cat puppetmaster.conf Alias /puppetmaster/ /var/lib/puppet/rrd/ Options Indexes AllowOverride None Order allow,deny Allow from all Listen 8140 User puppet Group puppet Options FollowSymLinks AllowOverride None Order deny,allow Allow from all ProxyRequests Off BalancerMember http://127.0.0.1:18140 keepalive=on max=2 retry=30 BalancerMember http://127.0.0.1:18141 keepalive=on max=2 retry=30 BalancerMember http://127.0.0.1:18142 keepalive=on max=2 retry=30 BalancerMember http://127.0.0.1:18143 keepalive=on max=2 retry=30 SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.intdev.redhat.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.intdev.redhat.com.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem #SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars ErrorLog /var/log/puppet/balancer_error.log CustomLog /var/log/puppet/balancer_access.log combined CustomLog /var/log/puppet/balancer_ssl_request.log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e SetHandler balancer-manager Order allow,deny Allow from 127.0.0.1 10.0.0.0/255.0.0.0 172.16.0.0/255.240.0.0 Deny from all ProxyPass / balancer://puppetmaster:8140/ ProxyPassReverse / balancer://puppetmaster:8140/ ProxyPreserveHost on ---- err: Could not call fileserver.list: # err: /File[/var/lib/puppet/facts]: Failed to generate additional resources during transaction: HTTP-Error: 403 Forbidden err: Could not call fileserver.describe: # err: /File[/var/lib/puppet/facts]/source: Could not describe /facts: HTTP-Error: 403 Forbidden ----- client denied by server configuration: proxy:balancer://puppetmaster:8140/RPC2