Puppet Enterprise 2.7 - Error 400 on Server - Error 403 on Server - Can't puppet agent -t without the following error?
Solution 1
When you run sudo ./puppet-enterprise-install
you MUST answer y
or accept the default to this question:
-> console
The console is a web interface for viewing reports, classifying nodes, directly managing resources, controlling Puppet runs, and invoking MCollective agents.
It should usually be installed on the puppet master server, but can also installed separately.
?? Install the console? [Y/n]
Also try and have mysql root account setup so you know the password for the root@localhost
mysql account.
Solution 2
Make sure that the section allowing access to facts:
path /facts
auth any
method find, search
allow *
appears before
# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any
As can be seen by the comment, this effectively denies access to everything else, so it should appear the last.
Also, make sure you check the section "Enabling Inventory Support" in the Puppet Dashboard Configuration Manual for other changes you might need to make to your files.
Comments
-
hijaked79 over 1 year
Running into an issue using two VM's running REL6. I set up the master and agent correctly and was able to cert the agent. When I go to run:
puppet agent -t
On the agent, I receive the following error:
info: Retrieving plugin info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request: <MASTER>(IPAddress) access to /facts/<AGENT> [save] authenticated at line 56 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run
So I went into the Auth.conf file on the master to play with a few things:
path ~ ^/catalog/([^/]+)$ method find auth yes allow $1 path ~ ^/node/([^/]+)$ method find auth yes allow $1 path /certificate_revocation_list/ca method find auth yes allow * path /report method save auth yes allow * path /file auth yes allow * path /certificate/ca method find auth any allow * path /certificate/ method find auth any allow * path /certificate_request method find, save auth any allow * path /certificate_status method find, search, save, destroy auth yes allow pe-internal-dashboard path / auth any
Within the above code, I've added the following, but with no prevail:
path /facts/ auth any method find, search allow *
I've looked high and low all over and I can't seem to find out what the problem is. If anyone has any idea on how to fix this issue, I'd be greatly appreciative.
Thanks again!