Is /etc/puppet/auth.conf owned by the puppet process? You could also try
setting it as world readable.

And make sure in your puppet.conf under the agent stanza, the server block
is set to the domain name of the puppet master. You should be able to
telnet to it on port 8140.

server = puppet.localhost

On Tuesday, November 13, 2012 3:55:44 PM UTC-5, frap wrote:

I'm just getting started with puppet and there's something I can't get
working. I have a client/agent setup at the moment.

When running puppet agent for the first time, I get the following error:

puppet agent --test
dnsdomainname: Unknown host
Error: Could not request certificate: Error 400 on SERVER: Permission
denied - /etc/puppet/auth.conf

My auth.conf looks like this, which I believe is how it is out of the box.

# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1

# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *

# allow all nodes to store their reports
path /report
method save
allow *

# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *

### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate

# allow access to the master CA
path /certificate/ca
auth no
method find
allow *

path /certificate/
auth no
method find
allow *

path /certificate_request
auth no
method find, save
allow *

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any

SElinux is off and all firewall ports are open. Can anyone help?
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/W3BCpKJzzc8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 2 | next ›
Discussion Overview
grouppuppet-users @
postedNov 13, '12 at 8:58p
activeNov 14, '12 at 4:34a

2 users in discussion

Frap: 1 post Drew Michel: 1 post



site design / logo © 2022 Grokbase