In both cases puppetmasterd is run as the puppet user, at least according to ps.
--- Thanks, Allan Marcus 505-667-5666 On Sep 25, 2009, at 4:38 AM, Silviu Paragina wrote: > > Allan Marcus wrote: >> Ug. >> >> does anyone have any idea why my clients can connect just fine when >> using webrick but cannot when using passenger? this only happens with >> puppetmasterd 0.25.x. When the client tries to connect I see: >> >> puppetmasterd[3485] <Notice>: Starting Puppet server version 0.25.1 >> puppetmasterd[3485] <Warning>: Denying access: Forbidden request: >> marcusmini-a.lanl.gov(128.165.129.167) access to /file_metadata/ >> facts \ >> [search\] at line 0 >> puppetmasterd[3485] <Error>: Forbidden request: marcusmini- >> a.lanl.gov(128.165.129.167) access to /file_metadata/facts \[search\] >> at line 0 >> puppetmasterd[3485] <Warning>: Denying access: Forbidden request: >> marcusmini-a.lanl.gov(128.165.129.167) access to /file_metadata/ >> facts \ >> [find\] at line 0 >> puppetmasterd[3485] <Error>: Forbidden request: marcusmini- >> a.lanl.gov(128.165.129.167) access to /file_metadata/facts \[find\] >> at >> line 0 >> puppetmasterd[3485] <Warning>: Denying access: Forbidden request: >> marcusmini-a.lanl.gov(128.165.129.167) access to /catalog/marcusmini- >> a.lanl.gov \[find\] at line 0 >> puppetmasterd[3485] <Error>: Forbidden request: marcusmini- >> a.lanl.gov(128.165.129.167) access to /catalog/marcusmini- >> a.lanl.gov \ >> [find\] at line 0 >> puppetmasterd[3485] <Warning>: Denying access: Forbidden request: >> marcusmini-a.lanl.gov(128.165.129.167) access to /file_metadata/ >> dlanlbaseline/getDefsDate.sh \[find\] at line 0 >> puppetmasterd[3485] <Error>: Forbidden request: marcusmini- >> a.lanl.gov(128.165.129.167) access to /file_metadata/dlanlbaseline/ >> getDefsDate.sh \[find\] at line 0 >> >> If I use the sample auth.conf file and set >> auth no >> allow * >> everything works, but I'm pretty sure that is not a good idea. Since >> it all works when using webrick and doesn't work when using >> passenger, >> could the issue be that passenger is not passing the clients certs to >> puppetmasterd, and therefore puppetmasterd is thinking the client in >> unauthenticated? >> >> >> --- >> Thanks, >> >> Allan Marcus >> 505-667-5666 >> >> >> >> On Sep 24, 2009, at 10:13 AM, Allan Marcus wrote: >> >> >>> Hello, >>> >>> When I run puppetmasterd (0.25.1.rc1) with webrick, it works fine >>> and >>> my test client and connect and do everything it needs to do. >>> >>> When I run pappetmasterd with passenger (2.2.2) I see the following >>> error in the log: >>> >>> Thu Sep 24 10:09:43 puppet-dev puppetmasterd[732] <Notice>: Denying >>> unauthenticated client marcusmini-a.lanl.gov(<ip removed>) access to >>> fileserver.list >>> >>> there are a number of related errors all seemingly stemming from >>> this >>> authentication error. >>> >>> Any ideas? Any more info that could help? >>> >>> --- >>> Thanks, >>> >>> Allan Marcus >>> 505-667-5666 >>> >>> >>> >>> >>> >> >> >>> >> > You might be running puppet master under a different user or the > puppet > master certificate changed because puppet thinks it has a different > name. Other than that I have no ideea. :-? > > > Silviu > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
