Hi All,

first off, i'm new to puppet. I've started playing with it for a few
days now and it seems to be perfectly matching my needs.

I've created two labs, one at home (working) and one in the office
(not working).
Now as you can gather, i would like some help on find the reason the
the office-lab not to work.

The puppetmaster works as expected, starts good and without issue.

Starting it in debug mode says :

r...@master:/etc/puppet# puppetmasterd --no-daemonize -d -v
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does
not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: /File[/var/puppet/yaml]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/
puppet/ssl/certs]
debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet]
debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/public_keys/master.pem]: Autorequiring
File[/etc/puppet/ssl/public_keys]
debug: /File[/var/puppet/log/masterhttp.log]: Autorequiring File[/var/
puppet/log]
debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/var/puppet/rrd]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/puppet/bucket]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/auth.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/puppet/reports]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/manifests/site.pp]: Autorequiring File[/etc/
puppet/manifests]
debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/
puppet]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/certs/master.pem]: Autorequiring File[/
etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys/master.pem]: Autorequiring
File[/etc/puppet/ssl/private_keys]
debug: /File[/var/run/puppetmasterd.pid]: Autorequiring File[/var/run]
debug: Finishing transaction -610961228 with 0 changes
debug: /File[/etc/puppet/ssl/ca/private]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/serial]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/
etc/puppet/ssl/ca/private]
debug: /File[/etc/puppet/ssl/ca/requests]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/ca_crt.pem]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/inventory.txt]: Autorequiring File[/
etc/puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/ca_key.pem]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/signed]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/ca_pub.pem]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: Finishing transaction -611217558 with 0 changes
debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50
UTC 2015
debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50
UTC 2015
debug: Using cached certificate for master, good until Fri Oct 16
14:58:50 UTC 2015
notice: Starting Puppet server version 0.25.4

Which seems good to me.

Now when i start a client, this happens :

r...@ubuntu:~# puppetd --no-daemonize --verbose --server master --fqdn
ubuntu.lab --waitforcert 60 -o
err: Could not retrieve catalog from remote server: Error 403 on
SERVER: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/
ubuntu.lab [find] at line 93
notice: using cached catalog
erro: Could not retrieve catalog; skipping run

The master says the following :

info: access[^/catalog/([^/]+)$]: allowing 'method' find
info: access[^/catalog/([^/]+)$]: allowing $1 access
info: access[/certificate_revocation_list/ca]: allowing 'method' find
info: access[/certificate_revocation_list/ca]: allowing * access
info: access[/report]: allowing 'method' save
info: access[/report]: allowing * access
info: access[/file]: allowing * access
info: access[/certificate/ca]: adding authentication no
info: access[/certificate/ca]: allowing 'method' find
info: access[/certificate/ca]: allowing * access
info: access[/certificate/]: adding authentication no
info: access[/certificate/]: allowing 'method' find
info: access[/certificate/]: allowing * access
info: access[/certificate_request]: adding authentication no
info: access[/certificate_request]: allowing 'method' find
info: access[/certificate_request]: allowing 'method' save
info: access[/certificate_request]: allowing * access
info: access[/]: adding authentication any
info: access[/]: defaulting to no access for ubuntu.lab
warning: Denying access: Forbidden request: ubuntu.lab(10.31.18.31)
access to /catalog/ubuntu.lab [find] at line 93
err: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/
ubuntu.lab [find] at line 93

