Hey folks,
I''m just about ready to go bananas over here! I read the FAQ, and
yes, I am doing a reinstall. But as you will see below I believe I
am cleaning things out properly so there are no false cert remnants
lying around. I''m going bonkers as to why the cert exchange is not
working
I''ve got a couple of test VMs running CentOS 5.4 and using the puppet
and puppet-server packages from there.
[root@puppet01 ~]# rpm -qa | grep -i puppet
puppet-server-0.22.4-1.el5.rf
puppet-0.22.4-1.el5.rf
host puppet01 is my server, and puppet02 is my client. I''ve defined
them both on my DNS server and they both seem to resolve fine
everywhere. Note below I change my domain name with "example.com"
(hope I managed to get all occurances :-))
When doing my reconfiguration / retry, I do :
yum -y erase puppet puppt-server
on client and server, then I do :
find / -name \*puppet\*
to find any files left around, and I remove them. e.g.
/var/lib/puppet and /var/log/puppet and even /etc/puppet get left
behind, so I nuke the entire directories.
Then on the server I do
yum -y install puppet-server
and on the client
yum -y install puppet
On the server side I''ve created a simple manifest that I put into
/etc/puppet/manifests/site.pp :
---snip---
file { "/etc/passwd" :
owner => "root",
group => "bin",
mode => 644,
}
class apache {
package { httpd: ensure => installed }
service { "httpd" :
ensure => running,
require => Package["httpd"],
}
}
---snip---
puppetmaster starts. On the client I start up puppetd and then on
the server I do "puppetca --list" and see the certificate waiting for
approval. So I sign it on the server using the FQDN.
But on the client side I keep seeing these messages in the /var/log/messages :
Apr 27 12:17:58 localhost puppetd[12364]: Could not retrieve
configuration: Could not find puppet02.office.example.com with names
puppet02.office.example.com, puppet02
Apr 27 12:17:58 localhost puppetd[12364]: Could not run
Puppet::Network::Client::Master: Cannot connect to server and there is
no cached configuration
What I don''t get is that my client is puppet02 so why is it looking for
itself?
In doing some more digging I found the below thread on this list :
Sept 2009 on the list archives :
http://groups.google.com/group/puppet-users/browse_thread/thread/73ef261fd9f6e1da/1a020eaf975f729d?lnk=gst&q=Cannot+connect+to+server#1a020eaf975f729d
which suggests I''ve got the wrong hostname defined for the server.
The default being "puppet". OK, I did have that alias defined in DNS
so I removed it just to remove the possibility of this messing things
up. I found this in the CentOS install which seems to be the right
way to configure the server name :
---snip---
[root@puppet02 ~]# cat /etc/sysconfig/puppet
# The puppetmaster server
PUPPET_SERVER=puppet01.office.example.com
# If you wish to specify the port to connect to do so here
#PUPPET_PORT=8140
# Where to log to. Specify syslog to send log messages to the system log.
#PUPPET_LOG=/var/log/puppet/puppet.log
# You may specify other parameters to the puppet client here
#PUPPET_EXTRA_OPTS=--waitforcert=500
---snip---
I also shut down puppetd and try to start it manually thus :
[root@puppet02 ~]# puppetd --server puppet01.office.example.com
--verbose --waitforcert 60
notice: Starting Puppet client version 0.22.4
err: Could not retrieve configuration: Could not find
puppet02.office.example.com with names puppet02.office.example.com,
puppet02
err: Could not run Puppet::Network::Client::Master: Cannot connect to
server and there is no cached configuration
I just cannot figure out what I am doing wrong here!
Oh, and one final thing, I have confirmed there are no firewalls on either box.
Help!
