path / auth yes allow * is OK, too.
2010/9/10 mohit chawla <[email protected]> > path /run > method save > allow your.master.com > > > On Fri, Sep 10, 2010 at 3:43 PM, matonb <[email protected]>wrote: > >> Hi Dou ZQ, >> >> I added the puppetmaster hostname to the path / section: >> >> path / >> allow <puppetmaster> >> auth any >> >> Probably not the most secure option, but solved my problems. >> >> Brett >> >> On Sep 10, 3:25 am, Dou ZQ <[email protected]> wrote: >> > Hi, >> > What you add in the auth.conf? The hostname of puppetmaster or others? >> > I got the same error and didn't know how to resolve yet. >> > >> > Thanks and expect your reply! >> > >> > On Aug 24, 6:10 pm, matonb <[email protected]> wrote: >> > >> > > Hi Patrick, >> > >> > > I figured it out by adding --verbose when starting the client >> > > listener. Turns out I had to add the puppetmaster to auth.conf. >> > > I'm sure that it's probably documented somewhere. Be damned if I >> > > could find anything useful on "kick" though. >> > >> > > Thanks, for your help all the same. >> > >> > > On Aug 24, 9:37 am, matonb <[email protected]> wrote: >> > >> > > > Error messages have changed slightly (not sure when though) I didn't >> > > > notice the Denying access before: >> > >> > > > Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden >> request: >> > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] >> > > >authenticated atline93 >> > > > Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: >> > > > my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] >> > > >authenticated atline93 >> > >> > > > just checked /etc/puppet/namespaceauth.conf on the client node which >> > > > now only contains: >> > >> > > > [puppetrunner] >> > > > allow * >> > > > [kick] >> > > > allow * >> > >> > > > On Aug 24, 9:28 am, matonb <[email protected]> wrote: >> > >> > > > > Sigh, >> > >> > > > > Still a no-go. I tried adding a [kick] section to >> > > > > namespaceauth.conf and then with one in puppet.conf. >> > > > > Niether worked, still getting the403forbidden message.... >> > >> > > > > On Aug 23, 8:05 pm, matonb <[email protected]> wrote: >> > >> > > > > > I'll give it ago in the morning, fingers crossed :-) >> > >> > > > > > On Aug 23, 5:26 pm, Patrick <[email protected]> wrote: >> > >> > > > > > > On Aug 23, 2010, at 2:10 AM, matonb wrote: >> > >> > > > > > > > Hi Patrick, >> > >> > > > > > > > The client and server are both version 2.6.0 >> > > > > > > > I am running puppetrun as root on the puppet master server. >> > > > > > > > And yes, a test run completes successfully.... >> > >> > > > > > > > Thanks for your help, >> > > > > > > > Brett >> > >> > > > > > > Puppet.conf had it's section names changed in 2.6.0 (see >> below). I'm wondering if the namespaceauth.conf could have had it's section >> names changed in 2.6.0. You might want to add a section for "kick" and test >> it. This is just a shot in the dark though because I'm running out of >> ideas. >> > >> > > > > > > On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: >> > >> > > > > > > > Single Binary >> > >> > > > > > > > Puppet is now available as a single binary with >> sub-arguments for the >> > > > > > > > functions previously provided by the seperate binaries (the >> existing >> > > > > > > > binaries remain for backwards compatibility). This includes >> renaming >> > > > > > > > several Puppet functions to better fit an overall model. >> > >> > > > > > > > List of binary changes >> > >> > > > > > > > puppetmasterd –> puppet master >> > > > > > > > puppetd –> puppet agent >> > > > > > > > puppet –> puppet apply >> > > > > > > > puppetca –> puppet cert >> > > > > > > > ralsh –> puppet resource >> > > > > > > > puppetrun –> puppet kick >> > > > > > > > puppetqd –> puppet queue >> > > > > > > > filebucket –> puppet filebucket >> > > > > > > > puppetdoc –> puppet doc >> > > > > > > > pi –> puppet describe >> > >> > > > > > > > This also results in a change in the puppet.conf >> configuration file. >> > > > > > > > The sections, previously things like [puppetd], now should >> be renamed to >> > > > > > > > match the new binary names. So [puppetd] becomes [agent]. >> You will be >> > > > > > > > prompted to do this when you start Puppet with a log message >> for each >> > > > > > > > section that needs to be renamed. This is merely a warning >> - existing >> > > > > > > > configuration file will work unchanged. >> > >> > > > > > > > On Aug 23, 9:31 am, Patrick <[email protected]> wrote: >> > > > > > > >> Here are a couple more things: >> > > > > > > >> What version is your client? >> > > > > > > >> What version is your server? >> > > > > > > >> Make sure you're running puppetrun as root. >> > > > > > > >> Make sure that running "puppetd --test --verbose" as root >> on the client actually works. >> > >> > > > > > > >> On Aug 23, 2010, at 12:53 AM, matonb wrote: >> > >> > > > > > > >>> Didn't help unfortunaltely. Still getting the same >> error(s)! >> > >> > > > > > > >>> On Aug 20, 4:07 pm, Patrick <[email protected]> wrote: >> > > > > > > >>>> On Aug 20, 2010, at 6:05 AM, matonb wrote: >> > >> > > > > > > >>>>> I'm trying to push client configurations from the >> puppetmaster instead >> > > > > > > >>>>> of having scheduled runs on each client. >> > > > > > > >>>>> I think puppetrun is what I'm after but I can't get it >> to work! >> > >> > > > > > > >>>> Try replacing thelinein puppetrunner with "allow *" and >> work back from there. If that doesn't work, try replacing everylinewith >> "allow *". >> > >> > > > > > > > -- >> > > > > > > > You received this message because you are subscribed to the >> Google Groups "Puppet Users" group. >> > > > > > > > To post to this group, send email to >> [email protected]. >> > > > > > > > To unsubscribe from this group, send email to >> [email protected]<puppet-users%[email protected]> >> . >> > > > > > > > For more options, visit this group athttp:// >> groups.google.com/group/puppet-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<puppet-users%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