My config files are

master puppet.conf

[puppetmasterd]
    report_port = 8140
    ca_port = 8140
    puppetdlockfile = /var/puppet/state/puppetdlock
    localconfig = /var/puppet/state/localconfig
    classfile = /var/puppet/state/classes.txt
    reportserver = master.lab
    statefile = /var/puppet/state/state.yaml
    clientbucketdir = /var/puppet/clientbucket
    puppetdlog = /var/puppet/log/puppetd.log
    report_server = master.lab
    # noop = false
    graphdir = /var/puppet/state/graphs
    ca_server = master.lab
    # preferred_serialization_format = pson
    # ignorecache = false
    splaylimit = 1800
    clientyamldir = /var/puppet/client_yaml
    # configtimeout = 120
    csrdir = /etc/puppet/ssl/ca/requests
    serial = /etc/puppet/ssl/ca/serial
    # ca_ttl = 5y
    # keylength = 1024
    cacert = /etc/puppet/ssl/ca/ca_crt.pem
    cacrl = /etc/puppet/ssl/ca/ca_crl.pem
    signeddir = /etc/puppet/ssl/ca/signed
    autosign = /etc/puppet/autosign.conf
    # ca_md = md5
    cert_inventory = /etc/puppet/ssl/ca/inventory.txt
    cakey = /etc/puppet/ssl/ca/ca_key.pem
    caprivatedir = /etc/puppet/ssl/ca/private
    capass = /etc/puppet/ssl/ca/private/ca.pass
    # ca_days =
    # req_bits = 2048
    cadir = /etc/puppet/ssl/ca
    capub = /etc/puppet/ssl/ca/ca_pub.pem
    # node_terminus = plain
    publickeydir = /etc/puppet/ssl/public_keys
    # http_proxy_port = 3128
    plugindest = /var/puppet/lib
    # color = ansi
    privatedir = /etc/puppet/ssl/private
    # queue_source = stomp://localhost:61613/
    # pluginsignore = .svn CVS .git
    hostcert = /etc/puppet/ssl/certs/master.lab.pem
    confdir = /etc/puppet
    # thin_storeconfigs = false
    factsource = puppet://master.lab/facts/
    localcacert = /etc/puppet/ssl/certs/ca.pem
    logdir = /var/puppet/log
    # filetimeout = 15
    # path = none
    # prerun_command =
    genconfig = false
    # casesensitive = false
    # genmanifest = false
    # diff_args = -u
    certdir = /etc/puppet/ssl/certs
    httplog = /var/puppet/log/http.log
    # syslogfacility = daemon
    name = puppetmasterd
    requestdir = /etc/puppet/ssl/certificate_requests
    # mkusers = false
    # http_enable_post_connection_check = true
    pluginsource = puppet://master.lab/plugins
    passfile = /etc/puppet/ssl/private/password
    # async_storeconfigs = false
    # maximum_uid = 4294967290
    # trace = false
    factpath = /var/puppet/facts/
    environment = production
    hostprivkey = /etc/puppet/ssl/private_keys/master.lab.pem
    vardir = /var/puppet
    # config_version =
    # factsync = false
    libdir = /var/puppet/lib
    hostcrl = /etc/puppet/ssl/crl.pem
    rundir = /var/run
    # postrun_command =
    # diff = diff
    daemonize = true
    # ignoreimport = false
    # external_nodes = none
    certname = master.lab
    # show_diff = false
    ssldir = /etc/puppet/ssl
    # http_proxy_host = none
    privatekeydir = /etc/puppet/ssl/private_keys
    # autoflush = false
    # queue_type = stomp
    # pluginsync = false
    hostcsr = /etc/puppet/ssl/csr_master.lab.pem
    factdest = /var/puppet/facts/
    # configprint =
    hostpubkey = /etc/puppet/ssl/public_keys/master.lab.pem
    # zlib = true
    # manage_internal_file_permissions = true
    # factsignore = .svn CVS
    statedir = /var/puppet/state
    authconfig = /etc/puppet/namespaceauth.conf
    # certdnsnames =
    # ldapserver = ldap
    # ldapclassattrs = puppetclass
    # ldapparentattr = parentnode
    # ldapbase =
    # ldapssl = false
    # ldapport = 389
    # ldapstackedattrs = puppetvar
    # ldapuser =
    # ldaptls = false
    # ldapstring = (&(objectclass=puppetClient)(cn=%s))
    # ldapattrs = all
    # ldappassword =
    # ldapnodes = false
    bucketdir = /var/puppet/bucket
    # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
    reportdir = /var/puppet/reports
    rrdinterval = 1800
    modulepath = /etc/puppet/modules:/usr/share/puppet/modules
    bindaddress = 10.31.18.30
    # parseonly = false
    manifest = /etc/puppet/manifests/site.pp
    group = puppet
    masterport = 8140
    rest_authconfig = /etc/puppet/auth.conf
    yamldir = /var/puppet/yaml
    # storeconfigs = false
    fileserverconfig = /etc/puppet/fileserver.conf
    # strict_hostname_checking = false
    # servertype = webrick
    masterlog = /var/puppet/log/puppetmaster.log
    # node_name = cert
    # code =
    # ssl_client_header = HTTP_X_CLIENT_DN
    # reports = store
    user = puppet
    config = /etc/puppet/puppet.conf
    rrddir = /var/puppet/rrd
    pidfile = /var/run/puppetmasterd.pid
    manifestdir = /etc/puppet/manifests
    ca = true
    masterhttplog = /var/puppet/log/masterhttp.log
    # dbmigrate = false
    # dbuser = puppet
    railslog = /var/puppet/log/rails.log
    dblocation = /var/puppet/state/clientconfigs.sqlite3
    # dbname = puppet
    # dbpassword = puppet
    # rails_loglevel = info
    # dbadapter = sqlite3
    # dbserver = localhost
    # dbsocket =
    # summarize = false
    # tags =
    # evaltrace = false
    # lexical = false
    # typecheck = true
    templatedir = /var/puppet/templates
    # paramcheck = true
    # reportfrom = rep...@master.lab
    tagmap = /etc/puppet/tagmail.conf
    #smtpserver =
    # sendmail = /usr/sbin/sendmail