--
“Don''t eat anything you''ve ever seen advertised on TV”
- Michael Pollan, author of "In Defense of Food"
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
You might want to try explicitly setting certname == fqdn for puppet02 in puppet.conf, further if you changed DNS/hostnames after asking for the cert, that may have confused things? --Michael On Tue, Apr 27, 2010 at 12:25 PM, Alan McKay <alan.mckay@gmail.com> wrote:> Hey folks, > > I''m just about ready to go bananas over here! I read the FAQ, and > yes, I am doing a reinstall. But as you will see below I believe I > am cleaning things out properly so there are no false cert remnants > lying around. I''m going bonkers as to why the cert exchange is not > working > > I''ve got a couple of test VMs running CentOS 5.4 and using the puppet > and puppet-server packages from there. > > [root@puppet01 ~]# rpm -qa | grep -i puppet > puppet-server-0.22.4-1.el5.rf > puppet-0.22.4-1.el5.rf > > host puppet01 is my server, and puppet02 is my client. I''ve defined > them both on my DNS server and they both seem to resolve fine > everywhere. Note below I change my domain name with "example.com" > (hope I managed to get all occurances :-)) > > When doing my reconfiguration / retry, I do : > > yum -y erase puppet puppt-server > > on client and server, then I do : > > find / -name \*puppet\* > > to find any files left around, and I remove them. e.g. > /var/lib/puppet and /var/log/puppet and even /etc/puppet get left > behind, so I nuke the entire directories. > > Then on the server I do > > yum -y install puppet-server > > and on the client > > yum -y install puppet > > On the server side I''ve created a simple manifest that I put into > /etc/puppet/manifests/site.pp : > > ---snip--- > file { "/etc/passwd" : > owner => "root", > group => "bin", > mode => 644, > } > > class apache { > > package { httpd: ensure => installed } > > service { "httpd" : > ensure => running, > require => Package["httpd"], > } > } > ---snip--- > > puppetmaster starts. On the client I start up puppetd and then on > the server I do "puppetca --list" and see the certificate waiting for > approval. So I sign it on the server using the FQDN. > > But on the client side I keep seeing these messages in the /var/log/messages : > > Apr 27 12:17:58 localhost puppetd[12364]: Could not retrieve > configuration: Could not find puppet02.office.example.com with names > puppet02.office.example.com, puppet02 > Apr 27 12:17:58 localhost puppetd[12364]: Could not run > Puppet::Network::Client::Master: Cannot connect to server and there is > no cached configuration > > What I don''t get is that my client is puppet02 so why is it looking for itself? > > In doing some more digging I found the below thread on this list : > > Sept 2009 on the list archives : > http://groups.google.com/group/puppet-users/browse_thread/thread/73ef261fd9f6e1da/1a020eaf975f729d?lnk=gst&q=Cannot+connect+to+server#1a020eaf975f729d > > which suggests I''ve got the wrong hostname defined for the server. > The default being "puppet". OK, I did have that alias defined in DNS > so I removed it just to remove the possibility of this messing things > up. I found this in the CentOS install which seems to be the right > way to configure the server name : > > ---snip--- > [root@puppet02 ~]# cat /etc/sysconfig/puppet > # The puppetmaster server > PUPPET_SERVER=puppet01.office.example.com > > # If you wish to specify the port to connect to do so here > #PUPPET_PORT=8140 > > # Where to log to. Specify syslog to send log messages to the system log. > #PUPPET_LOG=/var/log/puppet/puppet.log > > # You may specify other parameters to the puppet client here > #PUPPET_EXTRA_OPTS=--waitforcert=500 > ---snip--- > > I also shut down puppetd and try to start it manually thus : > > [root@puppet02 ~]# puppetd --server puppet01.office.example.com > --verbose --waitforcert 60 > notice: Starting Puppet client version 0.22.4 > err: Could not retrieve configuration: Could not find > puppet02.office.example.com with names puppet02.office.example.com, > puppet02 > err: Could not run Puppet::Network::Client::Master: Cannot connect to > server and there is no cached configuration > > I just cannot figure out what I am doing wrong here! > > Oh, and one final thing, I have confirmed there are no firewalls on either box. > > Help! > > -- > “Don''t eat anything you''ve ever seen advertised on TV” > - Michael Pollan, author of "In Defense of Food" > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
