ok so I did sometesting..
apparently, this is how it breaks down so far... -PUPPET CLIENT- namespaceauth.conf: you need this or else it dies on startup auth.conf : you do not need this normally, however if you want to do a 'puppetrun' from the master->client, this files needs to be present and you need to have your puppet master listed in the proper sections (ie. /run), also regarding 'puppetrun' command, you need the [puppetrunner] section defined in the namespaceauth.conf file on the puppetclient - in that section you need to list your puppetmaster FQDN/ IP. -PUPPET MASTER- namespaceauth.conf: not sure if this is need on the puppet master, i'll remove it and test. auth.conf: well...this is needed as per the documents. this is where it gets fun [/s] i have a custom spec/rpm built for the puppetmaster/puppetclient, all this happens in once shot (from source its configured/compiled/built and then broken out into a server/client rpm package) -- not a big deal. however, the million dollar question is....will the options for the puppet master and the puppet client (in either file , auth.conf or namespaceauth.conf) conflict? since i would like to use a global version of both files and dist. to the puppetmaster and all puppetclients. Furthermore, it sort of needs to happen like that, since i have a puppetmaster, but on that master the puppet client will be installed so the master can manage itself -- needless to say, the puppetmaster and the puppetclient (on the same machine/instance) store the same config/file/names in the same directory(/etc/puppet) I'm sure it fairly trivial once you know what it is that's trivial ;-) the puppet docs are just horrible (I hated Cfengine, but dammit, there documentation was anal retentive) for instance... the docs say "ohhh you have an 'auth' section in the auth.conf file and here are the 8 different values (yes, no ...etc)....however, nowhere, anywhere at all in blogs/sites/wiki and even Turbulls puppet book does it say WHAT THE HELL THOSE OPTIONS MEAN/DO/DONT DO..... ok ok..now i'm venting -- sorry, but its been a long 3-day weekend of trying to get puppet up and running on a last minute time-frame cause i work for a bunch of monkeys(errr managers) with their heads in their #(#*$* On Feb 22, 7:20 pm, tu2bg...@gmail.com wrote: > From the docs: > ---------------------------- > auth.conf > > rest_authconfig = $confdir/auth.conf > > The auth.conf doesn't exist by default, but Puppet has some default > settings that will be put in place if you don't create an auth.conf. You'll > see these settings if you run your puppetmaster in debug mode and then > connect with a client. > --------------------------- > namespaceauth.conf > > authconfig = $confdir/namespaceauth.conf > > This file controls the http connections to the puppet agent. It is > necessary to start the puppet agent with the listen true option. > > There's an example namespaceauth.conf file in the puppet source in > conf/namespaceauth.conf. > ---------------------------- > > auth.conf: controls access to puppetmaster - lives on puppetmaster > > namespaceauth.conf: bit harder to discern from doco and the link to the > example returns 404. (points to old reductivelabs > github)https://github.com/puppetlabs/puppet/blob/master/conf/namespaceauth.conf > > # This is an example namespaceauth.conf file, > # which you'll need if you want to start a client > # in --listen mode. > [fileserver] > allow *.domain.com > > [puppetmaster] > allow *.domain.com > > [puppetrunner] > allow culain.domain.com > > [puppetbucket] > allow *.domain.com > > [puppetreports] > allow *.domain.com > > [resource] > allow server.domain.com > > That would be on the client from my reading but I haven't implemented this > at all. > > On , Douglas Garstang <doug.garst...@gmail.com> wrote: > > > On Tue, Feb 22, 2011 at 2:58 PM, Jed jedbl...@gmail.com> wrote: > > Thanks Denmat... > > I've seen the page already, but its so vague... > > it doesnt mention anywhere what files belong where... > > I gather auth.conf would need to be on the puppetmaster... > > however, from what it says about namespaceauth.conf, it seems that > > needs to live on the puppet client machines.... > > not sure.... > > On Feb 22, 4:58 pm, Denmat tu2bg...@gmail.com> wrote: > > > I think only on master. This might help you > > further.http://docs.puppetlabs.com/guides/security.html > > > > On 23/02/2011, at 8:29, Jed jedbl...@gmail.com> wrote: > > > > > I'm trying to wrap my head around these files... > > > > > do both of them need to reside on the client and master? > > > > > are there any docs that describe these files and what all the option/ > > > > sections are and what they do? > > > > > Thanks all.... > > Yeah, it is horribly confusing isn't it. Glad it's not just me that can't > > quite work it out. > > Doug > > -- > > You received this message because you are subscribed to the Google > > Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
