So based on this doc change I assume it's been verified that we don't need the namespaceauth.conf file anymore? If that's the case, then ticket #4388 can be moved from "needs decision" to accepted, right?
On Mon, Apr 18, 2011 at 4:54 PM, nfagerlund <[email protected]> wrote: > Puppet kick's help referred only to the outdated authconfig > (namespaceauth.conf) file, rather than > the modern rest_authconfig (auth.conf). > > Signed-off-by: nfagerlund <[email protected]> > --- > Local-branch: ticket/2.7.x/7108 > lib/puppet/application/kick.rb | 35 ++++++++++------------------------- > 1 files changed, 10 insertions(+), 25 deletions(-) > > diff --git a/lib/puppet/application/kick.rb b/lib/puppet/application/kick.rb > index 5366994..4f3ed18 100644 > --- a/lib/puppet/application/kick.rb > +++ b/lib/puppet/application/kick.rb > @@ -76,31 +76,16 @@ copy things like LDAP settings. > > USAGE NOTES > ----------- > -'puppet kick' is useless unless 'puppet agent' is listening. See its > -documentation for more information, but the gist is that you must enable > -'listen' on the 'puppet agent' daemon, either using '--listen' on the > -command line or adding 'listen = true' in its config file. In addition, > -you need to set the daemons up to specifically allow connections by > -creating the 'namespaceauth' file, normally at > -'/etc/puppet/namespaceauth.conf'. This file specifies who has access to > -each namespace; if you create the file you must add every namespace you > -want any Puppet daemon to allow -- it is currently global to all Puppet > -daemons. > - > -An example file looks like this: > - > - [fileserver] > - allow *.madstop.com > - > - [puppetmaster] > - allow *.madstop.com > - > - [puppetrunner] > - allow culain.madstop.com > - > -This is what you would install on your Puppet master; non-master hosts > -could leave off the 'fileserver' and 'puppetmaster' namespaces. > - > +Puppet kick is useless unless puppet agent is listening for incoming > +connections and allowing access to the `run` endpoint. This entails > +starting the agent with `listen = true` in its puppet.conf file, and > +allowing access to the `/run` path in its auth.conf file; see > +`http://docs.puppetlabs.com/guides/rest_auth_conf.html` for more > +details. > + > +Additionally, due to a known bug, you must make sure a > +namespaceauth.conf file exists in puppet agent's $confdir. This file > +will not be consulted, and may be left empty. > > OPTIONS > ------- > -- > 1.7.3.3 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