my client config puppet.conf

[puppetd]
    # ldappassword =
    # ldapnodes = false
    # ldapserver = ldap
    # ldapclassattrs = puppetclass
    # ldapparentattr = parentnode
    # ldapbase =
    # ldapssl = false
    # ldapport = 389
    # ldapstackedattrs = puppetvar
    # ldapuser =
    # ldaptls = false
    # ldapstring = (&(objectclass=puppetClient)(cn=%s))
    # ldapattrs = all
    factdest = /var/puppet/facts/
    hostprivkey = /etc/puppet/ssl/private_keys/ubuntu.lab.pem
    # autoflush = false
    # factsignore = .svn CVS
    hostcrl = /etc/puppet/ssl/crl.pem
    confdir = /etc/puppet
    # configprint =
    environment = production
    # zlib = true
    logdir = /var/puppet/log
    ssldir = /etc/puppet/ssl
    # path = none
    # node_terminus = plain
    plugindest = /var/puppet/lib
    privatekeydir = /etc/puppet/ssl/private_keys
    # http_proxy_port = 3128
    # pluginsignore = .svn CVS .git
    hostcsr = /etc/puppet/ssl/csr_ubuntu.lab.pem
    # queue_source = stomp://localhost:61613/
    factsource = puppet://master.lab/facts/
    # color = ansi
    hostpubkey = /etc/puppet/ssl/public_keys/ubuntu.lab.pem
    name = puppetd
    vardir = /var/puppet
    # filetimeout = 15
    # casesensitive = false
    certname = ubuntu.lab
    # prerun_command =
    rundir = /var/puppet/run
    genconfig = false
    # certdnsnames =
    # diff = diff
    # ignoreimport = false
    authconfig = /etc/puppet/namespaceauth.conf
    publickeydir = /etc/puppet/ssl/public_keys
    httplog = /var/puppet/log/http.log
    pluginsource = puppet://master.lab/plugins
    # trace = false
    privatedir = /etc/puppet/ssl/private
    # http_enable_post_connection_check = true
    syslogfacility = daemon
    factpath = /var/puppet/facts/
    hostcert = /etc/puppet/ssl/certs/ubuntu.lab.pem
    # async_storeconfigs = false
    # factsync = false
    localcacert = /etc/puppet/ssl/certs/ca.pem
    # config_version =
    # maximum_uid = 4294967290
    # show_diff = false
    libdir = /var/puppet/lib
    # external_nodes = none
    # postrun_command =
    # manage_internal_file_permissions = true
    statedir = /var/puppet/state
    daemonize = true
    certdir = /etc/puppet/ssl/certs
    # genmanifest = false
    # diff_args = -u
    requestdir = /etc/puppet/ssl/certificate_requests
    # http_proxy_host = none
    # pluginsync = false
    passfile = /etc/puppet/ssl/private/password
    # mkusers = false
    # queue_type = stomp
    yamldir = /var/puppet/yaml
    # storeconfigs = false
    fileserverconfig = /etc/puppet/fileserver.conf
    # strict_hostname_checking = false
    manifestdir = /etc/puppet/manifests
    masterhttplog = /var/puppet/log/masterhttp.log
    # node_name = cert
    # ssl_client_header = HTTP_X_CLIENT_DN
    # group = puppet
    # reports = store
    rrddir = /var/puppet/rrd
