Hi, What's the client version ?
On Mon, Oct 18, 2010 at 9:36 PM, mar...@fearless.nl <mar...@fearless.nl>wrote: > Hi All, > > first off, i'm new to puppet. I've started playing with it for a few > days now and it seems to be perfectly matching my needs. > > I've created two labs, one at home (working) and one in the office > (not working). > Now as you can gather, i would like some help on find the reason the > the office-lab not to work. > > The puppetmaster works as expected, starts good and without issue. > > Starting it in debug mode says : > > r...@master:/etc/puppet# puppetmasterd --no-daemonize -d -v > debug: Failed to load library 'selinux' for feature 'selinux' > debug: Failed to load library 'ldap' for feature 'ldap' > debug: Puppet::Type::User::ProviderLdap: feature ldap is missing > debug: Puppet::Type::User::ProviderPw: file pw does not exist > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does > not exist > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ > dscl does not exist > debug: /File[/var/puppet/yaml]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/ > puppet/ssl/certs] > debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet] > debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet] > debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ > ssl] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/public_keys/master.pem]: Autorequiring > File[/etc/puppet/ssl/public_keys] > debug: /File[/var/puppet/log/masterhttp.log]: Autorequiring File[/var/ > puppet/log] > debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ > ssl] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ > ssl] > debug: /File[/var/puppet/rrd]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/puppet/bucket]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/auth.conf]: Autorequiring File[/etc/puppet] > debug: /File[/var/puppet/reports]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/manifests/site.pp]: Autorequiring File[/etc/ > puppet/manifests] > debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet] > debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet] > debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/ > puppet] > debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/certs/master.pem]: Autorequiring File[/ > etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/ > puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/ > puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys/master.pem]: Autorequiring > File[/etc/puppet/ssl/private_keys] > debug: /File[/var/run/puppetmasterd.pid]: Autorequiring File[/var/run] > debug: Finishing transaction -610961228 with 0 changes > debug: /File[/etc/puppet/ssl/ca/private]: Autorequiring File[/etc/ > puppet/ssl/ca] > debug: /File[/etc/puppet/ssl/ca/serial]: Autorequiring File[/etc/ > puppet/ssl/ca] > debug: /File[/etc/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/ > etc/puppet/ssl/ca/private] > debug: /File[/etc/puppet/ssl/ca/requests]: Autorequiring File[/etc/ > puppet/ssl/ca] > debug: /File[/etc/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/etc/ > puppet/ssl/ca] > debug: /File[/etc/puppet/ssl/ca/ca_crt.pem]: Autorequiring File[/etc/ > puppet/ssl/ca] > debug: /File[/etc/puppet/ssl/ca/inventory.txt]: Autorequiring File[/ > etc/puppet/ssl/ca] > debug: /File[/etc/puppet/ssl/ca/ca_key.pem]: Autorequiring File[/etc/ > puppet/ssl/ca] > debug: /File[/etc/puppet/ssl/ca/signed]: Autorequiring File[/etc/ > puppet/ssl/ca] > debug: /File[/etc/puppet/ssl/ca/ca_pub.pem]: Autorequiring File[/etc/ > puppet/ssl/ca] > debug: Finishing transaction -611217558 with 0 changes > debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50 > UTC 2015 > debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50 > UTC 2015 > debug: Using cached certificate for master, good until Fri Oct 16 > 14:58:50 UTC 2015 > notice: Starting Puppet server version 0.25.4 > > Which seems good to me. > > Now when i start a client, this happens : > > r...