Puppet users - Dec 2011 - Puppetserver error

Hello everyone,
I am new to puppet. I have installed on redhat Enterprise 5and seems
to be working fine. Couple days ago I was testing some permissions on /
etc folder and applied 600 /etc and sub folders. Although I have
reverted the permission but I am having issues on puppetmaster.
Currently I have these permission on etc 755 and puppet folder:
my /etc folder is 755 and puppet folder with tese permsions:

-rw-r--r--  1 root root 2346 May  8  2010 auth.conf
-rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
-rw-r--r--  1 root root  980 May 27  2010 puppet.conf
-rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew

I am getting these error in the log:

puppet-master[3519]: Could not parse for environment production:
Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/
puppet/manifests/site.pp:3 on node client1

Dec 27 14:25:46 server puppet-master[3519]: Could not parse for
environment production: Permission denied - /etc/puppet/manifests/
classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2

Dec 27 14:27:15 server puppet-master[3519]: Could not parse for
environment production: Permission denied - /etc/puppet/manifests/
classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3

Dec 27 14:27:15 server  puppet-master[3519]: Could not parse for
environment production: Permission denied - /etc/puppet/manifests/
classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4

Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog
from remote server: Error 400 on SERVER: Could not parse for
environment production: Permission denied - /etc/puppet/manifests/
classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server
Any Help will be greatly appreciated.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hello Khan,

I''m fairly new to Puppet as well.
I''m assuming that `manifests/classes/sysctl.pp` is being referenced by
the line 3 of `manifests/site.pp` from the error msgs.
My first thing would be to double check the permissions on `manifests/
classes/sysctl.pp`

After that I would check the content and files being referenced by
sysctl.pp and see if it''s a permission issue at a lower level and
Puppet is errorring at an unhelpfully high level.

If that doesn''t help, what the users/groups for the manifests and
files being created by the manifests? Are you using filebucket?


 - Justin



On Dec 29, 8:36 am, Khan <makhan...@gmail.com>
wrote:
> Hello everyone,
> I am new to puppet. I have installed on redhat Enterprise 5and seems
> to be working fine. Couple days ago I was testing some permissions on /
> etc folder and applied 600 /etc and sub folders. Although I have
> reverted the permission but I am having issues on puppetmaster.
> Currently I have these permission on etc 755 and puppet folder:
> my /etc folder is 755 and puppet folder with tese permsions:
>
> -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
> -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
> drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
> drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
> -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
> -rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew
>
> I am getting these error in the log:
>
> puppet-master[3519]: Could not parse for environment production:
> Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/
> puppet/manifests/site.pp:3 on node client1
>
> Dec 27 14:25:46 server puppet-master[3519]: Could not parse for
> environment production: Permission denied - /etc/puppet/manifests/
> classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2
>
> Dec 27 14:27:15 server puppet-master[3519]: Could not parse for
> environment production: Permission denied - /etc/puppet/manifests/
> classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3
>
> Dec 27 14:27:15 server  puppet-master[3519]: Could not parse for
> environment production: Permission denied - /etc/puppet/manifests/
> classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4
>
> Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog
> from remote server: Error 400 on SERVER: Could not parse for
> environment production: Permission denied - /etc/puppet/manifests/
> classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server
> Any Help will be greatly appreciated.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks for your response.
I have cahnge the permission to 655 on manifests and still the same thing.
My puppetmaster was not even starting then and now. The user/group is root
for this folder. Every time when I try to start puppetmaster is get this
error message:

server puppet-master[20965]: Starting Puppet master version 2.6.12
Dec 29 13:29:26 server  puppet-master[20982]: You have configuration
parameter $classfile specified in [puppetd], which is a deprecated section.
I''m assuming you meant [agent]
Dec 29 13:29:26 server puppet-master[20982]: You have configuration
parameter $localconfig specified in [puppetd], which is a deprecated
section. I''m assuming you meant [agent]
Dec 29 13:29:27 server puppet-master[21035]: Reopening log files
Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master version
2.6.12



