I''m trying to push client configurations from the puppetmaster instead
of having scheduled runs on each client.
I think puppetrun is what I''m after but I can''t get it to
work!
On the client node
# cat namespaceauth.conf
[puppetrunner]
allow my_fqdn_puppetmaster
[puppetbucket]
allow *.my_domain
[puppetreports]
allow *.my_domain
[resource]
allow *.my_domain
# puppetd --no-client --listen
On the puppet master:
# puppetrun my_fqdn_host
Triggering my_fqdn_host
Host my_fqdn_host failed: Error 403 on SERVER: Forbidden request:
my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save]
authenticated at line 93
my_fqdn_host finished with exit code 2
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On Aug 20, 2010, at 6:05 AM, matonb wrote:> I''m trying to push client configurations from the puppetmaster instead > of having scheduled runs on each client. > I think puppetrun is what I''m after but I can''t get it to work! >Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *". -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Didn''t help unfortunaltely. Still getting the same error(s)! On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote:> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > I''m trying to push client configurations from the puppetmaster instead > > of having scheduled runs on each client. > > I think puppetrun is what I''m after but I can''t get it to work! > > Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *".-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Here are a couple more things: What version is your client? What version is your server? Make sure you''re running puppetrun as root. Make sure that running "puppetd --test --verbose" as root on the client actually works. On Aug 23, 2010, at 12:53 AM, matonb wrote:> > Didn''t help unfortunaltely. Still getting the same error(s)! > > On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: >> On Aug 20, 2010, at 6:05 AM, matonb wrote: >> >>> I''m trying to push client configurations from the puppetmaster instead >>> of having scheduled runs on each client. >>> I think puppetrun is what I''m after but I can''t get it to work! >> >> Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *". >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Patrick, The client and server are both version 2.6.0 I am running puppetrun as root on the puppet master server. And yes, a test run completes successfully.... Thanks for your help, Brett On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote:> Here are a couple more things: > What version is your client? > What version is your server? > Make sure you''re running puppetrun as root. > Make sure that running "puppetd --test --verbose" as root on the client actually works. > > On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > > Didn''t help unfortunaltely. Still getting the same error(s)! > > > On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > >> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > >>> I''m trying to push client configurations from the puppetmaster instead > >>> of having scheduled runs on each client. > >>> I think puppetrun is what I''m after but I can''t get it to work! > > >> Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *".-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Aug 23, 2010, at 2:10 AM, matonb wrote:> Hi Patrick, > > The client and server are both version 2.6.0 > I am running puppetrun as root on the puppet master server. > And yes, a test run completes successfully.... > > Thanks for your help, > Brett >Puppet.conf had it''s section names changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf could have had it''s section names changed in 2.6.0. You might want to add a section for "kick" and test it. This is just a shot in the dark though because I''m running out of ideas. On Jul 18, 2010, at 8:31 PM, James Turnbull wrote:> Single Binary > > Puppet is now available as a single binary with sub-arguments for the > functions previously provided by the seperate binaries (the existing > binaries remain for backwards compatibility). This includes renaming > several Puppet functions to better fit an overall model. > > List of binary changes > > puppetmasterd –> puppet master > puppetd –> puppet agent > puppet –> puppet apply > puppetca –> puppet cert > ralsh –> puppet resource > puppetrun –> puppet kick > puppetqd –> puppet queue > filebucket –> puppet filebucket > puppetdoc –> puppet doc > pi –> puppet describe > > This also results in a change in the puppet.conf configuration file. > The sections, previously things like [puppetd], now should be renamed to > match the new binary names. So [puppetd] becomes [agent]. You will be > prompted to do this when you start Puppet with a log message for each > section that needs to be renamed. This is merely a warning - existing > configuration file will work unchanged.> > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: >> Here are a couple more things: >> What version is your client? >> What version is your server? >> Make sure you''re running puppetrun as root. >> Make sure that running "puppetd --test --verbose" as root on the client actually works. >> >> On Aug 23, 2010, at 12:53 AM, matonb wrote: >> >> >> >>> Didn''t help unfortunaltely. Still getting the same error(s)! >> >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: >> >>>>> I''m trying to push client configurations from the puppetmaster instead >>>>> of having scheduled runs on each client. >>>>> I think puppetrun is what I''m after but I can''t get it to work! >> >>>> Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *". > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I''ll give it ago in the morning, fingers crossed :-) On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote:> On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > Hi Patrick, > > > The client and server are both version 2.6.0 > > I am running puppetrun as root on the puppet master server. > > And yes, a test run completes successfully.... > > > Thanks for your help, > > Brett > > Puppet.conf had it''s section names changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf could have had it''s section names changed in 2.6.0. You might want to add a section for "kick" and test it. This is just a shot in the dark though because I''m running out of ideas. > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > Single Binary > > > Puppet is now available as a single binary with sub-arguments for the > > functions previously provided by the seperate binaries (the existing > > binaries remain for backwards compatibility). This includes renaming > > several Puppet functions to better fit an overall model. > > > List of binary changes > > > puppetmasterd –> puppet master > > puppetd –> puppet agent > > puppet –> puppet apply > > puppetca –> puppet cert > > ralsh –> puppet resource > > puppetrun –> puppet kick > > puppetqd –> puppet queue > > filebucket –> puppet filebucket > > puppetdoc –> puppet doc > > pi –> puppet describe > > > This also results in a change in the puppet.conf configuration file. > > The sections, previously things like [puppetd], now should be renamed to > > match the new binary names. So [puppetd] becomes [agent]. You will be > > prompted to do this when you start Puppet with a log message for each > > section that needs to be renamed. This is merely a warning - existing > > configuration file will work unchanged. > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > >> Here are a couple more things: > >> What version is your client? > >> What version is your server? > >> Make sure you''re running puppetrun as root. > >> Make sure that running "puppetd --test --verbose" as root on the client actually works. > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > >>> Didn''t help unfortunaltely. Still getting the same error(s)! > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > >>>>> I''m trying to push client configurations from the puppetmaster instead > >>>>> of having scheduled runs on each client. > >>>>> I think puppetrun is what I''m after but I can''t get it to work! > > >>>> Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *". > > > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Sigh, Still a no-go. I tried adding a [kick] section to namespaceauth.conf and then with one in puppet.conf. Niether worked, still getting the 403 forbidden message.... On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote:> I''ll give it ago in the morning, fingers crossed :-) > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > Hi Patrick, > > > > The client and server are both version 2.6.0 > > > I am running puppetrun as root on the puppet master server. > > > And yes, a test run completes successfully.... > > > > Thanks for your help, > > > Brett > > > Puppet.conf had it''s section names changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf could have had it''s section names changed in 2.6.0. You might want to add a section for "kick" and test it. This is just a shot in the dark though because I''m running out of ideas. > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > Single Binary > > > > Puppet is now available as a single binary with sub-arguments for the > > > functions previously provided by the seperate binaries (the existing > > > binaries remain for backwards compatibility). This includes renaming > > > several Puppet functions to better fit an overall model. > > > > List of binary changes > > > > puppetmasterd –> puppet master > > > puppetd –> puppet agent > > > puppet –> puppet apply > > > puppetca –> puppet cert > > > ralsh –> puppet resource > > > puppetrun –> puppet kick > > > puppetqd –> puppet queue > > > filebucket –> puppet filebucket > > > puppetdoc –> puppet doc > > > pi –> puppet describe > > > > This also results in a change in the puppet.conf configuration file. > > > The sections, previously things like [puppetd], now should be renamed to > > > match the new binary names. So [puppetd] becomes [agent]. You will be > > > prompted to do this when you start Puppet with a log message for each > > > section that needs to be renamed. This is merely a warning - existing > > > configuration file will work unchanged. > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > >> Here are a couple more things: > > >> What version is your client? > > >> What version is your server? > > >> Make sure you''re running puppetrun as root. > > >> Make sure that running "puppetd --test --verbose" as root on the client actually works. > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > >>> Didn''t help unfortunaltely. Still getting the same error(s)! > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > >>>>> I''m trying to push client configurations from the puppetmaster instead > > >>>>> of having scheduled runs on each client. > > >>>>> I think puppetrun is what I''m after but I can''t get it to work! > > > >>>> Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *". > > > > -- > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > To post to this group, send email to puppet-users@googlegroups.com. > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Error messages have changed slightly (not sure when though) I didn''t notice the Denying access before: Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden request: my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] authenticated at line 93 Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] authenticated at line 93 just checked /etc/puppet/namespaceauth.conf on the client node which now only contains: [puppetrunner] allow * [kick] allow * On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote:> Sigh, > > Still a no-go. I tried adding a [kick] section to > namespaceauth.conf and then with one in puppet.conf. > Niether worked, still getting the403forbidden message.... > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: > > > I''ll give it ago in the morning, fingers crossed :-) > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > > Hi Patrick, > > > > > The client and server are both version 2.6.0 > > > > I am running puppetrun as root on the puppet master server. > > > > And yes, a test run completes successfully.... > > > > > Thanks for your help, > > > > Brett > > > > Puppet.conf had it''s section names changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf could have had it''s section names changed in 2.6.0. You might want to add a section for "kick" and test it. This is just a shot in the dark though because I''m running out of ideas. > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > Single Binary > > > > > Puppet is now available as a single binary with sub-arguments for the > > > > functions previously provided by the seperate binaries (the existing > > > > binaries remain for backwards compatibility). This includes renaming > > > > several Puppet functions to better fit an overall model. > > > > > List of binary changes > > > > > puppetmasterd –> puppet master > > > > puppetd –> puppet agent > > > > puppet –> puppet apply > > > > puppetca –> puppet cert > > > > ralsh –> puppet resource > > > > puppetrun –> puppet kick > > > > puppetqd –> puppet queue > > > > filebucket –> puppet filebucket > > > > puppetdoc –> puppet doc > > > > pi –> puppet describe > > > > > This also results in a change in the puppet.conf configuration file. > > > > The sections, previously things like [puppetd], now should be renamed to > > > > match the new binary names. So [puppetd] becomes [agent]. You will be > > > > prompted to do this when you start Puppet with a log message for each > > > > section that needs to be renamed. This is merely a warning - existing > > > > configuration file will work unchanged. > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > > >> Here are a couple more things: > > > >> What version is your client? > > > >> What version is your server? > > > >> Make sure you''re running puppetrun as root. > > > >> Make sure that running "puppetd --test --verbose" as root on the client actually works. > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > >>> Didn''t help unfortunaltely. Still getting the same error(s)! > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > > >>>>> I''m trying to push client configurations from the puppetmaster instead > > > >>>>> of having scheduled runs on each client. > > > >>>>> I think puppetrun is what I''m after but I can''t get it to work! > > > > >>>> Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *". > > > > > -- > > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > > To post to this group, send email to puppet-users@googlegroups.com. > > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Patrick, I figured it out by adding --verbose when starting the client listener. Turns out I had to add the puppetmaster to auth.conf. I''m sure that it''s probably documented somewhere. Be damned if I could find anything useful on "kick" though. Thanks, for your help all the same. On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com> wrote:> Error messages have changed slightly (not sure when though) I didn''t > notice the Denying access before: > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden request: > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > authenticated at line 93 > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > authenticated at line 93 > > just checked /etc/puppet/namespaceauth.conf on the client node which > now only contains: > > [puppetrunner] > allow * > [kick] > allow * > > On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > Sigh, > > > Still a no-go. I tried adding a [kick] section to > > namespaceauth.conf and then with one in puppet.conf. > > Niether worked, still getting the403forbidden message.... > > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > I''ll give it ago in the morning, fingers crossed :-) > > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > > > Hi Patrick, > > > > > > The client and server are both version 2.6.0 > > > > > I am running puppetrun as root on the puppet master server. > > > > > And yes, a test run completes successfully.... > > > > > > Thanks for your help, > > > > > Brett > > > > > Puppet.conf had it''s section names changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf could have had it''s section names changed in 2.6.0. You might want to add a section for "kick" and test it. This is just a shot in the dark though because I''m running out of ideas. > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > > Single Binary > > > > > > Puppet is now available as a single binary with sub-arguments for the > > > > > functions previously provided by the seperate binaries (the existing > > > > > binaries remain for backwards compatibility). This includes renaming > > > > > several Puppet functions to better fit an overall model. > > > > > > List of binary changes > > > > > > puppetmasterd –> puppet master > > > > > puppetd –> puppet agent > > > > > puppet –> puppet apply > > > > > puppetca –> puppet cert > > > > > ralsh –> puppet resource > > > > > puppetrun –> puppet kick > > > > > puppetqd –> puppet queue > > > > > filebucket –> puppet filebucket > > > > > puppetdoc –> puppet doc > > > > > pi –> puppet describe > > > > > > This also results in a change in the puppet.conf configuration file. > > > > > The sections, previously things like [puppetd], now should be renamed to > > > > > match the new binary names. So [puppetd] becomes [agent]. You will be > > > > > prompted to do this when you start Puppet with a log message for each > > > > > section that needs to be renamed. This is merely a warning - existing > > > > > configuration file will work unchanged. > > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > > > >> Here are a couple more things: > > > > >> What version is your client? > > > > >> What version is your server? > > > > >> Make sure you''re running puppetrun as root. > > > > >> Make sure that running "puppetd --test --verbose" as root on the client actually works. > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > > >>> Didn''t help unfortunaltely. Still getting the same error(s)! > > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > > > >>>>> I''m trying to push client configurations from the puppetmaster instead > > > > >>>>> of having scheduled runs on each client. > > > > >>>>> I think puppetrun is what I''m after but I can''t get it to work! > > > > > >>>> Try replacing the line in puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing every line with "allow *". > > > > > > -- > > > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > > > To post to this group, send email to puppet-users@googlegroups.com. > > > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi, What you add in the auth.conf? The hostname of puppetmaster or others? I got the same error and didn''t know how to resolve yet. Thanks and expect your reply! On Aug 24, 6:10 pm, matonb <brett.ma...