Hi guys, I just upgraded my puppet 2.7.x to Puppet 3. Upgrade is smooth except for one thing. I'm getting the error below:
Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 403 on SERVER: Forbidden request: [hostname] access to /node/[hostname] [find] at :0 Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: Error 403 on SERVER: Forbidden request: [hostname] access to /file_metadata/plugins [search] at :0 Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on SERVER: Forbidden request: [hostname] access to /file_metadata/plugins [find] at :0 Could not retrieve file metadata for puppet://[hostname]/plugins: Error 403 on SERVER: Forbidden request: [hostname] access to /file_metadata/plugins [find] at :0 Info: Loading facts in /etc/puppet/modules/augeas/lib/facter/augeasversion.rb Info: Loading facts in /etc/puppet/modules/concat/lib/facter/concat_basedir.rb Info: Loading facts in /etc/puppet/modules/firewall/lib/facter/ip6tables_version.rb Info: Loading facts in /etc/puppet/modules/firewall/lib/facter/iptables_version.rb Info: Loading facts in /etc/puppet/modules/mmm/lib/facter/ipaddresses.rb Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/pe_version.rb Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb Info: Loading facts in /etc/puppet/modules/sudo/lib/facter/sudo.rb Info: Loading facts in /etc/puppet/modules/xen/lib/facter/lvm_freespace.rb Info: Loading facts in /var/lib/puppet/lib/facter/ip6tables_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/ipaddresses.rb Info: Loading facts in /var/lib/puppet/lib/facter/lvm_freespace.rb Info: Loading facts in /var/lib/puppet/lib/facter/sudo.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/iptables_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb Info: Loading facts in /var/lib/puppet/lib/facter/augeasversion.rb Error: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: [hostname] access to /catalog/[hostname] [find] at :0 Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run I looked at the changelog and telly workarounds but still the same thing. Made sure all the source => 'puppet:///modules/x/x/' #### auth.conf # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow nodes to retrieve their own catalog path ~ ^/catalog/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # Allow all nodes to access all file services; this is necessary for # pluginsync, file serving from modules, and file serving from custom # mount points (see fileserver.conf). Note that the `/file` prefix matches # requests to both the file_metadata and file_content paths. See "Examples" # above if you need more granular access control for custom mount points. path /file allow * path /plugins allow * ### Unauthenticated ACLs, for clients without valid certificates; authenticated ### clients can also access these paths, though they rarely need to. # allow access to the CA certificate; unauthenticated nodes need this # in order to validate the puppet master's certificate path /certificate/ca auth any method find allow * # allow nodes to retrieve the certificate they requested earlier path /certificate/ auth any method find allow * # allow nodes to request a new certificate path /certificate_request auth any method find, save allow * # deny everything else; this ACL is not strictly necessary, but # illustrates the default policy. path / auth any path ~ ^/file_(metadata|content)/files/ auth yes allow puppet.domain.com allow 10.0.0.10 ### fileserver.conf # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom # Define a section 'files' # Adapt the allow/deny settings to your needs. Order # for allow/deny does not matter, allow always takes precedence # over deny [files] path /etc/puppet/files # allow *.example.com allow * [plugins] # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 allow * What am I doing wrong here? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