On Thu, Dec 29, 2011 at 12:35 PM, Justin <justin.stoller@gmail.com> wrote:
> Hello Khan,
>
> I''m fairly new to Puppet as well.
> I''m assuming that `manifests/classes/sysctl.pp` is being
referenced by
> the line 3 of `manifests/site.pp` from the error msgs.
> My first thing would be to double check the permissions on `manifests/
> classes/sysctl.pp`
>
> After that I would check the content and files being referenced by
> sysctl.pp and see if it''s a permission issue at a lower level and
> Puppet is errorring at an unhelpfully high level.
>
> If that doesn''t help, what the users/groups for the manifests and
> files being created by the manifests? Are you using filebucket?
>
>
>  - Justin
>
>
>
> On Dec 29, 8:36 am, Khan <makhan...@gmail.com> wrote:
> > Hello everyone,
> > I am new to puppet. I have installed on redhat Enterprise 5and seems
> > to be working fine. Couple days ago I was testing some permissions on
/
> > etc folder and applied 600 /etc and sub folders. Although I have
> > reverted the permission but I am having issues on puppetmaster.
> > Currently I have these permission on etc 755 and puppet folder:
> > my /etc folder is 755 and puppet folder with tese permsions:
> >
> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
> > -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
> > -rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew
> >
> > I am getting these error in the log:
> >
> > puppet-master[3519]: Could not parse for environment production:
> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/
> > puppet/manifests/site.pp:3 on node client1
> >
> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for
> > environment production: Permission denied - /etc/puppet/manifests/
> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2
> >
> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for
> > environment production: Permission denied - /etc/puppet/manifests/
> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3
> >
> > Dec 27 14:27:15 server  puppet-master[3519]: Could not parse for
> > environment production: Permission denied - /etc/puppet/manifests/
> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4
> >
> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog
> > from remote server: Error 400 on SERVER: Could not parse for
> > environment production: Permission denied - /etc/puppet/manifests/
> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server
> > Any Help will be greatly appreciated.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Can you post your config?  It sounds like there may be  an error in it.

On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> Thanks for your response.
> I have cahnge the permission to 655 on manifests and still the same thing.
> My puppetmaster was not even starting then and now. The user/group is root
> for this folder. Every time when I try to start puppetmaster is get this
> error message:
>
> server puppet-master[20965]: Starting Puppet master version 2.6.12
> Dec 29 13:29:26 server  puppet-master[20982]: You have configuration
> parameter $classfile specified in [puppetd], which is a deprecated section.
> I''m assuming you meant [agent]
> Dec 29 13:29:26 server puppet-master[20982]: You have configuration
> parameter $localconfig specified in [puppetd], which is a deprecated
> section. I''m assuming you meant [agent]
> Dec 29 13:29:27 server puppet-master[21035]: Reopening log files
> Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master version
> 2.6.12
>
>
>
>
> On Thu, Dec 29, 2011 at 12:35 PM, Justin <justin.stoller@gmail.com>
wrote:
>>
>> Hello Khan,
>>
>> I''m fairly new to Puppet as well.
>> I''m assuming that `manifests/classes/sysctl.pp` is being
referenced by
>> the line 3 of `manifests/site.pp` from the error msgs.
>> My first thing would be to double check the permissions on `manifests/
>> classes/sysctl.pp`
>>
>> After that I would check the content and files being referenced by
>> sysctl.pp and see if it''s a permission issue at a lower level
and
>> Puppet is errorring at an unhelpfully high level.
>>
>> If that doesn''t help, what the users/groups for the manifests
and
>> files being created by the manifests? Are you using filebucket?
>>
>>
>>  - Justin
>>
>>
>>
>> On Dec 29, 8:36 am, Khan <makhan...@gmail.com> wrote:
>> > Hello everyone,
>> > I am new to puppet. I have installed on redhat Enterprise 5and
seems
>> > to be working fine. Couple days ago I was testing some permissions
on /
>> > etc folder and applied 600 /etc and sub folders. Although I have
>> > reverted the permission but I am having issues on puppetmaster.
>> > Currently I have these permission on etc 755 and puppet folder:
>> > my /etc folder is 755 and puppet folder with tese permsions:
>> >
>> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
>> > -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
>> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
>> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
>> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
>> > -rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew
>> >
>> > I am getting these error in the log:
>> >
>> > puppet-master[3519]: Could not parse for environment production:
>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at
/etc/
>> > puppet/manifests/site.pp:3 on node client1
>> >
>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for
>> > environment production: Permission denied - /etc/puppet/manifests/
>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client2
>> >
>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for
>> > environment production: Permission denied - /etc/puppet/manifests/
>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client3
>> >
>> > Dec 27 14:27:15 server  puppet-master[3519]: Could not parse for
>> > environment production: Permission denied - /etc/puppet/manifests/
>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client4
>> >
>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve
catalog
>> > from remote server: Error 400 on SERVER: Could not parse for
>> > environment production: Permission denied - /etc/puppet/manifests/
>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
server
>> > Any Help will be greatly appreciated.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Regards,
> Mohammad
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

[main]
    # Where Puppet stores dynamic and growing data.
    # The default value is ''/var/puppet''.
    vardir = /var/lib/puppet

    # The Puppet log directory.
    # The default value is ''$vardir/log''.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is ''$vardir/run''.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is ''$confdir/ssl''.
    ssldir = $vardir/ssl

[puppetd]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is ''$confdir/classes.txt''.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is ''$confdir/localconfig''.
    localconfig = $vardir/localconfig


