Inventory access forbidden
824 views
Skip to first unread message
Dennis Jacobfeuerborn
Jul 4, 2012, 9:52:15 PM7/4/12
to puppet...@googlegroups.com
Hi,
I've just set up a puppet server using passenger plus the dashboard and these parts all work fine but now I have enabled the inventory and added this to the auth.conf:
path /facts
auth any
method find, search
allow *
The dashboard shows "Could not retrieve facts from inventory service: 403 "Forbidden"" and in the system log i find this:
Jul 5 03:46:35 puppet2 puppet-master[5221]: Denying access: Forbidden request: puppet.local(192.168.2.45) access to /facts/puppet.local [find] at line 99
Jul 5 03:46:35 puppet2 puppet-master[5221]: Forbidden request: puppet.local(192.168.2.45) access to /facts/puppet.local [find] at line 99
Any ideas why this isn't working?
Regards,
Dennis
I've just set up a puppet server using passenger plus the dashboard and these parts all work fine but now I have enabled the inventory and added this to the auth.conf:
path /facts
auth any
method find, search
allow *
The dashboard shows "Could not retrieve facts from inventory service: 403 "Forbidden"" and in the system log i find this:
Jul 5 03:46:35 puppet2 puppet-master[5221]: Denying access: Forbidden request: puppet.local(192.168.2.45) access to /facts/puppet.local [find] at line 99
Jul 5 03:46:35 puppet2 puppet-master[5221]: Forbidden request: puppet.local(192.168.2.45) access to /facts/puppet.local [find] at line 99
Any ideas why this isn't working?
Regards,
Dennis
Matthew Burgess
Jul 5, 2012, 4:06:10 AM7/5/12
to puppet...@googlegroups.com
On Thu, Jul 5, 2012 at 2:52 AM, Dennis Jacobfeuerborn
<djacobf...@gmail.com> wrote:
> Hi,
> I've just set up a puppet server using passenger plus the dashboard and
> these parts all work fine but now I have enabled the inventory and added
> this to the auth.conf:
>
> path /facts
> auth any
> method find, search
> allow *
Where abouts in auth.conf did you place this configuration? Note that
<djacobf...@gmail.com> wrote:
> Hi,
> I've just set up a puppet server using passenger plus the dashboard and
> these parts all work fine but now I have enabled the inventory and added
> this to the auth.conf:
>
> path /facts
> auth any
> method find, search
> allow *
it has to be placed *before* the last stanza in the default config
which reads:
# this one is not strictly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any
Hope this helps,
Matt.
Andreas Paul
Jul 5, 2012, 5:31:16 AM7/5/12
to puppet...@googlegroups.com
Did you generate the necessary certs to access the puppetmaster facts with the dashboard?
http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html#generating-certs-and-connecting-to-the-puppet-master
http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html#generating-certs-and-connecting-to-the-puppet-master
Dennis Jacobfeuerborn
Jul 7, 2012, 11:09:52 AM7/7/12
to puppet...@googlegroups.com
Thanks, that was indeed the issue. I just appended it to the file and didn't notice the catch-all rule.
Matthew Burgess
Jul 9, 2012, 7:16:25 AM7/9/12
to puppet...@googlegroups.com
On Sat, Jul 7, 2012 at 4:09 PM, Dennis Jacobfeuerborn
<djacobf...@gmail.com> wrote:
> Thanks, that was indeed the issue. I just appended it to the file and didn't
> notice the catch-all rule.
Glad you got it sorted. To the devs, is it worth perhaps considering
<djacobf...@gmail.com> wrote:
> Thanks, that was indeed the issue. I just appended it to the file and didn't
> notice the catch-all rule.
commenting out all lines in that last stanza so that they're at least
still there for documentation purposes, but won't get in the way of
folks trying to make customisations?
Thanks,
Matt.
Reply all
Reply to author
Forward
0 new messages