Have you try adding server parameter as i said in earlier post.
On Thu, Sep 26, 2013 at 2:44 PM, Dilip Varma <[email protected]> wrote: > Hi > > *puppetmaster#vim /etc/puppet/puppet.conf* > > [main] > logdir=/var/log/puppet > vardir=/var/lib/puppet > ssldir=/var/lib/puppet/ssl > rundir=/var/run/puppet > factpath=$vardir/lib/facter > templatedir=$confdir/templates > prerun_command=/etc/puppet/etckeeper-commit-pre > postrun_command=/etc/puppet/etckeeper-commit-post > listen = true > [master] > # These are needed when the puppetmaster is run by passenger > # and can safely be removed if webrick is used. > ssl_client_header = SSL_CLIENT_S_DN > ssl_client_verify_header = SSL_CLIENT_VERIFY > > puppetmaster#vim /etc/puppet/auth.conf > [main] > logdir=/var/log/puppet > vardir=/var/lib/puppet > ssldir=/var/lib/puppet/ssl > rundir=/var/run/puppet > factpath=$vardir/lib/facter > templatedir=$confdir/templates > prerun_command=/etc/puppet/etckeeper-commit-pre > postrun_command=/etc/puppet/etckeeper-commit-post > listen = true > [master] > # These are needed when the puppetmaster is run by passenger > # and can safely be removed if webrick is used. > ssl_client_header = SSL_CLIENT_S_DN > ssl_client_verify_header = SSL_CLIENT_VERIFY > > *puppetmaster#vim /etc/puppet/auth.conf* > > > # This is an example auth.conf file, it mimics the puppetmasterd defaults > # > # The ACL are checked in order of appearance in this file. > # > # Supported syntax: > # This file supports two different syntax depending on how > # you want to express the ACL. > # > # Path syntax (the one used below): > # --------------------------------- > # path /path/to/resource > # [environment envlist] > # [method methodlist] > # [auth[enthicated] {yes|no|on|off|any}] > # allow [host|ip|*] > # deny [host|ip] > # > # The path is matched as a prefix. That is /file match at > # the same time /file_metadat and /file_content. > # > # Regex syntax: > # ------------- > # This one is differenciated from the path one by a '~' > # > # path ~ regex > # [environment envlist] > # [method methodlist] > # [auth[enthicated] {yes|no|on|off|any}] > # allow [host|ip|*] > # deny [host|ip] > # > # The regex syntax is the same as ruby ones. > # > # Ex: > # path ~ .pp$ > # will match every resource ending in .pp (manifests files for instance) > # > # path ~ ^/path/to/resource > # is essentially equivalent to path /path/to/resource > # > # environment:: restrict an ACL to a specific set of environments > # method:: restrict an ACL to a specific set of methods > # auth:: restrict an ACL to an authenticated or unauthenticated request > # the default when unspecified is to restrict the ACL to authenticated > requests > # (ie exactly as if auth yes was present). > # > > ### Authenticated ACL - those applies only when the client > ### has a valid certificate and is thus authenticated > > # allow nodes to retrieve their own catalog (ie their configuration) > path ~ ^/catalog/([^/]+)$ > method find > allow $1 > > # allow nodes to retrieve their own node definition > path ~ ^/node/([^/]+)$ > method find > allow $1 > > # allow all nodes to access the certificates services > path /certificate_revocation_list/ca > method find > allow * > > # allow all nodes to store their own reports > path ~ ^/report/([^/]+)$ > method save > allow $1 > > # inconditionnally allow access to all files services > # which means in practice that fileserver.conf will > # still be used > path /file > > > > > Thanks, > Dilip > allow * > > ### Unauthenticated ACL, for clients for which the current master doesn't > ### have a valid certificate; we allow authenticated users, too, because > ### there isn't a great harm in letting that request through. > > # allow access to the master CA > path /certificate/ca > auth any > method find > allow * > > path /certificate/ > auth any > method find > allow * > > path /certificate_request > auth any > method find, save > allow * > > # this one is not stricly necessary, but it has the merit > # to show the default policy which is deny everything else > #path / > path /run > auth any > > These are my puppet.conf and auth.conf of puppet master... > > Please find the solution.. > > On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma <[email protected]>wrote: > >> >> Hi, >> >> I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e >> >> class toolbox { >> >> file { '/usr/local/sbin/puppetsimple.sh': >> owner => root,group => root,mode => 0755,content => "#!/bin/bash >> apt-get install zip\n" >> } >> } >> node 'admin.local' { >> include toolbox >> >> } >> >> Here admin.local is my PUPPET AGENT.. >> >> my job is to kick this job to puppet agent from puppet master.for this i >> have ran >> >> *[email protected]#puppet kick admin.local* >> *Triggering admin.local >> Host admin.local failed: Connection refused - connect(2) >> admin.local finished with exit code 2 >> Failed: admin.local* >> >> i got this error. >> *Additional Info*:puppet master and agent are in the same >> network,pinging each other and configured password less logins also.. >> >> Please find the attachment regarding the puppet error mentioned above. >> >> Thanks in advance >> Dilip >> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Puppet Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/puppet-users/OMJFUxP4XgM/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/puppet-users. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/OMJFUxP4XgM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