----- "Michael DeHaan" <michael@puppetlabs.com> wrote:> You might want to try explicitly setting certname == fqdn for > puppet02 in puppet.conf, further if you changed DNS/hostnames after asking for > the cert, that may have confused things?<snip>> > [root@puppet01 ~]# rpm -qa | grep -i puppet > > puppet-server-0.22.4-1.el5.rf > > puppet-0.22.4-1.el5.rfmostly I think you do not ever want to use this version of puppet :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>> > [root@puppet01 ~]# rpm -qa | grep -i puppet >> > puppet-server-0.22.4-1.el5.rf >> > puppet-0.22.4-1.el5.rf > > mostly I think you do not ever want to use this version of puppet :)Hmmmm, OK, I''ll look into that further. Thanks. -- “Don''t eat anything you''ve ever seen advertised on TV” - Michael Pollan, author of "In Defense of Food" -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I use CentOS 5.x and I have rarely had luck with the packages for puppet/ruby/passenger. 0.22.4 is just too old to fool with IMHO. ~Charles~ On Tue, Apr 27, 2010 at 12:47 PM, Alan McKay <alan.mckay@gmail.com> wrote:> >> > [root@puppet01 ~]# rpm -qa | grep -i puppet > >> > puppet-server-0.22.4-1.el5.rf > >> > puppet-0.22.4-1.el5.rf > > > > mostly I think you do not ever want to use this version of puppet :) > > Hmmmm, OK, I''ll look into that further. > > Thanks. > > > -- > “Don''t eat anything you''ve ever seen advertised on TV” > - Michael Pollan, author of "In Defense of Food" > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Tue, Apr 27, 2010 at 2:07 PM, Charles Johnson <gm.johns276@gmail.com> wrote:> I use CentOS 5.x and I have rarely had luck with the packages for > puppet/ruby/passenger. > 0.22.4 is just too old to fool with IMHO.puppet-server-0.25.4-1.el5 puppet-0.25.4-1.el5 I just picked these up out of EPEL and will report back on success/failure - got sidetracked by a more urgent issue in the meantime though -- “Don''t eat anything you''ve ever seen advertised on TV” - Michael Pollan, author of "In Defense of Food" -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Excellent idea. Looking forward to hearing about your experience. On Tue, Apr 27, 2010 at 1:11 PM, Alan McKay <alan.mckay@gmail.com> wrote:> On Tue, Apr 27, 2010 at 2:07 PM, Charles Johnson <gm.johns276@gmail.com> > wrote: > > I use CentOS 5.x and I have rarely had luck with the packages for > > puppet/ruby/passenger. > > 0.22.4 is just too old to fool with IMHO. > > puppet-server-0.25.4-1.el5 > puppet-0.25.4-1.el5 > > I just picked these up out of EPEL and will report back on > success/failure - got sidetracked by a more urgent issue in the > meantime though > > > -- > “Don''t eat anything you''ve ever seen advertised on TV” > - Michael Pollan, author of "In Defense of Food" > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
OK, finally it is doing something! I see this in the logs on puppet02
Apr 27 14:31:09 localhost puppetd[13325]: Starting Puppet client version 0.25.4
Apr 27 14:31:11 localhost puppetd[13325]: (//File[/etc/passwd]/group)
group changed ''root'' to ''bin''
Apr 27 14:31:11 localhost puppetd[13325]: Finished catalog run in 0.01 seconds
Not sure yet why it did not start up httpd for me as I was hoping, but
I can start working that stuff out now that I at least know things are
happening!
--
“Don''t eat anything you''ve ever seen advertised on TV”
- Michael Pollan, author of "In Defense of Food"
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
On 28/04/2010 3:16 AM, R.I.Pienaar wrote:> > ----- "Michael DeHaan"<michael@puppetlabs.com> wrote: > >> You might want to try explicitly setting certname == fqdn for >> puppet02 in puppet.conf, further if you changed DNS/hostnames after asking for >> the cert, that may have confused things? > > <snip> > >>> [root@puppet01 ~]# rpm -qa | grep -i puppet >>> puppet-server-0.22.4-1.el5.rf >>> puppet-0.22.4-1.el5.rf > > mostly I think you do not ever want to use this version of puppet :) >Agreed. I would recommend using 0.24.8/9 if you wish to stay with the 0.24.x branches or 0.25.4 if you wish to make use of the more fully featured and faster 0.25.x branches. Regards James Turnbull -- Author of: * Pro Linux System Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.