I updated the puppetserver on a bionic machine to 6.0.2-1bionic and I
can no longer sign certs. I get this error:
Error:
code: 403
body: Forbidden request: /puppet-ca/v1/certificate_statuses/any_key
(method :get). Please see the server logs for details.
The logfile says:
2018-11-30T09:01:59.715-06:00 ERROR [qtp1960551078-72] [p.t.a.rules]
Forbidden request: hostname(XXX.XX.XXX.XXX) access to
/puppet-ca/v1/certificate_statuses/any_key (method :get) (authenticated:
true) denied by rule 'puppetlabs cert status'.
The puppetlabs cert status of the auth.conf is the default:
# Allow the CA CLI to access the certificate_status endpoint
match-request: {
path: "/puppet-ca/v1/certificate_status"
type: path
method: [get, put]
}
allow: {
extensions: {
pp_cli_auth: "true"
}
}
sort-order: 500
name: "puppetlabs cert status"
},
I tried adding ip_host at the beginning of the match-request and that
didn't help. Anyone have any advice on how to fix the problem?
Thanks,
Kay
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/201811301535.wAUFZ5cr005652%40texas-tea.cs.utexas.edu.
For more options, visit https://groups.google.com/d/optout.
