Issue #16765 has been updated by eric sorenson.
Status changed from Unreviewed to Needs More Information
Assignee set to Banio Carpenter
Affected Puppet version set to 3.0.0
Hi Banio, I'm sorry I forgot to call this out in my release notes mail. I have
updated them to reflect the change. If you are upgrading from an earlier
version you need to add the following stanza to the *TOP* of your auth.conf
file:
<pre>
# allow nodes to retrieve their own node definition
path ~ ^/node/([^/]+)$
method find
allow $1
</pre>
Please give that a try and let me know if it works.
----------------------------------------
Bug #16765: Unable to fetch my node definition error in puppet 3.0.0
https://projects.puppetlabs.com/issues/16765#change-72485
Author: Banio Carpenter
Status: Needs More Information
Priority: Normal
Assignee: Banio Carpenter
Category:
Target version:
Affected Puppet version: 3.0.0
Keywords:
Branch:
All servers are running CentOS 6.3
puppetmaster:
# puppet --version
3.0.0
# ruby --version
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
# facter --version
1.6.12
puppet client with problem:
# puppet --version
3.0.0
# ruby --version
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
# facter --version
1.6.12
puppet client without problem:
# puppet --version
2.7.19
# ruby --version
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
# facter --version
1.6.12
I just upgraded my puppetmaster and one client from puppet 2.7.19 to puppet
3.0.0
When I run the client with 3.0 installed i get this:
# puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will
continue:
Warning: Error 403 on SERVER: Forbidden request:
stg.mydomain.com(10.31.195.35) access to /node/stg.mydomain.com [find]
authenticated at :93
Info: Retrieving plugin
Info: Caching catalog for stg.mydomain.com
Info: Applying configuration version '1349294187'
...
Finished catalog run in 6.84 seconds
The catalog still gets run, but I get that error. On my clients running 2.7.19
no error. I'm using the default auth.conf on both:
puppetmaster auth.conf:
path ~ ^/catalog/([^/]+)$
method find
allow $1
path /certificate_revocation_list/ca
method find
allow *
path /report
method save
allow *
path /file
allow *
path /certificate/ca
auth no
method find
allow *
path /certificate/
auth no
method find
allow *
path /certificate_request
auth no
method find, save
allow *
path /
auth any
problem puppetclient auth.conf:
path ~ ^/catalog/([^/]+)$
method find
allow $1
path ~ ^/node/([^/]+)$
method find
allow $1
path /certificate_revocation_list/ca
method find
allow *
path /report
method save
allow *
path /file
allow *
path /certificate/ca
auth any
method find
allow *
path /certificate/
auth any
method find
allow *
path /certificate_request
auth any
method find, save
allow *
path /
auth any
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
