On Fri, Aug 10, 2012 at 6:08 AM, Patrick McCarty <patrick.mcca...@gmail.com> wrote: > All, > > I am evaluating Puppet for a client. It has not been a smooth evaluation. :-)
Sorry to hear that. It's a great tool, but its still got a few edges that if you fall on can be mighty sharp. > > I have four machines, puppet, console, node1 and node 2- all on the same > segement with no firewall nor router between them. They have sequentially > numbered IP's and I can ping each one from all the others via short name > [puppet, console, node1 or node2] or their FQDN [puppet.vision.com, > console.vision.com, node1.vision.com and node2.vision.com]. > > I get the following error on all four devices: This is an error in the master -> console communication and as every run uses this, every run on every node will fail. > > puppet agent --test --verbose > info: Retrieving plugin > info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb > info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb > info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb > err: Could not retrieve catalog from remote server: Error 400 on SERVER: The Puppet Master had a 400 (General Error) becuase: > Error 403 on SERVER: Forbidden request: puppet.vision.com(10.197.0.6) access > to /facts/node1.vision.com It doesn't have permission to access the inventory service. > [save] authenticated at line 56 This is the super unhelpful part of the error message, what file? I'd start with your auth.conf. > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > Any help would be appreciated. I've seen a few folks have this error recently and googling to remind myself of their solutions I found a few references to auth.conf, umask, selinux around the inventory service. What platform are you on? Have you done any custom security hardening? I feel like I've seen more pe-users mentioning this problem, but that's a completely un-scientific hunch and I'm not yet sure whether its because of our tightening of default permissions or just more users operating split master/console nodes. Either way there's a pe-users list that I'd recommend you hit for more PE specific help. HTH, Justin > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/jAO6JRia0L0J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
