Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
PE 3.3.0, PE 3.7.1
-
None
-
Monolithic
-
RHEL 6 (x86_64)
Description
After installing the agent on a new server and approving the node request, I tried to run an agent test but received a number of errors:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 403 on SERVER: Forbidden request: 10.234.2.46(10.234.2.46) access to /node/MJSTEST2.lab.raindanceit.com [find] at :60
Info: Retrieving plugin
Error: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using 'eval_generate': Error 403 on SERVER: Forbidden request: 10.234.2.46(10.234.2.46) access to /file_metadata/plugins [search] at :60
Error: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppet.lab.raindanceit.com/plugins: Error 403 on SERVER: Forbidden request: 10.234.2.46(10.234.2.46) access to /file_metadata/plugins [find] at :60
Wrapped exception:
Error 403 on SERVER: Forbidden request: 10.234.2.46(10.234.2.46) access to /file_metadata/plugins [find] at :60
Error: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: 10.234.2.46(10.234.2.46) access to /catalog/MJSTEST2.lab.raindanceit.com [find] at :60
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Error 403 on SERVER: Forbidden request: 10.234.2.46(10.234.2.46) access to /report/MJSTEST2.lab.raindanceit.com [save] at :60
The agent name doesn't appear to satisfy the default auth.conf rules, and it defaults to the deny all rule as a result. Adding "allow *" to the default rule will allow a successful test. I believe the issue is that the certificates are all generated using the hostname in all lowercase (mjstest2.lab.raindanceit.com.pem in this instance), but puppet.conf uses
certname=MJSTEST2.lab.raindanceit.com
Changing this line to all lowercase will allow a successful agent run as well.