    modulepath = /etc/puppet/modules:/usr/share/puppet/modules
    # ca = true
    manifest = /etc/puppet/manifests/site.pp
    # masterport = 8140
    bucketdir = /var/puppet/bucket
    # code =
    # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
    # user = puppet
    reportdir = /var/puppet/reports
    rrdinterval = 1800
    masterlog = /var/puppet/log/puppetmaster.log
    # parseonly = false
    rest_authconfig = /etc/puppet/auth.conf
    # evaltrace = false
    # summarize = false
    # tags =
    # ignorecache = false
    splaylimit = 1800
    # bindaddress =
    # configtimeout = 120
    clientyamldir = /var/puppet/client_yaml
    report_port = 8140
    # ignoreschedules = false
    ca_port = 8140
    puppetdlockfile = /var/puppet/state/puppetdlock
    # downcasefacts = false
    # noop = false
    config = /etc/puppet/puppet.conf
    # splay = false
    # servertype = webrick
    localconfig = /var/puppet/state/localconfig
    reportserver = master.lab
    classfile = /var/puppet/state/classes.txt
    # graph = false
    server = master.lab
    # listen = false
    # runinterval = 1800
    # catalog_format =
    # usecacheonfailure = true
    # dynamicfacts = memorysize,memoryfree,swapsize,swapfree
    pidfile = /var/puppet/run/puppetd.pid
    clientbucketdir = /var/puppet/clientbucket
    statefile = /var/puppet/state/state.yaml
    report_server = master.lab
    puppetdlog = /var/puppet/log/puppetd.log
    graphdir = /var/puppet/state/graphs
    ca_server = master.lab
     # report = false
    puppetport = 8139
    # preferred_serialization_format = pson
    # keylength = 1024
    cacert = /etc/puppet/ssl/ca/ca_crt.pem
    cacrl = /etc/puppet/ssl/ca/ca_crl.pem
    signeddir = /etc/puppet/ssl/ca/signed
    autosign = /etc/puppet/autosign.conf
    # ca_md = md5
    cert_inventory = /etc/puppet/ssl/ca/inventory.txt
    cakey = /etc/puppet/ssl/ca/ca_key.pem
    caprivatedir = /etc/puppet/ssl/ca/private
    capass = /etc/puppet/ssl/ca/private/ca.pass
    # ca_days =
    # req_bits = 2048
    cadir = /etc/puppet/ssl/ca
    capub = /etc/puppet/ssl/ca/ca_pub.pem
    csrdir = /etc/puppet/ssl/ca/requests
    serial = /etc/puppet/ssl/ca/serial
    # ca_ttl = 5y
    # paramcheck = true
    # lexical = false
    # typecheck = true
    templatedir = /var/puppet/templates
    # sendmail =
    # reportfrom = rep...@ubuntu.lab
    tagmap = /etc/puppet/tagmail.conf
    # smtpserver = none
    # dbmigrate = false
    # dbuser = puppet
    railslog = /var/puppet/log/rails.log
    dblocation = /var/puppet/state/clientconfigs.sqlite3
    # dbname = puppet
    # dbpassword = puppet
    # rails_loglevel = info
    # dbadapter = sqlite3
    # dbserver = localhost
    # dbsocket =

I'm hoping someone can spot my mistake cause i can't see it.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to