[Puppet Users] Re: 400 permission denied error

Tue, 13 Nov 2012 20:34:14 -0800 

Is /etc/puppet/auth.conf  owned by the puppet process? You could also try 
setting it as world readable.

And make sure in your puppet.conf under the agent stanza, the server block 
is set to the domain name of the puppet master. You should be able to 
telnet to it on port 8140.

[agent]
    server = puppet.localhost


On Tuesday, November 13, 2012 3:55:44 PM UTC-5, frap wrote:
>
> I'm just getting started with puppet and there's something I can't get 
> working. I have a client/agent setup at the moment.
>
> When running puppet agent for the first time, I get the following error:
>
>  puppet agent --test
> dnsdomainname: Unknown host
> Error: Could not request certificate: Error 400 on SERVER: Permission 
> denied - /etc/puppet/auth.conf
>
> My auth.conf looks like this, which I believe is how it is out of the box.
>
> # allow nodes to retrieve their own catalog (ie their configuration)
> path ~ ^/catalog/([^/]+)$
> method find
> allow $1
>
> # allow all nodes to access the certificates services
> path /certificate_revocation_list/ca
> method find
> allow *
>
> # allow all nodes to store their reports
> path /report
> method save
> allow *
>
> # inconditionnally allow access to all files services
> # which means in practice that fileserver.conf will
> # still be used
> path /file
> allow *
>
> ### Unauthenticated ACL, for clients for which the current master doesn't
> ### have a valid certificate
>
> # allow access to the master CA
> path /certificate/ca
> auth no
> method find
> allow *
>
> path /certificate/
> auth no
> method find
> allow *
>
> path /certificate_request
> auth no
> method find, save
> allow *
>
> # this one is not stricly necessary, but it has the merit
> # to show the default policy which is deny everything else
> path /
> auth any
>
> SElinux is off and all firewall ports are open. Can anyone help?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/W3BCpKJzzc8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to