@googlemail.com> wrote:> Hi Patrick, > > I figured it out by adding --verbose when starting the client > listener. Turns out I had to add the puppetmaster to auth.conf. > I''m sure that it''s probably documented somewhere. Be damned if I > could find anything useful on "kick" though. > > Thanks, for your help all the same. > > On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com> wrote: > > > Error messages have changed slightly (not sure when though) I didn''t > > notice the Denying access before: > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden request: > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > >authenticated atline93 > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > >authenticated atline93 > > > just checked /etc/puppet/namespaceauth.conf on the client node which > > now only contains: > > > [puppetrunner] > > allow * > > [kick] > > allow * > > > On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote: > > > > Sigh, > > > > Still a no-go. I tried adding a [kick] section to > > > namespaceauth.conf and then with one in puppet.conf. > > > Niether worked, still getting the403forbidden message.... > > > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > I''ll give it ago in the morning, fingers crossed :-) > > > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > > > > Hi Patrick, > > > > > > > The client and server are both version 2.6.0 > > > > > > I am running puppetrun as root on the puppet master server. > > > > > > And yes, a test run completes successfully.... > > > > > > > Thanks for your help, > > > > > > Brett > > > > > > Puppet.conf had it''s section names changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf could have had it''s section names changed in 2.6.0. You might want to add a section for "kick" and test it. This is just a shot in the dark though because I''m running out of ideas. > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > > > Single Binary > > > > > > > Puppet is now available as a single binary with sub-arguments for the > > > > > > functions previously provided by the seperate binaries (the existing > > > > > > binaries remain for backwards compatibility). This includes renaming > > > > > > several Puppet functions to better fit an overall model. > > > > > > > List of binary changes > > > > > > > puppetmasterd –> puppet master > > > > > > puppetd –> puppet agent > > > > > > puppet –> puppet apply > > > > > > puppetca –> puppet cert > > > > > > ralsh –> puppet resource > > > > > > puppetrun –> puppet kick > > > > > > puppetqd –> puppet queue > > > > > > filebucket –> puppet filebucket > > > > > > puppetdoc –> puppet doc > > > > > > pi –> puppet describe > > > > > > > This also results in a change in the puppet.conf configuration file. > > > > > > The sections, previously things like [puppetd], now should be renamed to > > > > > > match the new binary names. So [puppetd] becomes [agent]. You will be > > > > > > prompted to do this when you start Puppet with a log message for each > > > > > > section that needs to be renamed. This is merely a warning - existing > > > > > > configuration file will work unchanged. > > > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > > > > >> Here are a couple more things: > > > > > >> What version is your client? > > > > > >> What version is your server? > > > > > >> Make sure you''re running puppetrun as root. > > > > > >> Make sure that running "puppetd --test --verbose" as root on the client actually works. > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > > > >>> Didn''t help unfortunaltely. Still getting the same error(s)! > > > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > > > > >>>>> I''m trying to push client configurations from the puppetmaster instead > > > > > >>>>> of having scheduled runs on each client. > > > > > >>>>> I think puppetrun is what I''m after but I can''t get it to work! > > > > > > >>>> Try replacing thelinein puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing everylinewith "allow *". > > > > > > > -- > > > > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > > > > To post to this group, send email to puppet-users@googlegroups.com. > > > > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Dou ZQ, I added the puppetmaster hostname to the path / section: path / allow <puppetmaster> auth any Probably not the most secure option, but solved my problems. Brett On Sep 10, 3:25 am, Dou ZQ <douzl0...@gmail.com> wrote:> Hi, > What you add in the auth.conf? The hostname of puppetmaster or others? > I got the same error and didn''t know how to resolve yet. > > Thanks and expect your reply! > > On Aug 24, 6:10 pm, matonb <brett.ma...@googlemail.com> wrote: > > > Hi Patrick, > > > I figured it out by adding --verbose when starting the client > > listener. Turns out I had to add the puppetmaster to auth.conf. > > I''m sure that it''s probably documented somewhere. Be damned if I > > could find anything useful on "kick" though. > > > Thanks, for your help all the same. > > > On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com> wrote: > > > > Error messages have changed slightly (not sure when though) I didn''t > > > notice the Denying access before: > > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden request: > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > > >authenticated atline93 > > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > > >authenticated atline93 > > > > just checked /etc/puppet/namespaceauth.conf on the client node which > > > now only contains: > > > > [puppetrunner] > > > allow * > > > [kick] > > > allow * > > > > On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > Sigh, > > > > > Still a no-go. I tried adding a [kick] section to > > > > namespaceauth.conf and then with one in puppet.conf. > > > > Niether worked, still getting the403forbidden message.... > > > > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > > I''ll give it ago in the morning, fingers crossed :-) > > > > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > > > > > Hi Patrick, > > > > > > > > The client and server are both version 2.6.0 > > > > > > > I am running puppetrun as root on the puppet master server. > > > > > > > And yes, a test run completes successfully.... > > > > > > > > Thanks for your help, > > > > > > > Brett > > > > > > > Puppet.conf had it''s section names changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf could have had it''s section names changed in 2.6.0. You might want to add a section for "kick" and test it. This is just a shot in the dark though because I''m running out of ideas. > > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > > > > Single Binary > > > > > > > > Puppet is now available as a single binary with sub-arguments for the > > > > > > > functions previously provided by the seperate binaries (the existing > > > > > > > binaries remain for backwards compatibility). This includes renaming > > > > > > > several Puppet functions to better fit an overall model. > > > > > > > > List of binary changes > > > > > > > > puppetmasterd –> puppet master > > > > > > > puppetd –> puppet agent > > > > > > > puppet –> puppet apply > > > > > > > puppetca –> puppet cert > > > > > > > ralsh –> puppet resource > > > > > > > puppetrun –> puppet kick > > > > > > > puppetqd –> puppet queue > > > > > > > filebucket –> puppet filebucket > > > > > > > puppetdoc –> puppet doc > > > > > > > pi –> puppet describe > > > > > > > > This also results in a change in the puppet.conf configuration file. > > > > > > > The sections, previously things like [puppetd], now should be renamed to > > > > > > > match the new binary names. So [puppetd] becomes [agent]. You will be > > > > > > > prompted to do this when you start Puppet with a log message for each > > > > > > > section that needs to be renamed. This is merely a warning - existing > > > > > > > configuration file will work unchanged. > > > > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > > > > > >> Here are a couple more things: > > > > > > >> What version is your client? > > > > > > >> What version is your server? > > > > > > >> Make sure you''re running puppetrun as root. > > > > > > >> Make sure that running "puppetd --test --verbose" as root on the client actually works. > > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > > > > >>> Didn''t help unfortunaltely. Still getting the same error(s)! > > > > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > > > > > >>>>> I''m trying to push client configurations from the puppetmaster instead > > > > > > >>>>> of having scheduled runs on each client. > > > > > > >>>>> I think puppetrun is what I''m after but I can''t get it to work! > > > > > > > >>>> Try replacing thelinein puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing everylinewith "allow *". > > > > > > > > -- > > > > > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > > > > > To post to this group, send email to puppet-users@googlegroups.com. > > > > > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > > > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
mohit chawla
2010-Sep-10 10:20 UTC
Re: [Puppet Users] Re: puppetrun failing with Error 403?
