FAQ
I am having an issue adding new clients to puppet. The master is not
accepting connections from unauthenticated clients, even though my
auth.conf that worked with v3.1.1 has not changed. If I test ssl via curl
-k, the puppet master returns "can't convert nil into String" to the
client. The http log on the master shows a 400 return code. Also note,
I'm using passenger & httpd with my puppet master.

If I do the certificate generation & signing manually and copy back to the
client, it can communicate fine with the master.

Here is a snippet of my auth.conf: (I originally had "auth any", but
changed to "auth no" to see if it made any difference--which it didn't)

--------

### Unauthenticated ACLs, for clients without valid certificates;
authenticated
### clients can also access these paths, though they rarely need to.

# allow access to the CA certificate; unauthenticated nodes need this
# in order to validate the puppet master's certificate
path /certificate/ca
auth no
method find
allow *

# allow nodes to retrieve the certificate they requested earlier
path /certificate/
auth no
method find
allow *

# allow nodes to request a new certificate
path /certificate_request
auth no
method find, save
allow *

--------

Thanks,

Mike

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Denmat at May 16, 2013 at 12:13 am
    So can't help you specifically here, but if you take httpd/passenger out of the picture does it work as expected(ie, stop httpd and run the puppet master --no-daemonize --verbose)?

    Cheers
    Den
    On 16/05/2013, at 0:28, Mike S wrote:

    I am having an issue adding new clients to puppet. The master is not accepting connections from unauthenticated clients, even though my auth.conf that worked with v3.1.1 has not changed. If I test ssl via curl -k, the puppet master returns "can't convert nil into String" to the client. The http log on the master shows a 400 return code. Also note, I'm using passenger & httpd with my puppet master.

    If I do the certificate generation & signing manually and copy back to the client, it can communicate fine with the master.

    Here is a snippet of my auth.conf: (I originally had "auth any", but changed to "auth no" to see if it made any difference--which it didn't)

    --------

    ### Unauthenticated ACLs, for clients without valid certificates; authenticated
    ### clients can also access these paths, though they rarely need to.

    # allow access to the CA certificate; unauthenticated nodes need this
    # in order to validate the puppet master's certificate
    path /certificate/ca
    auth no
    method find
    allow *

    # allow nodes to retrieve the certificate they requested earlier
    path /certificate/
    auth no
    method find
    allow *

    # allow nodes to request a new certificate
    path /certificate_request
    auth no
    method find, save
    allow *

    --------

    Thanks,

    Mike
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
    To post to this group, send email to [email protected].
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
    To post to this group, send email to [email protected].
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedMay 15, '13 at 2:42p
activeMay 16, '13 at 12:13a
posts2
users2
websitepuppetlabs.com

2 users in discussion

Mike S: 1 post Denmat: 1 post

People

Translate

site design / logo © 2023 Grokbase