eval_generate'': Error 403 on SERVER:
Forbidden request: lab-
> > git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins
> > [search] at line 0
> > err: /File[/var/puppet/lib]: Failed to retrieve current state of
> > resource: Error 403 on SERVER: Forbidden request: lab-
> > git2.SFBay.Sun.COM(10.6.48.12) access to /file_metadata/plugins [find]
> > at line 0  Could not retrieve file metadata for
puppet://puppeteer.sfbay.sun.com/plugins:
> > Error 403 on SERVER: Forbidden request: lab-git2.SFBay.Sun.COM
> > (10.6.48.12) access to /file_metadata/plugins [find] at line 0
> > err: Could not retrieve catalog from remote server: Error 403 on
> > SERVER: Forbidden request: lab-git2.SFBay.Sun.COM(10.6.48.12) access
> > to /catalog/lab-git2.sfbay.sun.com [find] at line 0
>
> > I do not have an auth.conf file. Any hints to why this is happening
> > are very welcome :)
>
> Are you sure you don''t have an auth.conf file?
>
> Because without an auth.conf file the ACL for file access is just:
> path /file
> allow *
>
> Which means all unauthenticated file accesses are allowed (which
> basically is the kind of thing that didn''t work in your case).
>
> Can you open a redmine ticket with the whole puppetmaster log. Make sure
> you include all the relevant details including the master log part about
> the access stuff like those:
> info: access[^/catalog/([^/]+)$]: allowing ''method'' find
Brice, I''m having a similar problem after upgrade to 0.25: look:

This is the syslog at puppetmasterd:
Sep 11 01:33:15 vps200 puppetmasterd[3705]: (access[/]) defaulting to
no access for 67.212.94.125
Sep 11 01:33:15 vps200 puppetmasterd[3705]: Denying access: Forbidden
request: 67.212.94.125(67.212.94.125) access to /catalog/
vps204.speedyrails.ca [find] at line 0
Sep 11 01:33:15 vps200 puppetmasterd[3705]: Forbidden request:
67.212.94.125(67.212.94.125) access to /catalog/vps204.speedyrails.ca
[find] at line 0


and, this is the error at puppet client:

vps204:~# puppetd -tv
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won''t be verified in this SSL session
err: Could not retrieve catalog from remote server: Error 403 on
SERVER: Forbidden request: 67.212.94.125(67.212.94.125) access to /
catalog/vps204.speedyrails.ca [find] at line 0
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Where can I find info about this auth.conf file? it has be in /etc/
puppet/auth.conf at puppetmaster or puppet client?

regards,
Israel
> ...
>
> Thanks,
> --
> Brice Figureau
> My Blog:http://www.masterzen.fr/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---