On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell
<aaron.grewell@gmail.com>wrote:
> Can you post your config?  It sounds like there may be  an error in it.
>
> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan <makhan628@gmail.com>
> wrote:
> > Thanks for your response.
> > I have cahnge the permission to 655 on manifests and still the same
> thing.
> > My puppetmaster was not even starting then and now. The user/group is
> root
> > for this folder. Every time when I try to start puppetmaster is get
this
> > error message:
> >
> > server puppet-master[20965]: Starting Puppet master version 2.6.12
> > Dec 29 13:29:26 server  puppet-master[20982]: You have configuration
> > parameter $classfile specified in [puppetd], which is a deprecated
> section.
> > I''m assuming you meant [agent]
> > Dec 29 13:29:26 server puppet-master[20982]: You have configuration
> > parameter $localconfig specified in [puppetd], which is a deprecated
> > section. I''m assuming you meant [agent]
> > Dec 29 13:29:27 server puppet-master[21035]: Reopening log files
> > Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master
> version
> > 2.6.12
> >
> >
> >
> >
> > On Thu, Dec 29, 2011 at 12:35 PM, Justin
<justin.stoller@gmail.com>
> wrote:
> >>
> >> Hello Khan,
> >>
> >> I''m fairly new to Puppet as well.
> >> I''m assuming that `manifests/classes/sysctl.pp` is being
referenced by
> >> the line 3 of `manifests/site.pp` from the error msgs.
> >> My first thing would be to double check the permissions on
`manifests/
> >> classes/sysctl.pp`
> >>
> >> After that I would check the content and files being referenced by
> >> sysctl.pp and see if it''s a permission issue at a lower
level and
> >> Puppet is errorring at an unhelpfully high level.
> >>
> >> If that doesn''t help, what the users/groups for the
manifests and
> >> files being created by the manifests? Are you using filebucket?
> >>
> >>
> >>  - Justin
> >>
> >>
> >>
> >> On Dec 29, 8:36 am, Khan <makhan...@gmail.com> wrote:
> >> > Hello everyone,
> >> > I am new to puppet. I have installed on redhat Enterprise
5and seems
> >> > to be working fine. Couple days ago I was testing some
permissions on
> /
> >> > etc folder and applied 600 /etc and sub folders. Although I
have
> >> > reverted the permission but I am having issues on
puppetmaster.
> >> > Currently I have these permission on etc 755 and puppet
folder:
> >> > my /etc folder is 755 and puppet folder with tese permsions:
> >> >
> >> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
> >> > -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
> >> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
> >> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
> >> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
> >> > -rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew
> >> >
> >> > I am getting these error in the log:
> >> >
> >> > puppet-master[3519]: Could not parse for environment
production:
> >> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp
at /etc/
> >> > puppet/manifests/site.pp:3 on node client1
> >> >
> >> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse
for
> >> > environment production: Permission denied -
/etc/puppet/manifests/
> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client2
> >> >
> >> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse
for
> >> > environment production: Permission denied -
/etc/puppet/manifests/
> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client3
> >> >
> >> > Dec 27 14:27:15 server  puppet-master[3519]: Could not parse
for
> >> > environment production: Permission denied -
/etc/puppet/manifests/
> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client4
> >> >
> >> > Dec 27 14:27:15 server puppet-agent[10407]: Could not
retrieve catalog
> >> > from remote server: Error 400 on SERVER: Could not parse for
> >> > environment production: Permission denied -
/etc/puppet/manifests/
> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
server
> >> > Any Help will be greatly appreciated.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >
> >
> >
> > --
> > Regards,
> > Mohammad
> >
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

You''ll want to change [puppetd] to [agent], as well as adding a
[master] section with appropriate contents.

