I updated the puppetserver on a bionic machine to 6.0.2-1bionic and I
can no longer sign certs. I get this error:
Error:
code: 403
body: Forbidden request: /puppet-ca/v1/certificate_statuses/any_key
(method :get). Please see the server logs for details.
The logfile says:
2018-11-30T09:01:59.715-06:00 ERROR [qtp1960551078-72] [p.t.a.rules]
Forbidden request: hostname(XXX.XX.XXX.XXX) access to
/puppet-ca/v1/certificate_statuses/any_key (method :get) (authenticated:
true) denied by rule 'puppetlabs cert status'.
The puppetlabs cert status of the auth.conf is the default:
# Allow the CA CLI to access the certificate_status endpoint
match-request: {
path: "/puppet-ca/v1/certificate_status"
type: path
method: [get, put]
}
allow: {
extensions: {
pp_cli_auth: "true"
}
}
sort-order: 500
name: "puppetlabs cert status"
},
I tried adding ip_host at the beginning of the match-request and that
didn't help. Anyone have any advice on how to fix the problem?
Thanks,
Kay
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/201811301535.wAUFZ5cr005652%40texas-tea.cs.utexas.edu.
For more options, visit https://groups.google.com/d/optout.
