Yep, your experience matches what we see in our setup: The puppetmaster has neither an auth.conf nor a namespaceauth.conf and operates with just one error: we can't run puppetd on the puppetmaster because namespaceauth.conf is missing...
On 23/02/2011, at 2:56 PM, Jed <jedbl...@gmail.com> wrote: > so even more wierdness.... > > I moved the auth.conf and the namespaceauth.conf files on the > puppetmaster, restarted the puppetmaster daemon in debug > mode.....and... > > no error...not a single one -- puppetclients connect just fine, and > puppetrun works correctly... > > I must be missing something here ....since the docs are saying at > least one of these files are needed on the puppetmaster. > > On Feb 22, 7:20 pm, tu2bg...@gmail.com wrote: >> From the docs: >> ---------------------------- >> auth.conf >> >> rest_authconfig = $confdir/auth.conf >> >> The auth.conf doesn't exist by default, but Puppet has some default >> settings that will be put in place if you don't create an auth.conf. You'll >> see these settings if you run your puppetmaster in debug mode and then >> connect with a client. >> --------------------------- >> namespaceauth.conf >> >> authconfig = $confdir/namespaceauth.conf >> >> This file controls the http connections to the puppet agent. It is >> necessary to start the puppet agent with the listen true option. >> >> There's an example namespaceauth.conf file in the puppet source in >> conf/namespaceauth.conf. >> ---------------------------- >> >> auth.conf: controls access to puppetmaster - lives on puppetmaster >> >> namespaceauth.conf: bit harder to discern from doco and the link to the >> example returns 404. (points to old reductivelabs >> github)https://github.com/puppetlabs/puppet/blob/master/conf/namespaceauth.conf >> >> # This is an example namespaceauth.conf file, >> # which you'll need if you want to start a client >> # in --listen mode. >> [fileserver] >> allow *.domain.com >> >> [puppetmaster] >> allow *.domain.com >> >> [puppetrunner] >> allow culain.domain.com >> >> [puppetbucket] >> allow *.domain.com >> >> [puppetreports] >> allow *.domain.com >> >> [resource] >> allow server.domain.com >> >> That would be on the client from my reading but I haven't implemented this >> at all. >> >> On , Douglas Garstang <doug.garst...@gmail.com> wrote: >> >>> On Tue, Feb 22, 2011 at 2:58 PM, Jed jedbl...@gmail.com> wrote: >>> Thanks Denmat... >>> I've seen the page already, but its so vague... >>> it doesnt mention anywhere what files belong where... >>> I gather auth.conf would need to be on the puppetmaster... >>> however, from what it says about namespaceauth.conf, it seems that >>> needs to live on the puppet client machines.... >>> not sure.... >>> On Feb 22, 4:58 pm, Denmat tu2bg...@gmail.com> wrote: >>>> I think only on master. This might help you >>> further.http://docs.puppetlabs.com/guides/security.html >> >>>> On 23/02/2011, at 8:29, Jed jedbl...@gmail.com> wrote: >> >>>>> I'm trying to wrap my head around these files... >> >>>>> do both of them need to reside on the client and master? >> >>>>> are there any docs that describe these files and what all the option/ >>>>> sections are and what they do? >> >>>>> Thanks all.... >>> Yeah, it is horribly confusing isn't it. Glad it's not just me that can't >>> quite work it out. >>> Doug >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
