puppet-dashboard：无法从清单服务中检索事实

我正在尝试configurationpuppet-dashboard，并且遇到Inventory / facts的问题：

Could not retrieve facts from inventory service: 403 "Forbidden request: puppetmasterhostname(ip.address.was.here) access to /facts/agenthostname.example.com [find] at line 99 " 

在puppet master的/etc/puppet/auth.conf中：

 path /facts method find auth any allow * 

我重新启动了木偶大师和傀儡仪表，但是我仍然得到了上述错误。 任何想法或疑难解答提示？

UPDATE

• 如何在Puppet脚本的sed命令中转义“/”？
• 木偶不签署证书
• Puppet在安装“lsscsi”时删除软件包
• 使用木偶语法的hiera数据源？
• 我如何使用Puppet来强制本地组成员身份？

我正在运行木偶v2.7.13。 按照要求，这是我的完整的/etc/puppet/auth.conf。 其中大部分是已经在configuration中的默认值：

 # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any # Inventory path /facts method find auth any allow * 

/etc/puppet/puppet.conf

 [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig [master] reports = store, http reporturl = http://puppetmasterhostname.example.com:3000/reports/upload facts_terminus = yaml storeconfigs = true storeconfigs_backend = puppetdb node_terminus = exec external_nodes = /usr/bin/env PUPPET_DASHBOARD_URL=http://localhost:3000 /opt/puppet-dashboard/bin/external_node 

 path /facts auth any allow * path /fact auth any allow * path /facts_search allow * 

 touch /etc/puppet/namespaceauth.conf 

 # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any 

 path /facts auth yes method find, search allow dashboard 

 path /facts method find auth any allow * 

 # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any 

 path /facts auth any allow * path /fact auth any allow * path /facts_search allow * 

 path /facts auth yes method find, search allow dashboard 

  sudo -u puppet-dashboard rake cert:create_key_pair 

 sudo -u puppet-dashboard rake cert:request 

  puppet cert sign dashboard 

  sudo -u puppet-dashboard rake cert:retrieve