On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> [main]
>     # Where Puppet stores dynamic and growing data.
>     # The default value is ''/var/puppet''.
>     vardir = /var/lib/puppet
>
>     # The Puppet log directory.
>     # The default value is ''$vardir/log''.
>     logdir = /var/log/puppet
>
>     # Where Puppet PID files are kept.
>     # The default value is ''$vardir/run''.
>     rundir = /var/run/puppet
>
>     # Where SSL certificates are kept.
>     # The default value is ''$confdir/ssl''.
>     ssldir = $vardir/ssl
>
> [puppetd]
>     # The file in which puppetd stores a list of the classes
>     # associated with the retrieved configuratiion.  Can be loaded in
>     # the separate ``puppet`` executable using the ``--loadclasses``
>     # option.
>     # The default value is ''$confdir/classes.txt''.
>     classfile = $vardir/classes.txt
>
>     # Where puppetd caches the local configuration.  An
>     # extension indicating the cache format is added automatically.
>     # The default value is ''$confdir/localconfig''.
>     localconfig = $vardir/localconfig
>
>
>
> On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell
<aaron.grewell@gmail.com>
> wrote:
>>
>> Can you post your config?  It sounds like there may be  an error in it.
>>
>> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan
<makhan628@gmail.com>
>> wrote:
>> > Thanks for your response.
>> > I have cahnge the permission to 655 on manifests and still the
same
>> > thing.
>> > My puppetmaster was not even starting then and now. The user/group
is
>> > root
>> > for this folder. Every time when I try to start puppetmaster is
get this
>> > error message:
>> >
>> > server puppet-master[20965]: Starting Puppet master version 2.6.12
>> > Dec 29 13:29:26 server  puppet-master[20982]: You have
configuration
>> > parameter $classfile specified in [puppetd], which is a deprecated
>> > section.
>> > I''m assuming you meant [agent]
>> > Dec 29 13:29:26 server puppet-master[20982]: You have
configuration
>> > parameter $localconfig specified in [puppetd], which is a
deprecated
>> > section. I''m assuming you meant [agent]
>> > Dec 29 13:29:27 server puppet-master[21035]: Reopening log files
>> > Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet
master
>> > version
>> > 2.6.12
>> >
>> >
>> >
>> >
>> > On Thu, Dec 29, 2011 at 12:35 PM, Justin
<justin.stoller@gmail.com>
>> > wrote:
>> >>
>> >> Hello Khan,
>> >>
>> >> I''m fairly new to Puppet as well.
>> >> I''m assuming that `manifests/classes/sysctl.pp` is
being referenced by
>> >> the line 3 of `manifests/site.pp` from the error msgs.
>> >> My first thing would be to double check the permissions on
`manifests/
>> >> classes/sysctl.pp`
>> >>
>> >> After that I would check the content and files being
referenced by
>> >> sysctl.pp and see if it''s a permission issue at a
lower level and
>> >> Puppet is errorring at an unhelpfully high level.
>> >>
>> >> If that doesn''t help, what the users/groups for the
manifests and
>> >> files being created by the manifests? Are you using
filebucket?
>> >>
>> >>
>> >>  - Justin
>> >>
>> >>
>> >>
>> >> On Dec 29, 8:36 am, Khan <makhan...@gmail.com> wrote:
>> >> > Hello everyone,
>> >> > I am new to puppet. I have installed on redhat Enterprise
5and seems
>> >> > to be working fine. Couple days ago I was testing some
permissions on
>> >> > /
>> >> > etc folder and applied 600 /etc and sub folders. Although
I have
>> >> > reverted the permission but I am having issues on
puppetmaster.
>> >> > Currently I have these permission on etc 755 and puppet
folder:
>> >> > my /etc folder is 755 and puppet folder with tese
permsions:
>> >> >
>> >> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
>> >> > -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
>> >> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
>> >> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
>> >> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
>> >> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
>> >> >
>> >> > I am getting these error in the log:
>> >> >
>> >> > puppet-master[3519]: Could not parse for environment
production:
>> >> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at /etc/
>> >> > puppet/manifests/site.pp:3 on node client1
>> >> >
>> >> > Dec 27 14:25:46 server puppet-master[3519]: Could not
parse for
>> >> > environment production: Permission denied -
/etc/puppet/manifests/
>> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on
node client2
>> >> >
>> >> > Dec 27 14:27:15 server puppet-master[3519]: Could not
parse for
>> >> > environment production: Permission denied -
/etc/puppet/manifests/
>> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on
node client3
>> >> >
>> >> > Dec 27 14:27:15 server  puppet-master[3519]: Could not
parse for
>> >> > environment production: Permission denied -
/etc/puppet/manifests/
>> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on
node client4
>> >> >
>> >> > Dec 27 14:27:15 server puppet-agent[10407]: Could not
retrieve
>> >> > catalog
>> >> > from remote server: Error 400 on SERVER: Could not parse
for
>> >> > environment production: Permission denied -
/etc/puppet/manifests/
>> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on
node server
>> >> > Any Help will be greatly appreciated.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the
Google
>> >> Groups
>> >> "Puppet Users" group.
>> >> To post to this group, send email to
puppet-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> puppet-users+unsubscribe@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/puppet-users?hl=en.
>> >>
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Mohammad
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Regards,
> Mohammad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

same results after changes , what should i add into master section?

