This is my latest simple-as-can-be setup, with more useful information
based on questions people asked me. I could sure use some help here;
I''ve even gotten a previous puppet installation working (and
it''s
still working; older puppet version).
I''m running Centos 5.5. Puppet is installed from their package, and
is version 0.25.5-1. Both client and server are running on the same
system -- this seems to be the simplest case.
Here''s the annotated log of what I did, with the error at the end:
Uninstall puppet. Remove /etc/puppet and /var/lib/puppet.
Install puppet packages
sudo yum install puppet-server
Installed:
puppet-server.noarch 0:0.25.5-1.el5
Dependency Installed:
puppet.noarch 0:0.25.5-1.el5
Edit /etc/puppet/puppet.conf to specify non-default server.
[main]
# The Puppet log directory.
# The default value is ''$vardir/log''.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is ''$vardir/run''.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is ''$confdir/ssl''.
ssldir = $vardir/ssl
# The server isn''t the default dns name "puppet".
server = "prc-mn-lnx03.pinerivercapital.local"
[puppetd]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is ''$confdir/classes.txt''.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is ''$confdir/localconfig''.
localconfig = $vardir/localconfig
Put some minimal config into the /etc/puppet/site.pp
# Create "/tmp/testfile" if it doesn''t exist.
class test_class {
file { "/tmp/testfile":
ensure => present,
mode => 644,
owner => root,
group => root
}
}
# tell puppet on which client to run the class
node prc-mn-lnx03 {
include test_class
}
Verify hostname
sh-3.2$ hostname
prc-mn-lnx03.pinerivercapital.local
Start puppetmaster service.
Verify certificate for right system created.
sh-3.2$ sudo puppetca --all --list
+ prc-mn-lnx03.pinerivercapital.local
Verify client and server views of certificates.
sh-3.2$ sudo /usr/sbin/puppetmasterd --genconf | grep certname
# The default value is ''$privatekeydir/$certname.pem''.
# certname = prc-mn-lnx03.pinerivercapital.local
# The default value is ''$ssldir/csr_$certname.pem''.
# The default value is ''$publickeydir/$certname.pem''.
# The default value is ''$certdir/$certname.pem''.
sh-3.2$ sudo /usr/sbin/puppetd --genconf | grep certname
# The default value is ''$certdir/$certname.pem''.
# The default value is ''$privatekeydir/$certname.pem''.
# certname = prc-mn-lnx03.pinerivercapital.local
# The default value is ''$ssldir/csr_$certname.pem''.
# The default value is ''$publickeydir/$certname.pem''.
Try to run local client manually in test mode.
sh-3.2$ sudo puppetd --server prc-mn-lnx03 --test
err: Could not retrieve catalog from remote server: hostname not
match with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
/var/log/messages doesn''t seem to have any additional useful
information:
Jul 23 13:24:00 prc-mn-lnx03 puppetmasterd[9100]: Starting Puppet
server version 0.25.5
Jul 23 13:24:46 prc-mn-lnx03 puppetd[9106]: Could not retrieve
catalog from remote server: hostname not match with the server
certificate
Jul 23 13:24:46 prc-mn-lnx03 puppetd[9106]: Not using cache on
failed catalog
Jul 23 13:24:47 prc-mn-lnx03 puppetd[9106]: Could not retrieve
catalog; skipping run
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Charles Johnson
2010-Jul-23 19:12 UTC
Re: [Puppet Users] Try at simple puppet setup -- fails
On the client side, try deleting /etc/puppet/ssl (or where ever you are keeping client puppet data for certificates), kill the client, and restart the client puppetd --debug --waitforcert 60 and see what happens. ~Charles~ On Fri, Jul 23, 2010 at 1:38 PM, WEB PAGE: http://www.dyarstraights.com(08/14/04) WEB PAGE: http://www.livejournal.com/users/allyson13/ (08/14/04) David Dyer-Bennet 11/30/04 Minneapolis, Minnesota Address(es): <dd-b@dd-b.net> wrote:> This is my latest simple-as-can-be setup, with more useful information > based on questions people asked me. I could sure use some help here; > I''ve even gotten a previous puppet installation working (and it''s > still working; older puppet version). > > I''m running Centos 5.5. Puppet is installed from their package, and > is version 0.25.5-1. Both client and server are running on the same > system -- this seems to be the simplest case. > > Here''s the annotated log of what I did, with the error at the end: > > Uninstall puppet. Remove /etc/puppet and /var/lib/puppet. > > Install puppet packages > sudo yum install puppet-server > Installed: > puppet-server.noarch 0:0.25.5-1.el5 > Dependency Installed: > puppet.noarch 0:0.25.5-1.el5 > > Edit /etc/puppet/puppet.conf to specify non-default server. > [main] > # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = /var/log/puppet > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = /var/run/puppet > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > ssldir = $vardir/ssl > > # The server isn''t the default dns name "puppet". > server = "prc-mn-lnx03.pinerivercapital.local" > > [puppetd] > # The file in which puppetd stores a list of the classes > # associated with the retrieved configuratiion. Can be loaded in > # the separate ``puppet`` executable using the ``--loadclasses`` > # option. > # The default value is ''$confdir/classes.txt''. > classfile = $vardir/classes.txt > > # Where puppetd caches the local configuration. An > # extension indicating the cache format is added automatically. > # The default value is ''$confdir/localconfig''. > localconfig = $vardir/localconfig > > Put some minimal config into the /etc/puppet/site.pp > # Create "/tmp/testfile" if it doesn''t exist. > class test_class { > file { "/tmp/testfile": > ensure => present, > mode => 644, > owner => root, > group => root > } > } > > # tell puppet on which client to run the class > node prc-mn-lnx03 { > include test_class > } > > Verify hostname > sh-3.2$ hostname > prc-mn-lnx03.pinerivercapital.local > > Start puppetmaster service. > > Verify certificate for right system created. > sh-3.2$ sudo puppetca --all --list > + prc-mn-lnx03.pinerivercapital.local > > Verify client and server views of certificates. > sh-3.2$ sudo /usr/sbin/puppetmasterd --genconf | grep certname > # The default value is ''$privatekeydir/$certname.pem''. > # certname = prc-mn-lnx03.pinerivercapital.local > # The default value is ''$ssldir/csr_$certname.pem''. > # The default value is ''$publickeydir/$certname.pem''. > # The default value is ''$certdir/$certname.pem''. > sh-3.2$ sudo /usr/sbin/puppetd --genconf | grep certname > # The default value is ''$certdir/$certname.pem''. > # The default value is ''$privatekeydir/$certname.pem''. > # certname = prc-mn-lnx03.pinerivercapital.local > # The default value is ''$ssldir/csr_$certname.pem''. > # The default value is ''$publickeydir/$certname.pem''. > > Try to run local client manually in test mode. > sh-3.2$ sudo puppetd --server prc-mn-lnx03 --test > err: Could not retrieve catalog from remote server: hostname not > match with the server certificate > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > /var/log/messages doesn''t seem to have any additional useful > information: > Jul 23 13:24:00 prc-mn-lnx03 puppetmasterd[9100]: Starting Puppet > server version 0.25.5 > Jul 23 13:24:46 prc-mn-lnx03 puppetd[9106]: Could not retrieve > catalog from remote server: hostname not match with the server > certificate > Jul 23 13:24:46 prc-mn-lnx03 puppetd[9106]: Not using cache on > failed catalog > Jul 23 13:24:47 prc-mn-lnx03 puppetd[9106]: Could not retrieve > catalog; skipping run > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
David Dyer-Bennet
2010-Jul-23 19:41 UTC
Re: [Puppet Users] Try at simple puppet setup -- fails
On Fri, July 23, 2010 14:12, Charles Johnson wrote:> On the client side, try deleting /etc/puppet/ssl (or where ever you are > keeping client puppet data for certificates), kill the client, and restart > the clientClient and server are the same system here (I mentioned that in my original message). And deleting /etc/puppet/ssl (yes, that''s where it is in the Centos package) would delete the server certificates therefore. I said it seems that both on the same system was the simplest config -- it avoids all the network issues, possibly different /etc/hosts files, and so forth. Is it also introducing other complications? Are there special steps I need to take when client and server are the same? -- David Dyer-Bennet, dd-b@dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
IIRC, puppetmaster and client will use the same SSL directory by default on the puppetmaster node. You may want to see what puppetca --list says (or if the certificate request is getting through, what it''s being saved as in the ssl dir, etc.) ... I''m running Puppet on the same platform as you, and my hunch is that this may end up being something dumb like, "you need to use the host''s FQDN everywhere" ... On Fri, Jul 23, 2010 at 2:41 PM, David Dyer-Bennet <dd-b@dd-b.net> wrote:> > On Fri, July 23, 2010 14:12, Charles Johnson wrote: >> On the client side, try deleting /etc/puppet/ssl (or where ever you are >> keeping client puppet data for certificates), kill the client, and restart >> the client > > Client and server are the same system here (I mentioned that in my > original message). And deleting /etc/puppet/ssl (yes, that''s where it is > in the Centos package) would delete the server certificates therefore. > > I said it seems that both on the same system was the simplest config -- it > avoids all the network issues, possibly different /etc/hosts files, and so > forth. Is it also introducing other complications? Are there special > steps I need to take when client and server are the same? > > -- > David Dyer-Bennet, dd-b@dd-b.net; http://dd-b.net/ > Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ > Photos: http://dd-b.net/photography/gallery/ > Dragaera: http://dragaera.info > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
David Dyer-Bennet
2010-Jul-24 03:33 UTC
Re: [Puppet Users] Try at simple puppet setup -- fails
On 23-Jul-10 18:16, steve . wrote:> IIRC, puppetmaster and client will use the same SSL directory by > default on the puppetmaster node.Yes, they appear to.> You may want to see what puppetca --list says (or if the certificate > request is getting through, what it''s being saved as in the ssl dir, > etc.) ... > > I''m running Puppet on the same platform as you, and my hunch is that > this may end up being something dumb like, "you need to use the host''s > FQDN everywhere" ...It''s definitely smelling of something like that to me as well. I''ve even got another running installation (Centos 4.6, though, and an older Puppet). That *particular* dumb thing is one I''ve thought of and checked, doesn''t appear to be that, unfortunately. I also went and set up one where the server and client were different nodes (see detailed message near here somewhere), and that fails in exactly the same way. I''ve also gotten a DNS name assigned to my server, and gotten rid of all the special /etc/hosts files, and am using only the real FQDN to refer to the server; that hasn''t helped either. I''ve been keeping busy trying things, at least! -- David Dyer-Bennet, dd-b@dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.