FAQ
I am having an issue adding new clients to puppet. The master is not
accepting connections from unauthenticated clients, even though my
auth.conf that worked with v3.1.1 has not changed. If I test ssl via curl
-k, the puppet master returns "can't convert nil into String" to the
client. The http log on the master shows a 400 return code. Also note,
I'm using passenger & httpd with my puppet master.

If I do the certificate generation & signing manually and copy back to the
client, it can communicate fine with the master.

Here is a snippet of my auth.conf: (I originally had "auth any", but
changed to "auth no" to see if it made any difference--which it didn't)

--------

### Unauthenticated ACLs, for clients without valid certificates;
authenticated
### clients can also access these paths, though they rarely need to.

# allow access to the CA certificate; unauthenticated nodes need this
# in order to validate the puppet master's certificate
path /certificate/ca
auth no
method find
allow *

# allow nodes to retrieve the certificate they requested earlier
path /certificate/
auth no
method find
allow *

# allow nodes to request a new certificate
path /certificate_request
auth no
method find, save
allow *

--------

Thanks,

Mike

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Denmat at May 16, 2013 at 12:13 am
    So can't help you specifically here, but if you take httpd/passenger out of the picture does it work as expected(ie, stop httpd and run the puppet master --no-daemonize --verbose)?

    Cheers
    Den
    On 16/05/2013, at 0:28, Mike S wrote:

    I am having an issue adding new clients to puppet. The master is not accepting connections from unauthenticated clients, even though my auth.conf that worked with v3.1.1 has not changed. If I test ssl via curl -k, the puppet master returns "can't convert nil into String" to the client. The http log on the master shows a 400 return code. Also note, I'm using passenger & httpd with my puppet master.

    If I do the certificate generation & signing manually and copy back to the client, it can communicate fine with the master.

    Here is a snippet of my auth.conf: (I originally had "auth any", but changed to "auth no" to see if it made any difference--which it didn't)

    --------

    ### Unauthenticated ACLs, for clients without valid certificates; authenticated
    ### clients can also access these paths, though they rarely need to.

    # allow access to the CA certificate; unauthenticated nodes need this
    # in order to validate the puppet master's certificate
    path /certificate/ca
    auth no
    method find
    allow *

    # allow nodes to retrieve the certificate they requested earlier
    path /certificate/
    auth no
    method find
    allow *

    # allow nodes to request a new certificate
    path /certificate_request
    auth no
    method find, save
    allow *

    --------

    Thanks,

    Mike
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedMay 15, '13 at 2:42p
activeMay 16, '13 at 12:13a
posts2
users2
websitepuppetlabs.com

2 users in discussion

Mike S: 1 post Denmat: 1 post

People

Translate

site design / logo © 2022 Grokbase