path /run method save allow your.master.com On Fri, Sep 10, 2010 at 3:43 PM, matonb <brett.maton@googlemail.com> wrote:> Hi Dou ZQ, > > I added the puppetmaster hostname to the path / section: > > path / > allow <puppetmaster> > auth any > > Probably not the most secure option, but solved my problems. > > Brett > > On Sep 10, 3:25 am, Dou ZQ <douzl0...@gmail.com> wrote: > > Hi, > > What you add in the auth.conf? The hostname of puppetmaster or others? > > I got the same error and didn''t know how to resolve yet. > > > > Thanks and expect your reply! > > > > On Aug 24, 6:10 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > Hi Patrick, > > > > > I figured it out by adding --verbose when starting the client > > > listener. Turns out I had to add the puppetmaster to auth.conf. > > > I''m sure that it''s probably documented somewhere. Be damned if I > > > could find anything useful on "kick" though. > > > > > Thanks, for your help all the same. > > > > > On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > > Error messages have changed slightly (not sure when though) I didn''t > > > > notice the Denying access before: > > > > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden > request: > > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > > > >authenticated atline93 > > > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: > > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > > > >authenticated atline93 > > > > > > just checked /etc/puppet/namespaceauth.conf on the client node which > > > > now only contains: > > > > > > [puppetrunner] > > > > allow * > > > > [kick] > > > > allow * > > > > > > On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > > > Sigh, > > > > > > > Still a no-go. I tried adding a [kick] section to > > > > > namespaceauth.conf and then with one in puppet.conf. > > > > > Niether worked, still getting the403forbidden message.... > > > > > > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > > > > I''ll give it ago in the morning, fingers crossed :-) > > > > > > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > > > > > > > Hi Patrick, > > > > > > > > > > The client and server are both version 2.6.0 > > > > > > > > I am running puppetrun as root on the puppet master server. > > > > > > > > And yes, a test run completes successfully.... > > > > > > > > > > Thanks for your help, > > > > > > > > Brett > > > > > > > > > Puppet.conf had it''s section names changed in 2.6.0 (see > below). I''m wondering if the namespaceauth.conf could have had it''s section > names changed in 2.6.0. You might want to add a section for "kick" and test > it. This is just a shot in the dark though because I''m running out of > ideas. > > > > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > > > > > > Single Binary > > > > > > > > > > Puppet is now available as a single binary with sub-arguments > for the > > > > > > > > functions previously provided by the seperate binaries (the > existing > > > > > > > > binaries remain for backwards compatibility). This includes > renaming > > > > > > > > several Puppet functions to better fit an overall model. > > > > > > > > > > List of binary changes > > > > > > > > > > puppetmasterd –> puppet master > > > > > > > > puppetd –> puppet agent > > > > > > > > puppet –> puppet apply > > > > > > > > puppetca –> puppet cert > > > > > > > > ralsh –> puppet resource > > > > > > > > puppetrun –> puppet kick > > > > > > > > puppetqd –> puppet queue > > > > > > > > filebucket –> puppet filebucket > > > > > > > > puppetdoc –> puppet doc > > > > > > > > pi –> puppet describe > > > > > > > > > > This also results in a change in the puppet.conf > configuration file. > > > > > > > > The sections, previously things like [puppetd], now should be > renamed to > > > > > > > > match the new binary names. So [puppetd] becomes [agent]. > You will be > > > > > > > > prompted to do this when you start Puppet with a log message > for each > > > > > > > > section that needs to be renamed. This is merely a warning - > existing > > > > > > > > configuration file will work unchanged. > > > > > > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > > > > > > >> Here are a couple more things: > > > > > > > >> What version is your client? > > > > > > > >> What version is your server? > > > > > > > >> Make sure you''re running puppetrun as root. > > > > > > > >> Make sure that running "puppetd --test --verbose" as root on > the client actually works. > > > > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > > > > > > >>> Didn''t help unfortunaltely. Still getting the same > error(s)! > > > > > > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > > > > > > > >>>>> I''m trying to push client configurations from the > puppetmaster instead > > > > > > > >>>>> of having scheduled runs on each client. > > > > > > > >>>>> I think puppetrun is what I''m after but I can''t get it to > work! > > > > > > > > > >>>> Try replacing thelinein puppetrunner with "allow *" and > work back from there. If that doesn''t work, try replacing everylinewith > "allow *". > > > > > > > > > > -- > > > > > > > > You received this message because you are subscribed to the > Google Groups "Puppet Users" group. > > > > > > > > To post to this group, send email to > puppet-users@googlegroups.com. > > > > > > > > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > > > > > > > > For more options, visit this group athttp:// > groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi Brett, Thanks! My problem is resolved. The puppetrun can execute as before! Best wishes, dou 2010/9/10 matonb <brett.maton@googlemail.com>> Hi Dou ZQ, > > I added the puppetmaster hostname to the path / section: > > path / > allow <puppetmaster> > auth any > > Probably not the most secure option, but solved my problems. > > Brett > > On Sep 10, 3:25 am, Dou ZQ <douzl0...@gmail.com> wrote: > > Hi, > > What you add in the auth.conf? The hostname of puppetmaster or others? > > I got the same error and didn''t know how to resolve yet. > > > > Thanks and expect your reply! > > > > On Aug 24, 6:10 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > Hi Patrick, > > > > > I figured it out by adding --verbose when starting the client > > > listener. Turns out I had to add the puppetmaster to auth.conf. > > > I''m sure that it''s probably documented somewhere. Be damned if I > > > could find anything useful on "kick" though. > > > > > Thanks, for your help all the same. > > > > > On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > > Error messages have changed slightly (not sure when though) I didn''t > > > > notice the Denying access before: > > > > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden > request: > > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > > > >authenticated atline93 > > > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: > > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > > > >authenticated atline93 > > > > > > just checked /etc/puppet/namespaceauth.conf on the client node which > > > > now only contains: > > > > > > [puppetrunner] > > > > allow * > > > > [kick] > > > > allow * > > > > > > On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > > > Sigh, > > > > > > > Still a no-go. I tried adding a [kick] section to > > > > > namespaceauth.conf and then with one in puppet.conf. > > > > > Niether worked, still getting the403forbidden message.... > > > > > > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > > > > I''ll give it ago in the morning, fingers crossed :-) > > > > > > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > > > > > > > Hi Patrick, > > > > > > > > > > The client and server are both version 2.6.0 > > > > > > > > I am running puppetrun as root on the puppet master server. > > > > > > > > And yes, a test run completes successfully.... > > > > > > > > > > Thanks for your help, > > > > > > > > Brett > > > > > > > > > Puppet.conf had it''s section names changed in 2.6.0 (see > below). I''m wondering if the namespaceauth.conf could have had it''s section > names changed in 2.6.0. You might want to add a section for "kick" and test > it. This is just a shot in the dark though because I''m running out of > ideas. > > > > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > > > > > > Single Binary > > > > > > > > > > Puppet is now available as a single binary with sub-arguments > for the > > > > > > > > functions previously provided by the seperate binaries (the > existing > > > > > > > > binaries remain for backwards compatibility). This includes > renaming > > > > > > > > several Puppet functions to better fit an overall model. > > > > > > > > > > List of binary changes > > > > > > > > > > puppetmasterd –> puppet master > > > > > > > > puppetd –> puppet agent > > > > > > > > puppet –> puppet apply > > > > > > > > puppetca –> puppet cert > > > > > > > > ralsh –> puppet resource > > > > > > > > puppetrun –> puppet kick > > > > > > > > puppetqd –> puppet queue > > > > > > > > filebucket –> puppet filebucket > > > > > > > > puppetdoc –> puppet doc > > > > > > > > pi –> puppet describe > > > > > > > > > > This also results in a change in the puppet.conf > configuration file. > > > > > > > > The sections, previously things like [puppetd], now should be > renamed to > > > > > > > > match the new binary names. So [puppetd] becomes [agent]. > You will be > > > > > > > > prompted to do this when you start Puppet with a log message > for each > > > > > > > > section that needs to be renamed. This is merely a warning - > existing > > > > > > > > configuration file will work unchanged. > > > > > > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > > > > > > >> Here are a couple more things: > > > > > > > >> What version is your client? > > > > > > > >> What version is your server? > > > > > > > >> Make sure you''re running puppetrun as root. > > > > > > > >> Make sure that running "puppetd --test --verbose" as root on > the client actually works. > > > > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > > > > > > >>> Didn''t help unfortunaltely. Still getting the same > error(s)! > > > > > > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > > > > > > > >>>>> I''m trying to push client configurations from the > puppetmaster instead > > > > > > > >>>>> of having scheduled runs on each client. > > > > > > > >>>>> I think puppetrun is what I''m after but I can''t get it to > work! > > > > > > > > > >>>> Try replacing thelinein puppetrunner with "allow *" and > work back from there. If that doesn''t work, try replacing everylinewith > "allow *". > > > > > > > > > > -- > > > > > > > > You received this message because you are subscribed to the > Google Groups "Puppet Users" group. > > > > > > > > To post to this group, send email to > puppet-users@googlegroups.com. > > > > > > > > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > > > > > > > > For more options, visit this group athttp:// > groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
path / auth yes allow * is OK, too. 2010/9/10 mohit chawla <mohit.chawla.binary@gmail.com>> path /run > method save > allow your.master.com > > > On Fri, Sep 10, 2010 at 3:43 PM, matonb <brett.maton@googlemail.com>wrote: > >> Hi Dou ZQ, >> >> I added the puppetmaster hostname to the path / section: >> >> path / >> allow <puppetmaster> >> auth any >> >> Probably not the most secure option, but solved my problems. >> >> Brett >> >> On Sep 10, 3:25 am, Dou ZQ <douzl0...@gmail.com> wrote: >> > Hi, >> > What you add in the auth.conf? The hostname of puppetmaster or others? >> > I got the same error and didn''t know how to resolve yet. >> > >> > Thanks and expect your reply! >> > >> > On Aug 24, 6:10 pm, matonb <brett.ma...@googlemail.com> wrote: >> > >> > > Hi Patrick, >> > >> > > I figured it out by adding --verbose when starting the client >> > > listener. Turns out I had to add the puppetmaster to auth.conf. >> > > I''m sure that it''s probably documented somewhere. Be damned if I >> > > could find anything useful on "kick" though. >> > >> > > Thanks, for your help all the same. >> > >> > > On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com> wrote: >> > >> > > > Error messages have changed slightly (not sure when though) I didn''t >> > > > notice the Denying access before: >> > >> > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden >> request: >> > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] >> > > >authenticated atline93 >> > > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: >> > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] >> > > >authenticated atline93 >> > >> > > > just checked /etc/puppet/namespaceauth.conf on the client node which >> > > > now only contains: >> > >> > > > [puppetrunner] >> > > > allow * >> > > > [kick] >> > > > allow * >> > >> > > > On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote: >> > >> > > > > Sigh, >> > >> > > > > Still a no-go. I tried adding a [kick] section to >> > > > > namespaceauth.conf and then with one in puppet.conf. >> > > > > Niether worked, still getting the403forbidden message.... >> > >> > > > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: >> > >> > > > > > I''ll give it ago in the morning, fingers crossed :-) >> > >> > > > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: >> > >> > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: >> > >> > > > > > > > Hi Patrick, >> > >> > > > > > > > The client and server are both version 2.6.0 >> > > > > > > > I am running puppetrun as root on the puppet master server. >> > > > > > > > And yes, a test run completes successfully.... >> > >> > > > > > > > Thanks for your help, >> > > > > > > > Brett >> > >> > > > > > > Puppet.conf had it''s section names changed in 2.6.0 (see >> below). I''m wondering if the namespaceauth.conf could have had it''s section >> names changed in 2.6.0. You might want to add a section for "kick" and test >> it. This is just a shot in the dark though because I''m running out of >> ideas. >> > >> > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: >> > >> > > > > > > > Single Binary >> > >> > > > > > > > Puppet is now available as a single binary with >> sub-arguments for the >> > > > > > > > functions previously provided by the seperate binaries (the >> existing >> > > > > > > > binaries remain for backwards compatibility). This includes >> renaming >> > > > > > > > several Puppet functions to better fit an overall model. >> > >> > > > > > > > List of binary changes >> > >> > > > > > > > puppetmasterd –> puppet master >> > > > > > > > puppetd –> puppet agent >> > > > > > > > puppet –> puppet apply >> > > > > > > > puppetca –> puppet cert >> > > > > > > > ralsh –> puppet resource >> > > > > > > > puppetrun –> puppet kick >> > > > > > > > puppetqd –> puppet queue >> > > > > > > > filebucket –> puppet filebucket >> > > > > > > > puppetdoc –> puppet doc >> > > > > > > > pi –> puppet describe >> > >> > > > > > > > This also results in a change in the puppet.conf >> configuration file. >> > > > > > > > The sections, previously things like [puppetd], now should >> be renamed to >> > > > > > > > match the new binary names. So [puppetd] becomes [agent]. >> You will be >> > > > > > > > prompted to do this when you start Puppet with a log message >> for each >> > > > > > > > section that needs to be renamed. This is merely a warning >> - existing >> > > > > > > > configuration file will work unchanged. >> > >> > > > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: >> > > > > > > >> Here are a couple more things: >> > > > > > > >> What version is your client? >> > > > > > > >> What version is your server? >> > > > > > > >> Make sure you''re running puppetrun as root. >> > > > > > > >> Make sure that running "puppetd --test --verbose" as root >> on the client actually works. >> > >> > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: >> > >> > > > > > > >>> Didn''t help unfortunaltely. Still getting the same >> error(s)! >> > >> > > > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: >> > > > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: >> > >> > > > > > > >>>>> I''m trying to push client configurations from the >> puppetmaster instead >> > > > > > > >>>>> of having scheduled runs on each client. >> > > > > > > >>>>> I think puppetrun is what I''m after but I can''t get it >> to work! >> > >> > > > > > > >>>> Try replacing thelinein puppetrunner with "allow *" and >> work back from there. If that doesn''t work, try replacing everylinewith >> "allow *". >> > >> > > > > > > > -- >> > > > > > > > You received this message because you are subscribed to the >> Google Groups "Puppet Users" group. >> > > > > > > > To post to this group, send email to >> puppet-users@googlegroups.com. >> > > > > > > > To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> >> . >> > > > > > > > For more options, visit this group athttp:// >> groups.google.com/group/puppet-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Can you please show the namespaceouth,conf file? I having the same
problem :(
mine looks like this
[puppetrunner]
path /run
auth any
allow noc01.cloud.aws
thanks
-ls
On Sep 10, 3:13 am, matonb <brett.ma...@googlemail.com>
wrote:> Hi Dou ZQ,
>
> I added the puppetmaster hostname to the path / section:
>
> path /
> allow <puppetmaster>
> auth any
>
> Probably not the most secure option, but solved my problems.
>
> Brett
>
> On Sep 10, 3:25 am, Dou ZQ <douzl0...@gmail.com> wrote:
>
> > Hi,
> > What you add in the auth.conf? The hostname of puppetmaster or others?
> > I got the sameerrorand didn''t know how to resolve yet.
>
> > Thanks and expect your reply!
>
> > On Aug 24, 6:10 pm, matonb <brett.ma...@googlemail.com> wrote:
>
> > > Hi Patrick,
>
> > > I figured it out by adding --verbose when starting the client
> > > listener. Turns out I had to add the puppetmaster to auth.conf.
> > > I''m sure that it''s probably documented
somewhere. Be damned if I
> > > could find anything useful on "kick" though.
>
> > > Thanks, for your help all the same.
>
> > > On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com>
wrote:
>
> > > >Errormessages have changed slightly (not sure when though) I
didn''t
> > > > notice the Denying access before:
>
> > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access:
Forbidden request:
> > > > my_fqdn_puppetmaster(192.168.x.x) access to
/run/my_fqdn_host [save]
> > > >authenticated atline93
> > > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request:
> > > > my_fqdn_puppetmaster(192.168.x.x) access to
/run/my_fqdn_host [save]
> > > >authenticated atline93
>
> > > > just checked /etc/puppet/namespaceauth.conf on the client
node which
> > > > now only contains:
>
> > > > [puppetrunner]
> > > > allow *
> > > > [kick]
> > > > allow *
>
> > > > On Aug 24, 9:28 am, matonb
<brett.ma...@googlemail.com> wrote:
>
> > > > > Sigh,
>
> > > > > Still a no-go. I tried adding a [kick] section to
> > > > > namespaceauth.conf and then with one in puppet.conf.
> > > > > Niether worked, still getting the403forbidden
message....
>
> > > > > On Aug 23, 8:05 pm, matonb
<brett.ma...@googlemail.com> wrote:
>
> > > > > > I''ll give it ago in the morning, fingers
crossed :-)
>
> > > > > > On Aug 23, 5:26 pm, Patrick
<kc7...@gmail.com> wrote:
>
> > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote:
>
> > > > > > > > Hi Patrick,
>
> > > > > > > > The client and server are both version
2.6.0
> > > > > > > > I am runningpuppetrunas root on the
puppet master server.
> > > > > > > > And yes, a test run completes
successfully....
>
> > > > > > > > Thanks for your help,
> > > > > > > > Brett
>
> > > > > > > Puppet.conf had it''s section names
changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf
could have had it''s section names changed in 2.6.0. You might want to
add a section for "kick" and test it. This is just a shot in the dark
though because I''m running out of ideas.
>
> > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull
wrote:
>
> > > > > > > > Single Binary
>
> > > > > > > > Puppet is now available as a single
binary with sub-arguments for the
> > > > > > > > functions previously provided by the
seperate binaries (the existing
> > > > > > > > binaries remain for backwards
compatibility). This includes renaming
> > > > > > > > several Puppet functions to better fit
an overall model.
>
> > > > > > > > List of binary changes
>
> > > > > > > > puppetmasterd –> puppet master
> > > > > > > > puppetd –> puppet agent
> > > > > > > > puppet –> puppet apply
> > > > > > > > puppetca –> puppet cert
> > > > > > > > ralsh –> puppet resource
> > > > > > > >puppetrun–> puppet kick
> > > > > > > > puppetqd –> puppet queue
> > > > > > > > filebucket –> puppet filebucket
> > > > > > > > puppetdoc –> puppet doc
> > > > > > > > pi –> puppet describe
>
> > > > > > > > This also results in a change in the
puppet.conf configuration file.
> > > > > > > > The sections, previously things like
[puppetd], now should be renamed to
> > > > > > > > match the new binary names. So
[puppetd] becomes [agent]. You will be
> > > > > > > > prompted to do this when you start
Puppet with a log message for each
> > > > > > > > section that needs to be renamed. This
is merely a warning - existing
> > > > > > > > configuration file will work unchanged.