On Thu, Dec 29, 2011 at 2:08 PM, Aaron Grewell
<aaron.grewell@gmail.com>wrote:
> You''ll want to change [puppetd] to [agent], as well as adding a
> [master] section with appropriate contents.
>
> On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan <makhan628@gmail.com>
> wrote:
> > [main]
> >     # Where Puppet stores dynamic and growing data.
> >     # The default value is ''/var/puppet''.
> >     vardir = /var/lib/puppet
> >
> >     # The Puppet log directory.
> >     # The default value is ''$vardir/log''.
> >     logdir = /var/log/puppet
> >
> >     # Where Puppet PID files are kept.
> >     # The default value is ''$vardir/run''.
> >     rundir = /var/run/puppet
> >
> >     # Where SSL certificates are kept.
> >     # The default value is ''$confdir/ssl''.
> >     ssldir = $vardir/ssl
> >
> > [puppetd]
> >     # The file in which puppetd stores a list of the classes
> >     # associated with the retrieved configuratiion.  Can be loaded in
> >     # the separate ``puppet`` executable using the ``--loadclasses``
> >     # option.
> >     # The default value is ''$confdir/classes.txt''.
> >     classfile = $vardir/classes.txt
> >
> >     # Where puppetd caches the local configuration.  An
> >     # extension indicating the cache format is added automatically.
> >     # The default value is ''$confdir/localconfig''.
> >     localconfig = $vardir/localconfig
> >
> >
> >
> > On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell
<aaron.grewell@gmail.com>
> > wrote:
> >>
> >> Can you post your config?  It sounds like there may be  an error
in it.
> >>
> >> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan
<makhan628@gmail.com>
> >> wrote:
> >> > Thanks for your response.
> >> > I have cahnge the permission to 655 on manifests and still
the same
> >> > thing.
> >> > My puppetmaster was not even starting then and now. The
user/group is
> >> > root
> >> > for this folder. Every time when I try to start puppetmaster
is get
> this
> >> > error message:
> >> >
> >> > server puppet-master[20965]: Starting Puppet master version
2.6.12
> >> > Dec 29 13:29:26 server  puppet-master[20982]: You have
configuration
> >> > parameter $classfile specified in [puppetd], which is a
deprecated
> >> > section.
> >> > I''m assuming you meant [agent]
> >> > Dec 29 13:29:26 server puppet-master[20982]: You have
configuration
> >> > parameter $localconfig specified in [puppetd], which is a
deprecated
> >> > section. I''m assuming you meant [agent]
> >> > Dec 29 13:29:27 server puppet-master[21035]: Reopening log
files
> >> > Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet
master
> >> > version
> >> > 2.6.12
> >> >
> >> >
> >> >
> >> >
> >> > On Thu, Dec 29, 2011 at 12:35 PM, Justin
<justin.stoller@gmail.com>
> >> > wrote:
> >> >>
> >> >> Hello Khan,
> >> >>
> >> >> I''m fairly new to Puppet as well.
> >> >> I''m assuming that `manifests/classes/sysctl.pp`
is being referenced
> by
> >> >> the line 3 of `manifests/site.pp` from the error msgs.
> >> >> My first thing would be to double check the permissions
on
> `manifests/
> >> >> classes/sysctl.pp`
> >> >>
> >> >> After that I would check the content and files being
referenced by
> >> >> sysctl.pp and see if it''s a permission issue at
a lower level and
> >> >> Puppet is errorring at an unhelpfully high level.
> >> >>
> >> >> If that doesn''t help, what the users/groups for
the manifests and
> >> >> files being created by the manifests? Are you using
filebucket?
> >> >>
> >> >>
> >> >>  - Justin
> >> >>
> >> >>
> >> >>
> >> >> On Dec 29, 8:36 am, Khan <makhan...@gmail.com>
wrote:
> >> >> > Hello everyone,
> >> >> > I am new to puppet. I have installed on redhat
Enterprise 5and
> seems
> >> >> > to be working fine. Couple days ago I was testing
some permissions
> on
> >> >> > /
> >> >> > etc folder and applied 600 /etc and sub folders.
Although I have
> >> >> > reverted the permission but I am having issues on
puppetmaster.
> >> >> > Currently I have these permission on etc 755 and
puppet folder:
> >> >> > my /etc folder is 755 and puppet folder with tese
permsions:
> >> >> >
> >> >> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
> >> >> > -rw-r--r--  1 root root  419 May 19  2010
fileserver.conf
> >> >> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
> >> >> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
> >> >> > -rw-r--r--  1 root root  980 May 27  2010
puppet.conf
> >> >> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
> >> >> >
> >> >> > I am getting these error in the log:
> >> >> >
> >> >> > puppet-master[3519]: Could not parse for environment
production:
> >> >> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
> /etc/
> >> >> > puppet/manifests/site.pp:3 on node client1
> >> >> >
> >> >> > Dec 27 14:25:46 server puppet-master[3519]: Could
not parse for
> >> >> > environment production: Permission denied -
/etc/puppet/manifests/
> >> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3
on node
> client2
> >> >> >
> >> >> > Dec 27 14:27:15 server puppet-master[3519]: Could
not parse for
> >> >> > environment production: Permission denied -
/etc/puppet/manifests/
> >> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3
on node
> client3
> >> >> >
> >> >> > Dec 27 14:27:15 server  puppet-master[3519]: Could
not parse for
> >> >> > environment production: Permission denied -
/etc/puppet/manifests/
> >> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3
on node
> client4
> >> >> >
> >> >> > Dec 27 14:27:15 server puppet-agent[10407]: Could
not retrieve
> >> >> > catalog
> >> >> > from remote server: Error 400 on SERVER: Could not
parse for
> >> >> > environment production: Permission denied -
/etc/puppet/manifests/
> >> >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3
on node server
> >> >> > Any Help will be greatly appreciated.
> >> >>
> >> >> --
> >> >> You received this message because you are subscribed to
the Google
> >> >> Groups
> >> >> "Puppet Users" group.
> >> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> >> To unsubscribe from this group, send email to
> >> >> puppet-users+unsubscribe@googlegroups.com.
> >> >> For more options, visit this group at
> >> >> http://groups.google.com/group/puppet-users?hl=en.
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Regards,
> >> > Mohammad
> >> >
> >> >
> >> > --
> >> > You received this message because you are subscribed to the
Google
> >> > Groups
> >> > "Puppet Users" group.
> >> > To post to this group, send email to
puppet-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > puppet-users+unsubscribe@googlegroups.com.
> >> > For more options, visit this group at
> >> > http://groups.google.com/group/puppet-users?hl=en.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >
> >
> >
> > --
> > Regards,
> > Mohammad
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Run puppet --genconfig for an example.


