setting it as world readable.
And make sure in your puppet.conf under the agent stanza, the server block
is set to the domain name of the puppet master. You should be able to
telnet to it on port 8140.
[agent]
server = puppet.localhost
On Tuesday, November 13, 2012 3:55:44 PM UTC-5, frap wrote:
I'm just getting started with puppet and there's something I can't get
working. I have a client/agent setup at the moment.
When running puppet agent for the first time, I get the following error:
puppet agent --test
dnsdomainname: Unknown host
Error: Could not request certificate: Error 400 on SERVER: Permission
denied - /etc/puppet/auth.conf
My auth.conf looks like this, which I believe is how it is out of the box.
# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1
# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *
# allow all nodes to store their reports
path /report
method save
allow *
# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *
### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate
# allow access to the master CA
path /certificate/ca
auth no
method find
allow *
path /certificate/
auth no
method find
allow *
path /certificate_request
auth no
method find, save
allow *
# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any
SElinux is off and all firewall ports are open. Can anyone help?
--I'm just getting started with puppet and there's something I can't get
working. I have a client/agent setup at the moment.
When running puppet agent for the first time, I get the following error:
puppet agent --test
dnsdomainname: Unknown host
Error: Could not request certificate: Error 400 on SERVER: Permission
denied - /etc/puppet/auth.conf
My auth.conf looks like this, which I believe is how it is out of the box.
# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1
# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *
# allow all nodes to store their reports
path /report
method save
allow *
# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *
### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate
# allow access to the master CA
path /certificate/ca
auth no
method find
allow *
path /certificate/
auth no
method find
allow *
path /certificate_request
auth no
method find, save
allow *
# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any
SElinux is off and all firewall ports are open. Can anyone help?
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/W3BCpKJzzc8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.