I found out that I was missing a change in puppet.conf due using Puppetmaster Passenger:
from: ssl_client_header = SSL_CLIENT_S_DN to: ssl_client_header = HTTP_X_SSL_SUBJECT Now the permission issues are gone. Weird enough that my Puppetmaster 2.7.x environment works without this change. Felipe On Tuesday, November 13, 2012 2:28:29 PM UTC-8, Felipe Salum wrote: > > I'm also having the same issue on the other locations. Not sure what's > wrong since this is a default installation of puppet 3 with the original > auth.conf > > Error: > /Stage[main]/Puppetdb::Master::Routes/File[/etc/puppet/routes.yaml]: Could > not evaluate: Error 403 on SERVER: Forbidden request: > puppet2.puppet.test(192.168.168.10) access to > /file_metadata/modules/puppetdb/routes.yaml [find] at :102 Could not > retrieve file metadata for puppet:///modules/puppetdb/routes.yaml: Error > 403 on SERVER: Forbidden request: puppet2.puppet.test(192.168.168.10) > access to /file_metadata/modules/puppetdb/routes.yaml [find] at :102 > > Error: Could not retrieve catalog from remote server: Error 403 on SERVER: > Forbidden request: puppet2.puppet.test(192.168.168.10) access to > /catalog/puppet2.puppet.test [find] at :101 > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > > Error: Could not send report: Error 403 on SERVER: Forbidden request: > puppet2.puppet.test(192.168.168.10) access to /report/puppet2.puppet.test > [save] at :102 > > > Maybe it is a naming resolution issue ? I'm using /etc/hosts since this is > a vagrant environment only for testing purposes. > > If I start updating auth.conf to use 'auth no' everywhere it passes. > > I don't see the problem on my production servers, so it worries me more :) > > On Monday, November 12, 2012 4:27:41 PM UTC-8, Felipe Salum wrote: >> >> Hi Nick. >> >> Actually this is a new environment I'm setting up using vagrant, puppet 3 >> and the default auth.conf. >> >> I had to add allow_ip to the /reports request to make it work. Not sure >> why but it sometimes fail when using the puppet server provider from >> vagrant. >> >> Thanks, >> Felipe >> >> On Mon, Nov 12, 2012 at 4:22 PM, Nick Fagerlund < >> nick.fagerl...@puppetlabs.com> wrote: >> >>> >>> >>> On Saturday, November 10, 2012 5:43:48 PM UTC-8, Felipe Salum wrote: >>>> >>>> Is this related to the same error I have when I run the puppet agent on >>>> my nodes ? >>>> >>> Nov 11 01:40:09 squeeze puppet-agent[8683]: Could not send report: Error >>> 403 on SERVER: Forbidden request: puppetdb1.puppet.test(192.168. >>> **168.12) access to /report/puppetdb1.puppet.test [save] authenticated >>> at :67 >>> >>> >>> No, other than that they're both related to authentication in auth.conf. >>> If you were upgrading from 2.6, note that the default value of the 'report' >>> setting changed between 2.6 and 2.7: >>> >>> >>> http://docs.puppetlabs.com/references/2.7.latest/configuration.html#report >>> >>> http://docs.puppetlabs.com/references/2.6.latest/configuration.html#report >>> >>> So if your auth.conf file doesn't allow authenticated nodes to send save >>> requests to /report, you will get errors. Examine your auth.conf file and >>> compare it to the one here: >>> >>> https://github.com/puppetlabs/puppet/blob/master/conf/auth.conf >>> >>> You should have AT LEAST all the same rules, although your site may have >>> some extra rules as well. Be aware that order matters in this file. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msg/puppet-users/-/rcFTBsu-IqkJ. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >> >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/PJt_eVvvh9gJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.