FAQ
I'm just getting started with puppet and there's something I can't get
working. I have a client/agent setup at the moment.

When running puppet agent for the first time, I get the following error:

puppet agent --test
dnsdomainname: Unknown host
Error: Could not request certificate: Error 400 on SERVER: Permission
denied - /etc/puppet/auth.conf

My auth.conf looks like this, which I believe is how it is out of the box.

# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1

# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *

# allow all nodes to store their reports
path /report
method save
allow *

# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *

### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate

# allow access to the master CA
path /certificate/ca
auth no
method find
allow *

path /certificate/
auth no
method find
allow *

path /certificate_request
auth no
method find, save
allow *

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any

SElinux is off and all firewall ports are open. Can anyone help?

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/LP3GakjQKjIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Drew Michel at Nov 14, 2012 at 4:34 am
    Is /etc/puppet/auth.conf owned by the puppet process? You could also try
    setting it as world readable.

    And make sure in your puppet.conf under the agent stanza, the server block
    is set to the domain name of the puppet master. You should be able to
    telnet to it on port 8140.

    [agent]
    server = puppet.localhost

    On Tuesday, November 13, 2012 3:55:44 PM UTC-5, frap wrote:

    I'm just getting started with puppet and there's something I can't get
    working. I have a client/agent setup at the moment.

    When running puppet agent for the first time, I get the following error:

    puppet agent --test
    dnsdomainname: Unknown host
    Error: Could not request certificate: Error 400 on SERVER: Permission
    denied - /etc/puppet/auth.conf

    My auth.conf looks like this, which I believe is how it is out of the box.

    # allow nodes to retrieve their own catalog (ie their configuration)
    path ~ ^/catalog/([^/]+)$
    method find
    allow $1

    # allow all nodes to access the certificates services
    path /certificate_revocation_list/ca
    method find
    allow *

    # allow all nodes to store their reports
    path /report
    method save
    allow *

    # inconditionnally allow access to all files services
    # which means in practice that fileserver.conf will
    # still be used
    path /file
    allow *

    ### Unauthenticated ACL, for clients for which the current master doesn't
    ### have a valid certificate

    # allow access to the master CA
    path /certificate/ca
    auth no
    method find
    allow *

    path /certificate/
    auth no
    method find
    allow *

    path /certificate_request
    auth no
    method find, save
    allow *

    # this one is not stricly necessary, but it has the merit
    # to show the default policy which is deny everything else
    path /
    auth any

    SElinux is off and all firewall ports are open. Can anyone help?
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/W3BCpKJzzc8J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedNov 13, '12 at 8:58p
activeNov 14, '12 at 4:34a
posts2
users2
websitepuppetlabs.com

2 users in discussion

Frap: 1 post Drew Michel: 1 post

People

Translate

site design / logo © 2022 Grokbase