Issue #2531 has been updated by Nigel Kersten.
That should work, but feels dirty. Let's reach consensus on the list and I'll put together the patch for whatever we decide. ---------------------------------------- Bug #2531: opaque strings don't match for catalog retrieval via REST auth system http://projects.reductivelabs.com/issues/2531 Author: Nigel Kersten Status: Accepted Priority: High Assigned to: Nigel Kersten Category: settings Target version: 0.25.0 Complexity: Unknown Affected version: 0.25.0 Keywords: This is different, but still related to #2348 in a way. <pre> root# puppetd -t --server testserver.mydomain --masterport 8140 --certname foobar.mydomain info: Caching catalog for foobar.mydomain.com info: Applying configuration version '1250128881' notice: Finished catalog run in 0.01 seconds root# puppetd -t --server testserver.mydomain --masterport 8140 --certname c216f41a-f902-4bfb-a222-850dd957bebb err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: c216f41a-f902-4bfb-a222-850dd957bebb(x.x.x.x) access to /catalog/c216f41a-f902-4bfb-a222-850dd957bebb [find] authenticated at line 52 info: Not using expired catalog for c216f41a-f902-4bfb-a222-850dd957bebb from cache; expired at Wed Aug 12 18:54:49 -0700 2009 notice: Using cached catalog err: Could not retrieve catalog; skipping run </pre> If I switch auth.conf from: <pre> # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 </pre> to: <pre> # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow * </pre> then it works happily. I've just found a cluster of bugs together, so reporting this without more detail until I have time to look into it. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
