Hi All. I am having a strange issues when amazon assigns an internal dns from the domU* (ipv6) type.
Here is the errors I get on the puppet master: > Nov 7 13:51:38 ip-10-28-107-81 puppet-master[28632]: Signed certificate > request for 4019_domu-12-31-39-0e-89-82.compute-1.internal > Nov 7 13:51:38 ip-10-28-107-81 puppet-master[28632]: Removing file > Puppet::SSL::CertificateRequest > 4019_domu-12-31-39-0e-89-82.compute-1.internal at > '/var/lib/puppet/ssl/ca/requests/4019_domu-12-31-39-0e-89-82.compute-1.internal.pem' > Nov 7 13:51:38 ip-10-28-107-81 puppet-master[24868]: Denying access: > Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /node/4019_domU-12-31-39-0E-89-82.compute-1.internal [find] at :115 > Nov 7 13:51:38 ip-10-28-107-81 puppet-master[24868]: Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /node/4019_domU-12-31-39-0E-89-82.compute-1.internal [find] at :115 > Nov 7 13:51:38 ip-10-28-107-81 puppet-master[24868]: Denying access: > Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /file_metadata/plugins [search] at :115 > Nov 7 13:51:38 ip-10-28-107-81 puppet-master[24868]: Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /file_metadata/plugins [search] at :115 > Nov 7 13:51:38 ip-10-28-107-81 puppet-master[24868]: Denying access: > Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /file_metadata/plugins [find] at :115 > Nov 7 13:51:38 ip-10-28-107-81 puppet-master[24868]: Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /file_metadata/plugins [find] at :115 > Nov 7 13:51:40 ip-10-28-107-81 puppet-master[28632]: Denying access: > Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /catalog/4019_domU-12-31-39-0E-89-82.compute-1.internal [find] at :115 > Nov 7 13:51:40 ip-10-28-107-81 puppet-master[28632]: Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /catalog/4019_domU-12-31-39-0E-89-82.compute-1.internal [find] at :115 > Nov 7 13:51:40 ip-10-28-107-81 puppet-master[28632]: Denying access: > Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /report/4019_domU-12-31-39-0E-89-82.compute-1.internal [save] at :115 > Nov 7 13:51:40 ip-10-28-107-81 puppet-master[28632]: Forbidden request: > domU-12-31-39-0E-89-82.compute-1.internal(10.192.138.112) access to > /report/4019_domU-12-31-39-0E-89-82.compute-1.internal [save] at :115 The node is configured with: certname = 4019_domu-12-31-39-0e-89-82.compute-1.internal I am using: puppet master version 3.3.0 puppet agent version 3.3.1 The /etc/puppet/auth.conf is as follows (default): > path ~ ^/catalog/([^/]+)$ > method find > allow $1 > # allow nodes to retrieve their own node definition > path ~ ^/node/([^/]+)$ > method find > allow $1 > # allow all nodes to access the certificates services > path /certificate_revocation_list/ca > method find > allow * > # allow all nodes to store their own reports > path ~ ^/report/([^/]+)$ > method save > allow $1 > # Allow all nodes to access all file services; this is necessary for > # pluginsync, file serving from modules, and file serving from custom > # mount points (see fileserver.conf). Note that the `/file` prefix matches > # requests to both the file_metadata and file_content paths. See "Examples" > # above if you need more granular access control for custom mount points. > path /file > allow * > ### Unauthenticated ACLs, for clients without valid certificates; > authenticated > ### clients can also access these paths, though they rarely need to. > # allow access to the CA certificate; unauthenticated nodes need this > # in order to validate the puppet master's certificate > path /certificate/ca > auth any > method find > allow * > # allow nodes to retrieve the certificate they requested earlier > path /certificate/ > auth any > method find > allow * > # allow nodes to request a new certificate > path /certificate_request > auth any > method find, save > allow * > # deny everything else; this ACL is not strictly necessary, but > # illustrates the default policy. > path / > auth any Can anybody please help to debug this issue? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/23eaffb2-3609-4d03-af1f-88031605b894%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
