Permission issue on puppetboard .

Question

Permission issue on puppetboard .

vaishnav1423 opened this issue 3 years ago · 2 comments

I am getting "You don't have the permission to access the requested resource. It is either read-protected or not readable by the server."

while checking the puppetdb.log, I found below error:

ERROR [p.t.a.rules] Forbidden request: 127.0.0.1 access to /metrics/v2/read/puppetlabs.puppetdb.population%3Aname%3Dnum-nodes (method :get) (authenticated: false) denied by rule 'puppetlabs puppetdb metrics'.

Need help on this. I am using v6.1.0 version.

Regards
vkedar

Answer 1 · 2022-03-10T11:17:13.000Z

Please see #566. Do comments there help?

Answer 2 · 2022-04-15T13:59:17.000Z

Access to Puppetdb /metrics path requires authentication now. If puppetdb is listening only on 127.0.0.1 and you don't mind allowing unauthenticated requests retrieving your hosts' metrics then doing this is not terrible:

--- a/etc/puppetlabs/puppetdb/conf.d/auth.conf	2022-04-16 01:41:10.630544433 +1200
+++ b/etc/puppetlabs/puppetdb/conf.d/auth.conf	2022-04-16 01:42:54.387643005 +1200
@@ -23,13 +23,24 @@
             name: "puppetlabs status service - simple"
         },
         {
+            # Allow puppetdashboard to access the metrics service
+            match-request: {
+                path: "/metrics"
+                type: path
+                method: get
+            }
+            allow-unauthenticated: true
+            sort-order: 500
+            name: "unauth puppetlabs puppetdb metrics for puppetdashboard"
+        },
+        {
             # Allow nodes to access the metrics service
             # for puppetdb, the metrics service is the only
             # service using the authentication service
             match-request: {
                 path: "/metrics"
                 type: path
-                method: [get,post]
+                method: post
             }
             allow: "*"
             sort-order: 500