Issue #1379 has been updated by lludwig.
luke wrote: > It shouldn't have anything to do with DNS, and if it does, that's the bug. > > Are you using Mongrel or Webrick? If Mongrel, are you sure you've got your > SSL variables set up correctly? This did it also with webrick prior to me changing to mongrel. I just started investigating this issue last week, hence why I'm reporting it. What specific SSL variables are you referring to and in which application? It works with the normal communication with puppetmaster->puppetd Looks like the Mongrel code for extracting host info will resort to DNS if there's no ssl_client_header present, but if that's not present, then the host should never be considered authenticated. > > And nothing should be special about puppetrun, except that it's the only > executable that directly contacts the clients. ---------------------------------------- Bug #1379: puppetrun/puppetd with private network http://reductivelabs.com/redmine/issues/show/1379 Author: lludwig Status: Needs more information Priority: Low Assigned to: Category: Target version: Keywords: puppetrun puppetmaster puppetd private network Complexity: Unknown Patch: None Affected version: 0.24.4 If using a two networks (one public facing, the other private) on both the puppetmaster and puppetd, puppetrun appears to run on the second specified network but the puppetd gives this odd error. puppetd[10522]: Denying authenticated client puppet.network.net(192.168.15.2) access to puppetrunner.run It should show puppet.private.network.net (reverse and forward dns work properly) Config info. namespaceauth.conf (on puppetd) [puppetrunner] allow puppet.private.network.net puppet.conf (on puppetmaster) [puppetmasterd] bindaddress=192.168.15.2 certname=puppet.private.network.net The work around is to either specify the public facing name, or just use IP address (which is safer). I don't have this issue occur with any other puppet item, so I assume it's something to do specifically with puppetrun. Oh also puppetrun is running on puppetmaster as root user (so it's accessing the certs like puppetmaster does) ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