On Thu, Dec 29, 2011 at 11:12 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> same results after changes , what should i add into master section?
>
>
> On Thu, Dec 29, 2011 at 2:08 PM, Aaron Grewell
<aaron.grewell@gmail.com>
> wrote:
>>
>> You''ll want to change [puppetd] to [agent], as well as adding
a
>> [master] section with appropriate contents.
>>
>> On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan
<makhan628@gmail.com>
>> wrote:
>> > [main]
>> >     # Where Puppet stores dynamic and growing data.
>> >     # The default value is ''/var/puppet''.
>> >     vardir = /var/lib/puppet
>> >
>> >     # The Puppet log directory.
>> >     # The default value is ''$vardir/log''.
>> >     logdir = /var/log/puppet
>> >
>> >     # Where Puppet PID files are kept.
>> >     # The default value is ''$vardir/run''.
>> >     rundir = /var/run/puppet
>> >
>> >     # Where SSL certificates are kept.
>> >     # The default value is ''$confdir/ssl''.
>> >     ssldir = $vardir/ssl
>> >
>> > [puppetd]
>> >     # The file in which puppetd stores a list of the classes
>> >     # associated with the retrieved configuratiion.  Can be loaded
in
>> >     # the separate ``puppet`` executable using the
``--loadclasses``
>> >     # option.
>> >     # The default value is
''$confdir/classes.txt''.
>> >     classfile = $vardir/classes.txt
>> >
>> >     # Where puppetd caches the local configuration.  An
>> >     # extension indicating the cache format is added
automatically.
>> >     # The default value is
''$confdir/localconfig''.
>> >     localconfig = $vardir/localconfig
>> >
>> >
>> >
>> > On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell
<aaron.grewell@gmail.com>
>> > wrote:
>> >>
>> >> Can you post your config?  It sounds like there may be  an
error in it.
>> >>
>> >> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan
<makhan628@gmail.com>
>> >> wrote:
>> >> > Thanks for your response.
>> >> > I have cahnge the permission to 655 on manifests and
still the same
>> >> > thing.
>> >> > My puppetmaster was not even starting then and now. The
user/group is
>> >> > root
>> >> > for this folder. Every time when I try to start
puppetmaster is get
>> >> > this
>> >> > error message:
>> >> >
>> >> > server puppet-master[20965]: Starting Puppet master
version 2.6.12
>> >> > Dec 29 13:29:26 server  puppet-master[20982]: You have
configuration
>> >> > parameter $classfile specified in [puppetd], which is a
deprecated
>> >> > section.
>> >> > I''m assuming you meant [agent]
>> >> > Dec 29 13:29:26 server puppet-master[20982]: You have
configuration
>> >> > parameter $localconfig specified in [puppetd], which is a
deprecated
>> >> > section. I''m assuming you meant [agent]
>> >> > Dec 29 13:29:27 server puppet-master[21035]: Reopening
log files
>> >> > Dec 29 13:29:27 server puppet-master[21035]: Starting
Puppet master
>> >> > version
>> >> > 2.6.12
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > On Thu, Dec 29, 2011 at 12:35 PM, Justin
<justin.stoller@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hello Khan,
>> >> >>
>> >> >> I''m fairly new to Puppet as well.
>> >> >> I''m assuming that
`manifests/classes/sysctl.pp` is being referenced
>> >> >> by
>> >> >> the line 3 of `manifests/site.pp` from the error
msgs.
>> >> >> My first thing would be to double check the
permissions on
>> >> >> `manifests/
>> >> >> classes/sysctl.pp`
>> >> >>
>> >> >> After that I would check the content and files being
referenced by
>> >> >> sysctl.pp and see if it''s a permission issue
at a lower level and
>> >> >> Puppet is errorring at an unhelpfully high level.
>> >> >>
>> >> >> If that doesn''t help, what the users/groups
for the manifests and
>> >> >> files being created by the manifests? Are you using
filebucket?
>> >> >>