>
> > > > > > > > On Aug 23, 9:31 am, Patrick
<kc7...@gmail.com> wrote:
> > > > > > > >> Here are a couple more things:
> > > > > > > >> What version is your client?
> > > > > > > >> What version is your server?
> > > > > > > >> Make sure
you''rerunningpuppetrunas root.
> > > > > > > >> Make sure that running "puppetd
--test --verbose" as root on the client actually works.
>
> > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb
wrote:
>
> > > > > > > >>> Didn''t help
unfortunaltely. Still getting the sameerror(s)!
>
> > > > > > > >>> On Aug 20, 4:07 pm, Patrick
<kc7...@gmail.com> wrote:
> > > > > > > >>>> On Aug 20, 2010, at 6:05 AM,
matonb wrote:
>
> > > > > > > >>>>> I''m trying to
push client configurations from the puppetmaster instead
> > > > > > > >>>>> of having scheduled runs
on each client.
> > > > > > > >>>>> I thinkpuppetrunis what
I''m after but I can''t get it to work!
>
> > > > > > > >>>> Try replacing thelinein
puppetrunner with "allow *" and work back from there. If that
doesn''t work, try replacing everylinewith "allow *".
>
> > > > > > > > --
> > > > > > > > You received this message because you
are subscribed to the Google Groups "Puppet Users" group.
> > > > > > > > To post to this group, send email to
puppet-users@googlegroups.com.
> > > > > > > > To unsubscribe from this group, send
email to puppet-users+unsubscribe@googlegroups.com.
> > > > > > > > For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
maybe http://theforeman.org/projects/foreman/wiki/Puppetrun will help. Ohad On Sat, Oct 23, 2010 at 3:45 AM, Luc Suryo <lsuryo@gmail.com> wrote:> Can you please show the namespaceouth,conf file? I having the same > problem :( > > mine looks like this > > [puppetrunner] > path /run > auth any > allow noc01.cloud.aws > > > thanks > > -ls > > On Sep 10, 3:13 am, matonb <brett.ma...@googlemail.com> wrote: > > Hi Dou ZQ, > > > > I added the puppetmaster hostname to the path / section: > > > > path / > > allow <puppetmaster> > > auth any > > > > Probably not the most secure option, but solved my problems. > > > > Brett > > > > On Sep 10, 3:25 am, Dou ZQ <douzl0...@gmail.com> wrote: > > > > > Hi, > > > What you add in the auth.conf? The hostname of puppetmaster or others? > > > I got the sameerrorand didn''t know how to resolve yet. > > > > > Thanks and expect your reply! > > > > > On Aug 24, 6:10 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > > Hi Patrick, > > > > > > I figured it out by adding --verbose when starting the client > > > > listener. Turns out I had to add the puppetmaster to auth.conf. > > > > I''m sure that it''s probably documented somewhere. Be damned if I > > > > could find anything useful on "kick" though. > > > > > > Thanks, for your help all the same. > > > > > > On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > > >Errormessages have changed slightly (not sure when though) I didn''t > > > > > notice the Denying access before: > > > > > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden > request: > > > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host > [save] > > > > >authenticated atline93 > > > > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: > > > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host > [save] > > > > >authenticated atline93 > > > > > > > just checked /etc/puppet/namespaceauth.conf on the client node > which > > > > > now only contains: > > > > > > > [puppetrunner] > > > > > allow * > > > > > [kick] > > > > > allow * > > > > > > > On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > > > > Sigh, > > > > > > > > Still a no-go. I tried adding a [kick] section to > > > > > > namespaceauth.conf and then with one in puppet.conf. > > > > > > Niether worked, still getting the403forbidden message.... > > > > > > > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > > > > > I''ll give it ago in the morning, fingers crossed :-) > > > > > > > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > > > > > > > > Hi Patrick, > > > > > > > > > > > The client and server are both version 2.6.0 > > > > > > > > > I am runningpuppetrunas root on the puppet master server. > > > > > > > > > And yes, a test run completes successfully.... > > > > > > > > > > > Thanks for your help, > > > > > > > > > Brett > > > > > > > > > > Puppet.conf had it''s section names changed in 2.6.0 (see > below). I''m wondering if the namespaceauth.conf could have had it''s section > names changed in 2.6.0. You might want to add a section for "kick" and test > it. This is just a shot in the dark though because I''m running out of > ideas. > > > > > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > > > > > > > Single Binary > > > > > > > > > > > Puppet is now available as a single binary with > sub-arguments for the > > > > > > > > > functions previously provided by the seperate binaries (the > existing > > > > > > > > > binaries remain for backwards compatibility). This includes > renaming > > > > > > > > > several Puppet functions to better fit an overall model. > > > > > > > > > > > List of binary changes > > > > > > > > > > > puppetmasterd –> puppet master > > > > > > > > > puppetd –> puppet agent > > > > > > > > > puppet –> puppet apply > > > > > > > > > puppetca –> puppet cert > > > > > > > > > ralsh –> puppet resource > > > > > > > > >puppetrun–> puppet kick > > > > > > > > > puppetqd –> puppet queue > > > > > > > > > filebucket –> puppet filebucket > > > > > > > > > puppetdoc –> puppet doc > > > > > > > > > pi –> puppet describe > > > > > > > > > > > This also results in a change in the puppet.conf > configuration file. > > > > > > > > > The sections, previously things like [puppetd], now should > be renamed to > > > > > > > > > match the new binary names. So [puppetd] becomes [agent]. > You will be > > > > > > > > > prompted to do this when you start Puppet with a log > message for each > > > > > > > > > section that needs to be renamed. This is merely a warning > - existing > > > > > > > > > configuration file will work unchanged. > > > > > > > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > > > > > > > >> Here are a couple more things: > > > > > > > > >> What version is your client? > > > > > > > > >> What version is your server? > > > > > > > > >> Make sure you''rerunningpuppetrunas root. > > > > > > > > >> Make sure that running "puppetd --test --verbose" as root > on the client actually works. > > > > > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > > > > > > > >>> Didn''t help unfortunaltely. Still getting the > sameerror(s)! > > > > > > > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > > > > > > > > >>>>> I''m trying to push client configurations from the > puppetmaster instead > > > > > > > > >>>>> of having scheduled runs on each client. > > > > > > > > >>>>> I thinkpuppetrunis what I''m after but I can''t get it to > work! > > > > > > > > > > >>>> Try replacing thelinein puppetrunner with "allow *" and > work back from there. If that doesn''t work, try replacing everylinewith > "allow *". > > > > > > > > > > > -- > > > > > > > > > You received this message because you are subscribed to the > Google Groups "Puppet Users" group. > > > > > > > > > To post to this group, send email to > puppet-users@googlegroups.com. > > > > > > > > > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > > > > > > > > > For more options, visit this group athttp:// > groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