@ubuntu:~# puppetd --no-daemonize --verbose --server master --fqdn > ubuntu.lab --waitforcert 60 -o > err: Could not retrieve catalog from remote server: Error 403 on > SERVER: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/ > ubuntu.lab [find] at line 93 > notice: using cached catalog > erro: Could not retrieve catalog; skipping run > > The master says the following : > > info: access[^/catalog/([^/]+)$]: allowing 'method' find > info: access[^/catalog/([^/]+)$]: allowing $1 access > info: access[/certificate_revocation_list/ca]: allowing 'method' find > info: access[/certificate_revocation_list/ca]: allowing * access > info: access[/report]: allowing 'method' save > info: access[/report]: allowing * access > info: access[/file]: allowing * access > info: access[/certificate/ca]: adding authentication no > info: access[/certificate/ca]: allowing 'method' find > info: access[/certificate/ca]: allowing * access > info: access[/certificate/]: adding authentication no > info: access[/certificate/]: allowing 'method' find > info: access[/certificate/]: allowing * access > info: access[/certificate_request]: adding authentication no > info: access[/certificate_request]: allowing 'method' find > info: access[/certificate_request]: allowing 'method' save > info: access[/certificate_request]: allowing * access > info: access[/]: adding authentication any > info: access[/]: defaulting to no access for ubuntu.lab > warning: Denying access: Forbidden request: ubuntu.lab(10.31.18.31) > access to /catalog/ubuntu.lab [find] at line 93 > err: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/ > ubuntu.lab [find] at line 93 > > My config files are > > master puppet.conf > > [puppetmasterd] > report_port = 8140 > ca_port = 8140 > puppetdlockfile = /var/puppet/state/puppetdlock > localconfig = /var/puppet/state/localconfig > classfile = /var/puppet/state/classes.txt > reportserver = master.lab > statefile = /var/puppet/state/state.yaml > clientbucketdir = /var/puppet/clientbucket > puppetdlog = /var/puppet/log/puppetd.log > report_server = master.lab > # noop = false > graphdir = /var/puppet/state/graphs > ca_server = master.lab > # preferred_serialization_format = pson > # ignorecache = false > splaylimit = 1800 > clientyamldir = /var/puppet/client_yaml > # configtimeout = 120 > csrdir = /etc/puppet/ssl/ca/requests > serial = /etc/puppet/ssl/ca/serial > # ca_ttl = 5y > # keylength = 1024 > cacert = /etc/puppet/ssl/ca/ca_crt.pem > cacrl = /etc/puppet/ssl/ca/ca_crl.pem > signeddir = /etc/puppet/ssl/ca/signed > autosign = /etc/puppet/autosign.conf > # ca_md = md5 > cert_inventory = /etc/puppet/ssl/ca/inventory.txt > cakey = /etc/puppet/ssl/ca/ca_key.pem > caprivatedir = /etc/puppet/ssl/ca/private > capass = /etc/puppet/ssl/ca/private/ca.pass > # ca_days = > # req_bits = 2048 > cadir = /etc/puppet/ssl/ca > capub = /etc/puppet/ssl/ca/ca_pub.pem > # node_terminus = plain > publickeydir = /etc/puppet/ssl/public_keys > # http_proxy_port = 3128 > plugindest = /var/puppet/lib > # color = ansi > privatedir = /etc/puppet/ssl/private > # queue_source = stomp://localhost:61613/ > # pluginsignore = .svn CVS .git > hostcert = /etc/puppet/ssl/certs/master.lab.pem > confdir = /etc/puppet > # thin_storeconfigs = false > factsource = puppet://master.lab/facts/ > localcacert = /etc/puppet/ssl/certs/ca.pem > logdir = /var/puppet/log > # filetimeout = 15 > # path = none > # prerun_command = > genconfig = false > # casesensitive = false > # genmanifest = false > # diff_args = -u > certdir = /etc/puppet/ssl/certs > httplog = /var/puppet/log/http.log > # syslogfacility = daemon > name = puppetmasterd > requestdir = /etc/puppet/ssl/certificate_requests > # mkusers = false > # http_enable_post_connection_check = true > pluginsource = puppet://master.lab/plugins > passfile = /etc/puppet/ssl/private/password > # async_storeconfigs = false > # maximum_uid = 4294967290 > # trace = false > factpath = /var/puppet/facts/ > environment = production > hostprivkey = /etc/puppet/ssl/private_keys/master.lab.pem > vardir = /var/puppet > # config_version = > # factsync = false > libdir = /var/puppet/lib > hostcrl = /etc/puppet/ssl/crl.pem > rundir = /var/run > # postrun_command = > # diff = diff > daemonize = true > # ignoreimport = false > # external_nodes = none > certname = master.lab > # show_diff = false > ssldir = /etc/puppet/ssl > # http_proxy_host = none > privatekeydir = /etc/puppet/ssl/private_keys > # autoflush = false > # queue_type = stomp > # pluginsync = false > hostcsr = /etc/puppet/ssl/csr_master.lab.pem > factdest = /var/puppet/facts/ > # configprint = > hostpubkey = /etc/puppet/ssl/public_keys/master.lab.pem > # zlib = true > # manage_internal_file_permissions = true > # factsignore = .svn CVS > statedir = /var/puppet/state > authconfig = /etc/puppet/namespaceauth.conf > # certdnsnames = > # ldapserver = ldap > # ldapclassattrs = puppetclass > # ldapparentattr = parentnode > # ldapbase = > # ldapssl = false > # ldapport = 389 > # ldapstackedattrs = puppetvar > # ldapuser = > # ldaptls = false > # ldapstring = (&(objectclass=puppetClient)(cn=%s)) > # ldapattrs = all > # ldappassword = > # ldapnodes = false > bucketdir = /var/puppet/bucket > # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY > reportdir = /var/puppet/reports > rrdinterval = 1800 > modulepath = /etc/puppet/modules:/usr/share/puppet/modules > bindaddress = 10.31.18.30 > # parseonly = false > manifest = /etc/puppet/manifests/site.pp > group = puppet > masterport = 8140 > rest_authconfig = /etc/puppet/auth.conf > yamldir = /var/puppet/yaml > # storeconfigs = false > fileserverconfig = /etc/puppet/fileserver.conf > # strict_hostname_checking = false > # servertype = webrick > masterlog = /var/puppet/log/puppetmaster.log > # node_name = cert > # code = > # ssl_client_header = HTTP_X_CLIENT_DN > # reports = store > user = puppet > config = /etc/puppet/puppet.conf > rrddir = /var/puppet/rrd > pidfile = /var/run/puppetmasterd.pid > manifestdir = /etc/puppet/manifests > ca = true > masterhttplog = /var/puppet/log/masterhttp.log > # dbmigrate = false > # dbuser = puppet > railslog = /var/puppet/log/rails.log > dblocation = /var/puppet/state/clientconfigs.sqlite3 > # dbname = puppet > # dbpassword = puppet > # rails_loglevel = info > # dbadapter = sqlite3 > # dbserver = localhost > # dbsocket = > # summarize = false > # tags = > # evaltrace = false > # lexical = false > # typecheck = true > templatedir = /var/puppet/templates > # paramcheck = true > # reportfrom = rep...@master.lab > tagmap = /etc/puppet/tagmail.conf > #smtpserver = > # sendmail = /usr/sbin/sendmail > > my client config puppet.conf > > [puppetd] > # ldappassword = > # ldapnodes = false > # ldapserver = ldap > # ldapclassattrs = puppetclass > # ldapparentattr = parentnode > # ldapbase = > # ldapssl = false > # ldapport = 389 > # ldapstackedattrs = puppetvar > # ldapuser = > # ldaptls = false > # ldapstring = (&(objectclass=puppetClient)(cn=%s)) > # ldapattrs = all > factdest = /var/puppet/facts/ > hostprivkey = /etc/puppet/ssl/private_keys/ubuntu.lab.pem > # autoflush = false > # factsignore = .svn CVS > hostcrl = /etc/puppet/ssl/crl.pem > confdir = /etc/puppet > # configprint = > environment = production > # zlib = true > logdir = /var/puppet/log > ssldir = /etc/puppet/ssl > # path = none > # node_terminus = plain > plugindest = /var/puppet/lib > privatekeydir = /etc/puppet/ssl/private_keys > # http_proxy_port = 3128 > # pluginsignore = .svn CVS .git > hostcsr = /etc/puppet/ssl/csr_ubuntu.lab.pem > # queue_source = stomp://localhost:61613/ > factsource = puppet://master.lab/facts/ > # color = ansi > hostpubkey = /etc/puppet/ssl/public_keys/ubuntu.lab.pem > name = puppetd > vardir = /var/puppet > # filetimeout = 15 > # casesensitive = false > certname = ubuntu.lab > # prerun_command = > rundir = /var/puppet/run > genconfig = false > # certdnsnames = > # diff = diff > # ignoreimport = false > authconfig = /etc/puppet/namespaceauth.conf > publickeydir = /etc/puppet/ssl/public_keys > httplog = /var/puppet/log/http.log > pluginsource = puppet://master.lab/plugins > # trace = false > privatedir = /etc/puppet/ssl/private > # http_enable_post_connection_check = true > syslogfacility = daemon > factpath = /var/puppet/facts/ > hostcert = /etc/puppet/ssl/certs/ubuntu.lab.pem > # async_storeconfigs = false > # factsync = false > localcacert = /etc/puppet/ssl/certs/ca.pem > # config_version = > # maximum_uid = 4294967290 > # show_diff = false > libdir = /var/puppet/lib > # external_nodes = none > # postrun_command = > # manage_internal_file_permissions = true > statedir = /var/puppet/state > daemonize = true > certdir = /etc/puppet/ssl/certs > # genmanifest = false > # diff_args = -u > requestdir = /etc/puppet/ssl/certificate_requests > # http_proxy_host = none > # pluginsync = false > passfile = /etc/puppet/ssl/private/password > # mkusers = false > # queue_type = stomp > yamldir = /var/puppet/yaml > # storeconfigs = false > fileserverconfig = /etc/puppet/fileserver.conf > # strict_hostname_checking = false > manifestdir = /etc/puppet/manifests > masterhttplog = /var/puppet/log/masterhttp.log > # node_name = cert > # ssl_client_header = HTTP_X_CLIENT_DN > # group = puppet > # reports = store > rrddir = /var/puppet/rrd > modulepath = /etc/puppet/modules:/usr/share/puppet/modules > # ca = true > manifest = /etc/puppet/manifests/site.pp > # masterport = 8140 > bucketdir = /var/puppet/bucket > # code = > # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY > # user = puppet > reportdir = /var/puppet/reports > rrdinterval = 1800 > masterlog = /var/puppet/log/puppetmaster.log > # parseonly = false > rest_authconfig = /etc/puppet/auth.conf > # evaltrace = false > # summarize = false > # tags = > # ignorecache = false > splaylimit = 1800 > # bindaddress = > # configtimeout = 120 > clientyamldir = /var/puppet/client_yaml > report_port = 8140 > # ignoreschedules = false > ca_port = 8140 > puppetdlockfile = /var/puppet/state/puppetdlock > # downcasefacts = false > # noop = false > config = /etc/puppet/puppet.conf > # splay = false > # servertype = webrick > localconfig = /var/puppet/state/localconfig > reportserver = master.lab > classfile = /var/puppet/state/classes.txt > # graph = false > server = master.lab > # listen = false > # runinterval = 1800 > # catalog_format = > # usecacheonfailure = true > # dynamicfacts = memorysize,memoryfree,swapsize,swapfree > pidfile = /var/puppet/run/puppetd.pid > clientbucketdir = /var/puppet/clientbucket > statefile = /var/puppet/state/state.yaml > report_server = master.lab > puppetdlog = /var/puppet/log/puppetd.log > graphdir = /var/puppet/state/graphs > ca_server = master.lab > # report = false > puppetport = 8139 > # preferred_serialization_format = pson > # keylength = 1024 > cacert = /etc/puppet/ssl/ca/ca_crt.pem > cacrl = /etc/puppet/ssl/ca/ca_crl.pem > signeddir = /etc/puppet/ssl/ca/signed > autosign = /etc/puppet/autosign.conf > # ca_md = md5 > cert_inventory = /etc/puppet/ssl/ca/inventory.txt > cakey = /etc/puppet/ssl/ca/ca_key.pem > caprivatedir = /etc/puppet/ssl/ca/private > capass = /etc/puppet/ssl/ca/private/ca.pass > # ca_days = > # req_bits = 2048 > cadir = /etc/puppet/ssl/ca > capub = /etc/puppet/ssl/ca/ca_pub.pem > csrdir = /etc/puppet/ssl/ca/requests > serial = /etc/puppet/ssl/ca/serial > # ca_ttl = 5y > # paramcheck = true > # lexical = false > # typecheck = true > templatedir = /var/puppet/templates > # sendmail = > # reportfrom = rep...@ubuntu.lab > tagmap = /etc/puppet/tagmail.conf > # smtpserver = none > # dbmigrate = false > # dbuser = puppet > railslog = /var/puppet/log/rails.log > dblocation = /var/puppet/state/clientconfigs.sqlite3 > # dbname = puppet > # dbpassword = puppet > # rails_loglevel = info > # dbadapter = sqlite3 > # dbserver = localhost > # dbsocket = > > I'm hoping someone can spot my mistake cause i can't see it. > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
