When I run puppetmasterd (0.25.1.rc1) with webrick, it works fine and
my test client and connect and do everything it needs to do.
When I run pappetmasterd with passenger (2.2.2) I see the following
error in the log:
Thu Sep 24 10:09:43 puppet-dev puppetmasterd[732] <Notice>: Denying
unauthenticated client marcusmini-a.lanl.gov(<ip removed>) access to
fileserver.list
there are a number of related errors all seemingly stemming from this
authentication error.
Any ideas? Any more info that could help?
---
Thanks,
Allan Marcus
505-667-5666
here's my auth.conf:
path /
auth any
allow *
I've also tried:
path /
auth no
allow *
and here are the errors I get. I don't get any of these errors if I
use Webrick.
<Notice>: Denying unauthenticated client marcusmini-
a.lanl.gov(128.165.129.167) access to fileserver.list
<Error>: Puppet Server (Rack): Internal Server Error: Unhandled
Exception: "Host marcusmini-a.lanl.gov(128.165.129.167) not authorized
to call fileserver.list"
<Notice>: Denying unauthenticated client marcusmini-
a.lanl.gov(128.165.129.167) access to fileserver.describe
<Error>: Puppet Server (Rack): Internal Server Error: Unhandled
Exception: "Host marcusmini-a.lanl.gov(128.165.129.167) not authorized
to call fileserver.describe"
<Notice>: Denying unauthenticated client marcusmini-
a.lanl.gov(128.165.129.167) access to puppetmaster.getconfig
<Error>: Puppet Server (Rack): Internal Server Error: Unhandled
Exception: "Host marcusmini-a.lanl.gov(128.165.129.167) not authorized
to call puppetmaster.getconfig"
<Notice>: Denying unauthenticated client marcusmini-
a.lanl.gov(128.165.129.167) access to fileserver.describe
<Error>: Puppet Server (Rack): Internal Server Error: Unhandled
Exception: "Host marcusmini-a.lanl.gov(128.165.129.167) not authorized
to call fileserver.describe"
Is anyone using passenger with 0.25.1?
To sum up:
Everything works fine with webrick
Nothing I do can make server 0.25.1 w/passenger work with a 0.24.8
client
Only way I can get server 0.25.1 w/passenger to work with a 0.25.1
client is to have a a wide open auth.conf file
path /
auth any
allow *
Thanks for your help.
El dc 04 de 11 de 2009 a les 16:11 -0800, en/na Paul Lathrop va
escriure:
I had to add:
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
Silviu
> --
>
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>
>
>
namespaceauth.conf:
[puppetrunner]
allow 127.0.0.1
[fileserver]
allow *
[puppetmaster]
allow *
[puppetbucket]
allow *
[puppetreports]
allow *
[resource]
allow *
cheers,
Lluís
El dj 17 de 12 de 2009 a les 18:37 +0200, en/na Silviu Paragina va
escriure:
puppetmasterd[29797]: Puppet Server (Rack): Internal Server Error:
Unhandled Exception: "Host app3.chassis1 10.x.x.x) not authorized to
call fileserver.list"
puppetmasterd[29797]: Denying unauthenticated client app3.chassis1
(10.x.x.x) access to fileserver.list
Your suggestions commends below fixed the issue..
> >>>>> puppet.conf as mentioned inhttp://github.com/reductivelabs/puppet/blob/master/ext/rack/README
>
> >>>>> If it still doesn't work, please post a full log from master + server
> >>>>> for a single client run.
>
> >>>>> Christian
>
> >>> --~--~---------~--~----~------------~-------~--~----~
> >>> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> >>> To post to this group, send email to puppet...@googlegroups.com
> >>> To unsubscribe from this group, send email to puppet-users...@googlegroups.com
> >>> For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en
> >>> -~----------~----~----~----~------~----~------~--~---
>
> >> --~--~---------~--~----~------------~-------~--~----~
> >> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> >> To post to this group, send email to puppet...@googlegroups.com
> >> To unsubscribe from this group, send email to puppet-users...@googlegroups.com
> >> For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en
Required puppet.conf settings:
[puppetmasterd]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
-ch
Silviu