Puppet Enterprise 2.7 - 服务器出现错误 400 - 服务器上出现错误 403 - 没有以下错误,无法使用 puppet agent -t 吗?

tag-icon tag-icon linux redhat puppet puppetmaster
Puppet Enterprise 2.7 - 服务器出现错误 400 - 服务器上出现错误 403 - 没有以下错误,无法使用 puppet agent -t 吗?

使用两个运行 REL6 的虚拟机时遇到问题。我正确设置了主服务器和代理服务器,并能够认证代理服务器。当我运行:

puppet agent -t

在代理上,我收到以下错误:

info: Retrieving plugin
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on
SERVER: Forbidden request: <MASTER>(IPAddress) access to /facts/<AGENT> [save]
authenticated  at line 56
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

因此我进入了主机上的 Auth.conf 文件来尝试一些东西:

path ~ ^/catalog/([^/]+)$
method find
auth yes
allow $1

path ~ ^/node/([^/]+)$
method find
auth yes
allow $1

path  /certificate_revocation_list/ca
method find
auth yes
allow *

path  /report
method save
auth yes
allow *

path  /file
auth yes
allow *

path  /certificate/ca
method find
auth any
allow *

path  /certificate/
method find
auth any
allow *

path  /certificate_request
method find, save
auth any
allow *

path  /certificate_status
method find, search, save, destroy
auth yes
allow pe-internal-dashboard

path  /
auth any

在上面的代码中,我添加了以下内容,但没有任何效果:

path /facts/
auth any
method find, search
allow *

我找遍了所有地方,但似乎找不到问题所在。如果有人知道如何解决这个问题,我将不胜感激。

再次感谢!

答案1

当你运行时sudo ./puppet-enterprise-install你必须回答y或接受这个问题的默认答案:

-> console

The console is a web interface for viewing reports, classifying nodes, directly managing resources, controlling Puppet runs, and invoking MCollective agents.
It should usually be installed on the puppet master server, but can also installed separately.

?? Install the console? [Y/n]

还尝试设置 mysql 根帐户,以便您知道root@localhostmysql 帐户的密码。

答案2

确保允许访问事实的部分:

path /facts
auth any
method find, search
allow *

出现在

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any

从评论中可以看出,这实际上拒绝了对其他所有内容的访问,因此它应该出现在最后。

另外,请确保检查Puppet 仪表板配置手册您可能需要对文件进行其他更改。

相关内容