thanks, found the issue... had to use auto.conf , all working now -- Ls - " Remember.... No one travels faster than the speed of live " On Oct 23, 2010, at 5:05, Ohad Levy <ohadlevy@gmail.com> wrote:> maybe http://theforeman.org/projects/foreman/wiki/Puppetrun will help. > > Ohad > > On Sat, Oct 23, 2010 at 3:45 AM, Luc Suryo <lsuryo@gmail.com> wrote: > Can you please show the namespaceouth,conf file? I having the same > problem :( > > mine looks like this > > [puppetrunner] > path /run > auth any > allow noc01.cloud.aws > > > thanks > > -ls > > On Sep 10, 3:13 am, matonb <brett.ma...@googlemail.com> wrote: > > Hi Dou ZQ, > > > > I added the puppetmaster hostname to the path / section: > > > > path / > > allow <puppetmaster> > > auth any > > > > Probably not the most secure option, but solved my problems. > > > > Brett > > > > On Sep 10, 3:25 am, Dou ZQ <douzl0...@gmail.com> wrote: > > > > > Hi, > > > What you add in the auth.conf? The hostname of puppetmaster or others? > > > I got the sameerrorand didn''t know how to resolve yet. > > > > > Thanks and expect your reply! > > > > > On Aug 24, 6:10 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > > Hi Patrick, > > > > > > I figured it out by adding --verbose when starting the client > > > > listener. Turns out I had to add the puppetmaster to auth.conf. > > > > I''m sure that it''s probably documented somewhere. Be damned if I > > > > could find anything useful on "kick" though. > > > > > > Thanks, for your help all the same. > > > > > > On Aug 24, 9:37 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > > >Errormessages have changed slightly (not sure when though) I didn''t > > > > > notice the Denying access before: > > > > > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden request: > > > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > > > > >authenticated atline93 > > > > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: > > > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] > > > > >authenticated atline93 > > > > > > > just checked /etc/puppet/namespaceauth.conf on the client node which > > > > > now only contains: > > > > > > > [puppetrunner] > > > > > allow * > > > > > [kick] > > > > > allow * > > > > > > > On Aug 24, 9:28 am, matonb <brett.ma...@googlemail.com> wrote: > > > > > > > > Sigh, > > > > > > > > Still a no-go. I tried adding a [kick] section to > > > > > > namespaceauth.conf and then with one in puppet.conf. > > > > > > Niether worked, still getting the403forbidden message.... > > > > > > > > On Aug 23, 8:05 pm, matonb <brett.ma...@googlemail.com> wrote: > > > > > > > > > I''ll give it ago in the morning, fingers crossed :-) > > > > > > > > > On Aug 23, 5:26 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: > > > > > > > > > > > Hi Patrick, > > > > > > > > > > > The client and server are both version 2.6.0 > > > > > > > > > I am runningpuppetrunas root on the puppet master server. > > > > > > > > > And yes, a test run completes successfully.... > > > > > > > > > > > Thanks for your help, > > > > > > > > > Brett > > > > > > > > > > Puppet.conf had it''s section names changed in 2.6.0 (see below). I''m wondering if the namespaceauth.conf could have had it''s section names changed in 2.6.0. You might want to add a section for "kick" and test it. This is just a shot in the dark though because I''m running out of ideas. > > > > > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: > > > > > > > > > > > Single Binary > > > > > > > > > > > Puppet is now available as a single binary with sub-arguments for the > > > > > > > > > functions previously provided by the seperate binaries (the existing > > > > > > > > > binaries remain for backwards compatibility). This includes renaming > > > > > > > > > several Puppet functions to better fit an overall model. > > > > > > > > > > > List of binary changes > > > > > > > > > > > puppetmasterd –> puppet master > > > > > > > > > puppetd –> puppet agent > > > > > > > > > puppet –> puppet apply > > > > > > > > > puppetca –> puppet cert > > > > > > > > > ralsh –> puppet resource > > > > > > > > >puppetrun–> puppet kick > > > > > > > > > puppetqd –> puppet queue > > > > > > > > > filebucket –> puppet filebucket > > > > > > > > > puppetdoc –> puppet doc > > > > > > > > > pi –> puppet describe > > > > > > > > > > > This also results in a change in the puppet.conf configuration file. > > > > > > > > > The sections, previously things like [puppetd], now should be renamed to > > > > > > > > > match the new binary names. So [puppetd] becomes [agent]. You will be > > > > > > > > > prompted to do this when you start Puppet with a log message for each > > > > > > > > > section that needs to be renamed. This is merely a warning - existing > > > > > > > > > configuration file will work unchanged. > > > > > > > > > > > On Aug 23, 9:31 am, Patrick <kc7...@gmail.com> wrote: > > > > > > > > >> Here are a couple more things: > > > > > > > > >> What version is your client? > > > > > > > > >> What version is your server? > > > > > > > > >> Make sure you''rerunningpuppetrunas root. > > > > > > > > >> Make sure that running "puppetd --test --verbose" as root on the client actually works. > > > > > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: > > > > > > > > > > >>> Didn''t help unfortunaltely. Still getting the sameerror(s)! > > > > > > > > > > >>> On Aug 20, 4:07 pm, Patrick <kc7...@gmail.com> wrote: > > > > > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: > > > > > > > > > > >>>>> I''m trying to push client configurations from the puppetmaster instead > > > > > > > > >>>>> of having scheduled runs on each client. > > > > > > > > >>>>> I thinkpuppetrunis what I''m after but I can''t get it to work! > > > > > > > > > > >>>> Try replacing thelinein puppetrunner with "allow *" and work back from there. If that doesn''t work, try replacing everylinewith "allow *". > > > > > > > > > > > -- > > > > > > > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > > > > > > > To post to this group, send email to puppet-users@googlegroups.com. > > > > > > > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > > > > > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Harri Savolainen
2012-Sep-03 15:00 UTC
Re: [Puppet Users] Re: puppetrun failing with Error 403?
I know this will resurrect very old thread, but this was very useful comment. It eventually lead to working solution. However, I was not enough (with puppet v.2.6.17). I still got 403. I added "auth any", resulting the following end of auth.conf file: __ ... path /run/ auth any method save allow <fqdn of puppet serrer as 403 in error message> ie. puppet.example.com # this one is not strictly necessary... # to show the default policy... path / auth any __ (notice the I added the lines just _above_ the last lines). With that configuration puppet kick is working now. Hope this helps somebody. cheers, Harri On Friday, September 10, 2010 1:20:35 PM UTC+3, alcy wrote:> > path /run > method save > allow your.master.com > > >> >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/lgdXOGSV84oJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.