Puppetrun Error 403 On Server Forbidden Request
Contents |
QueryOpen cron issuesPlatform Report - 2 Week ActivityPuppet Solaris issuesRuby 1.9 IssuesSupport Customer TicketsSupport TicketsTelly DeprecationsTickets - could not retrieve catalog from remote server: error 403 on server: forbidden request Assigned to MeTickets - Authored by MeTickets - By PriorityTickets puppet ssl_client_ca_auth - In Topic Branch Pending ReviewTickets - Top by votesTickets - Unassigned to a target releaseTickets
Unable To Fetch My Node Definition
- UnreviewedTickets - unreviewed and outside SLATickets - waiting for actionTickets with simple fixes Watchers (1) seven satan The Puppet Labs Issue Tracker has Moved:
Puppet Cert Clean
https://tickets.puppetlabs.com This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA: The Puppet Projects Workflow describes how to file tickets against Puppet projects. Bug #5631 puppet 2.6 kick failed: Error 403 on SERVER: Forbidden request Added by seven satan over 5 years ago. Updated over 5 years ago. Status:ClosedStart date:12/22/2010Priority:NormalDue date:Assignee:-% Done:0%Category:-Target version:- Affected Puppet version: Branch: Keywords: We've Moved! Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com Description puppet master 2.6.3 puppet client 2.6.3 # puppet kick -p 10 node.netbook.com --debug Triggering node.netbook.com Host node.netbook.com failed: Error 403 on SERVER: Forbidden request: puppet.netbook.com(10.12.5.5) access to /run/node.netbook.com [save] authenticated at line 93 node.netbook.com finished with exit code 2 Failed:node.netbook.com # curl -k -X PUT -H "Content-Type: text/pson" -d "{}" https://node.netbook.com:8139/puppet/run/sdf Forbidden request: 10.12.5.5(10.12.5.5) access to /run/sdf [save] at line 93 puppet client config: auth.conf path /run method save allow * namespaceauth.conf [fileserver] allow * [puppetmaster] allow * [puppetrunner] allow * [kick] allow * puppet.conf [agent] listen = true report = true client logs Dec 22 15:29:39 localhost p
Puppet Server edit puppetserver ca authentication client asked 2015-08-27 15:52:59 -0500 nottc 1 ●1 ●1 ●2 I'm having issues expanding a puppet-server deployment beyond ten nodes. Specifically, the issue appears to be authentication related, but I cannot track down what would cause it. Deployment I have a puppet-server deployment with an external CA. The https://projects.puppetlabs.com/issues/5631 master certificate is signed by an intermediate certificate and the agent certificates are signed by another intermediate. Both intermediates are signed by the same root. This is the deployment as described in the Puppet documentation. Additionally, I have a running Puppet DB deploy connected to Puppet. https://ask.puppet.com/question/18904/403-forbidden-request-puppet-server/ The Problem Before the problem started, I had 10 working nodes. I've had no issues with authentication using the external CA (certificates generated using EJBCA). When I attempted to add three additional nodes, each node has the same kind of errors that suggest authentication problems. These errors are 403 errors when running puppet agent -t. As an example, when attempting to run puppet, the following happens: # /opt/puppetlabs/bin/puppet agent -t Info: Retrieving pluginfacts Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': Error 403 on SERVER: Forbidden request: host01.local.test(XXX.XXX.XXX.XXX) access to /puppet/v3/file_metadata/pluginfacts [search] at :124 Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: Error 403 on SERVER: Forbidden request: host01.local.test(XXX.XXX.XXX.XXX) access to /puppet/v3/file_metadata/pluginfacts [find] at :124 Info: Retrieving plugin Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': Error 403 on SE
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this http://serverfault.com/questions/456680/puppet-master-rest-api-returns-403-when-running-under-passenger-works-when-maste site About Us Learn more about Stack Overflow the company Business Learn more https://linuxacademy.com/community/posts/show/topic/4184-puppet-agent-issues about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer error 403 The best answers are voted up and rise to the top puppet master REST API returns 403 when running under passenger works when master runs from command line up vote 2 down vote favorite I am using the standard auth.conf provided in puppet install for the puppet master which is running through passenger under Nginx. However for most of the catalog, files and certitifcate request I error 403 on get a 403 response. ### Authenticated paths - these apply only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path ~ ^/certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # unconditionally allow access to all file services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * path /facts auth any method find, search allow * # this one is not stricly necessary, but it has the meri
Info: Caching certificate for electricaltears5.mylabserver.com Info: Caching certificate for electricaltears5.mylabserver.com Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 403 on SERVER: Forbidden request: ec2-54-210-121-73.compute-1.amazonaws.com(54.210.121.73) access to /node/ElectricalTears5.mylabserver.com [find] at :60 Info: Retrieving plugin Error: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using 'eval_generate': Error 403 on SERVER: Forbidden request: ec2-54-210-121-73.compute-1.amazonaws.com(54.210.121.73) access to /file_metadata/plugins [search] at :60 Error: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://electricaltears4.mylabserver.com/plugins: Error 403 on SERVER: Forbidden request: ec2-54-210-121-73.compute-1.amazonaws.com(54.210.121.73) access to /file_metadata/plugins [find] at :60 Wrapped exception: Error 403 on SERVER: Forbidden request: ec2-54-210-121-73.compute-1.amazonaws.com(54.210.121.73) access to /file_metadata/plugins [find] at :60 Error: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: ec2-54-210-121-73.compute-1.amazonaws.com(54.210.121.73) access to /catalog/ElectricalTears5.mylabserver.com [find] at :60 Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: Error 403 on SERVER: Forbidden request: ec2-54-210-121-73.compute-1.amazonaws.com(54.210.121.73) access to /report/ElectricalTears5.mylabserver.com [save] at :60 This only happens with the version supplied by the puppet master image provided. I've installed the PE-server on centos 7 as well as a node, and that worked fine. Not sure what I'm doing wrong here. History from master: 249 vi /etc/hosts # add fqdn to hosts file 250 vi /etc/ssh/sshd_config # allow root login 251 puppet-enterprise/puppet-enterprise-installer 252 hostname 253 puppet cert list 254 puppet cert sign electricaltears5.mylabserver.com History from node 193 vi /etc/ssh/sshd_config 194 curl -k https://electricaltears4.mylabserver.com:8140/packages/current/install.bash | sudo bash 195 puppet agent -t Severino D 09-17-2015 Hi i'm getting the exact same output, we're you able to get that fixed with the course provided setup? [root@RinoD2 ~]# puppet agent -t Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 403 on SERVER: Forbidden request: 172.31.116.30(172.31.116.30) access to /node/RinoD2.mylabserver.com [find] at :60 Info: Retrieving p