>> >> >>
>> >> >>  - Justin
>> >> >>
>> >> >>
>> >> >>
>> >> >> On Dec 29, 8:36 am, Khan <makhan...@gmail.com>
wrote:
>> >> >> > Hello everyone,
>> >> >> > I am new to puppet. I have installed on redhat
Enterprise 5and
>> >> >> > seems
>> >> >> > to be working fine. Couple days ago I was
testing some permissions
>> >> >> > on
>> >> >> > /
>> >> >> > etc folder and applied 600 /etc and sub folders.
Although I have
>> >> >> > reverted the permission but I am having issues
on puppetmaster.
>> >> >> > Currently I have these permission on etc 755 and
puppet folder:
>> >> >> > my /etc folder is 755 and puppet folder with
tese permsions:
>> >> >> >
>> >> >> > -rw-r--r--  1 root root 2346 May  8  2010
auth.conf
>> >> >> > -rw-r--r--  1 root root  419 May 19  2010
fileserver.conf
>> >> >> > drwxr-xr-x  3 root root 4096 Dec 23 10:48
manifests
>> >> >> > drwxr-xr-x 21 root root 4096 Oct 22  2010
modules
>> >> >> > -rw-r--r--  1 root root  980 May 27  2010
puppet.conf
>> >> >> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
>> >> >> >
>> >> >> > I am getting these error in the log:
>> >> >> >
>> >> >> > puppet-master[3519]: Could not parse for
environment production:
>> >> >> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
>> >> >> > /etc/
>> >> >> > puppet/manifests/site.pp:3 on node client1
>> >> >> >
>> >> >> > Dec 27 14:25:46 server puppet-master[3519]:
Could not parse for
>> >> >> > environment production: Permission denied -
/etc/puppet/manifests/
>> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >> > client2
>> >> >> >
>> >> >> > Dec 27 14:27:15 server puppet-master[3519]:
Could not parse for
>> >> >> > environment production: Permission denied -
/etc/puppet/manifests/
>> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >> > client3
>> >> >> >
>> >> >> > Dec 27 14:27:15 server  puppet-master[3519]:
Could not parse for
>> >> >> > environment production: Permission denied -
/etc/puppet/manifests/
>> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >> > client4
>> >> >> >
>> >> >> > Dec 27 14:27:15 server puppet-agent[10407]:
Could not retrieve
>> >> >> > catalog
>> >> >> > from remote server: Error 400 on SERVER: Could
not parse for
>> >> >> > environment production: Permission denied -
/etc/puppet/manifests/
>> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >> > server
>> >> >> > Any Help will be greatly appreciated.
>> >> >>
>> >> >> --
>> >> >> You received this message because you are subscribed
to the Google
>> >> >> Groups
>> >> >> "Puppet Users" group.
>> >> >> To post to this group, send email to
puppet-users@googlegroups.com.
>> >> >> To unsubscribe from this group, send email to
>> >> >> puppet-users+unsubscribe@googlegroups.com.
>> >> >> For more options, visit this group at
>> >> >> http://groups.google.com/group/puppet-users?hl=en.
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Regards,
>> >> > Mohammad
>> >> >
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to
the Google
>> >> > Groups
>> >> > "Puppet Users" group.
>> >> > To post to this group, send email to
puppet-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > puppet-users+unsubscribe@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/puppet-users?hl=en.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the
Google
>> >> Groups
>> >> "Puppet Users" group.
>> >> To post to this group, send email to
puppet-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> puppet-users+unsubscribe@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/puppet-users?hl=en.
>> >>
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Mohammad
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Regards,
> Mohammad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I am getting these messages now at the puppetmaster start:


