I've been banging my head against the wall on this one for a while,
and
I think I just figured it out.
I had configured my puppet clients with namespaceauth to allow
puppetrun
from the puppetmaster to force an update. The problem is, anytime I
ran
the puppetrun command, I'd get:
d...@bos-occam01:~$ puppetrun --host=bos-rep-etl01.REDACTED.net
Triggering bos-rep-etl01.REDACTED.net
warning: peer certificate won't be verified in this SSL session
Host bos-rep-etl01.REDACTED.net failed: HTTP-Error: 500 Internal
Server
Error
bos-rep-etl01.REDACTED.net finished
Version numbers matched (0.25.4), clocks were in sync, the client
machine would simply say:
Apr 27 11:08:00 bos-rep-etl01 puppetd[3787]: Denying unauthenticated
client bos-occam01.REDACTED.net(10.10.10.96) access to
puppetrunner.run
The problem turned out to be simple. Run puppetrun as root:
d...@bos-occam01:~$ sudo puppetrun --debug --host=bos-rep-
etl01.REDACTED.net
Password:
Triggering bos-rep-etl01.REDACTED.net
bos-rep-etl01.REDACTED.net finished with exit code 0
Finished
A feature request - if puppet can't read the local certificate, it
should throw a permission error of some sort.
-d
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