Denying access: Forbidden request: server(ip) access to /catalog/
server.domain.co [find] at line 93
Dec 29 15:13:20 server puppet-master[3311]: Forbidden request: server (ip)
access to /catalog/server.domain.co [find] at line 93
Dec 29 15:13:20 server puppet-agent[4382]: Could not retrieve catalog from
remote server: Error 403 on SERVER: Forbidden request: server (ip) access
to /catalog/server.domain.co [find] at line 93
And also the same error: but on 17 line now. Which represent my ldap if i
disable ldap line then the error moves to next line and so on.


On Thu, Dec 29, 2011 at 2:22 PM, Aaron Grewell
<aaron.grewell@gmail.com>wrote:
> Run puppet --genconfig for an example.
>
>
> On Thu, Dec 29, 2011 at 11:12 AM, Mohammad Khan <makhan628@gmail.com>
> wrote:
> > same results after changes , what should i add into master section?
> >
> >
> > On Thu, Dec 29, 2011 at 2:08 PM, Aaron Grewell
<aaron.grewell@gmail.com>
> > wrote:
> >>
> >> You''ll want to change [puppetd] to [agent], as well as
adding a
> >> [master] section with appropriate contents.
> >>
> >> On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan
<makhan628@gmail.com>
> >> wrote:
> >> > [main]
> >> >     # Where Puppet stores dynamic and growing data.
> >> >     # The default value is ''/var/puppet''.
> >> >     vardir = /var/lib/puppet
> >> >
> >> >     # The Puppet log directory.
> >> >     # The default value is ''$vardir/log''.
> >> >     logdir = /var/log/puppet
> >> >
> >> >     # Where Puppet PID files are kept.
> >> >     # The default value is ''$vardir/run''.
> >> >     rundir = /var/run/puppet
> >> >
> >> >     # Where SSL certificates are kept.
> >> >     # The default value is ''$confdir/ssl''.
> >> >     ssldir = $vardir/ssl
> >> >
> >> > [puppetd]
> >> >     # The file in which puppetd stores a list of the classes
> >> >     # associated with the retrieved configuratiion.  Can be
loaded in
> >> >     # the separate ``puppet`` executable using the
``--loadclasses``
> >> >     # option.
> >> >     # The default value is
''$confdir/classes.txt''.
> >> >     classfile = $vardir/classes.txt
> >> >
> >> >     # Where puppetd caches the local configuration.  An
> >> >     # extension indicating the cache format is added
automatically.
> >> >     # The default value is
''$confdir/localconfig''.
> >> >     localconfig = $vardir/localconfig
> >> >
> >> >
> >> >
> >> > On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell <
> aaron.grewell@gmail.com>
> >> > wrote:
> >> >>
> >> >> Can you post your config?  It sounds like there may be 
an error in
> it.
> >> >>
> >> >> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan
<makhan628@gmail.com
> >
> >> >> wrote:
> >> >> > Thanks for your response.
> >> >> > I have cahnge the permission to 655 on manifests and
still the same
> >> >> > thing.
> >> >> > My puppetmaster was not even starting then and now.
The user/group
> is
> >> >> > root
> >> >> > for this folder. Every time when I try to start
puppetmaster is get
> >> >> > this
> >> >> > error message:
> >> >> >
> >> >> > server puppet-master[20965]: Starting Puppet master
version 2.6.12
> >> >> > Dec 29 13:29:26 server  puppet-master[20982]: You
have
> configuration
> >> >> > parameter $classfile specified in [puppetd], which
is a deprecated
> >> >> > section.
> >> >> > I''m assuming you meant [agent]
> >> >> > Dec 29 13:29:26 server puppet-master[20982]: You
have configuration
> >> >> > parameter $localconfig specified in [puppetd], which
is a
> deprecated
> >> >> > section. I''m assuming you meant [agent]
> >> >> > Dec 29 13:29:27 server puppet-master[21035]:
Reopening log files
> >> >> > Dec 29 13:29:27 server puppet-master[21035]:
Starting Puppet master
> >> >> > version
> >> >> > 2.6.12
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Thu, Dec 29, 2011 at 12:35 PM, Justin
<justin.stoller@gmail.com
> >
> >> >> > wrote:
> >> >> >>
> >> >> >> Hello Khan,
> >> >> >>
> >> >> >> I''m fairly new to Puppet as well.
> >> >> >> I''m assuming that
`manifests/classes/sysctl.pp` is being
> referenced
> >> >> >> by
> >> >> >> the line 3 of `manifests/site.pp` from the error
msgs.
> >> >> >> My first thing would be to double check the
permissions on
> >> >> >> `manifests/
> >> >> >> classes/sysctl.pp`
> >> >> >>
> >> >> >> After that I would check the content and files
being referenced by
> >> >> >> sysctl.pp and see if it''s a permission
issue at a lower level and
> >> >> >> Puppet is errorring at an unhelpfully high
level.
> >> >> >>
> >> >> >> If that doesn''t help, what the
users/groups for the manifests and
> >> >> >> files being created by the manifests? Are you
using filebucket?
> >> >> >>
> >> >> >>
> >> >> >>  - Justin
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> On Dec 29, 8:36 am, Khan
<makhan...@gmail.com> wrote:
> >> >> >> > Hello everyone,
> >> >> >> > I am new to puppet. I have installed on
redhat Enterprise 5and
> >> >> >> > seems
> >> >> >> > to be working fine. Couple days ago I was
testing some
> permissions
> >> >> >> > on
> >> >> >> > /
> >> >> >> > etc folder and applied 600 /etc and sub
folders. Although I have
> >> >> >> > reverted the permission but I am having
issues on puppetmaster.
> >> >> >> > Currently I have these permission on etc
755 and puppet folder:
> >> >> >> > my /etc folder is 755 and puppet folder
with tese permsions:
> >> >> >> >
> >> >> >> > -rw-r--r--  1 root root 2346 May  8  2010
auth.conf
> >> >> >> > -rw-r--r--  1 root root  419 May 19  2010
fileserver.conf
> >> >> >> > drwxr-xr-x  3 root root 4096 Dec 23 10:48
manifests
> >> >> >> > drwxr-xr-x 21 root root 4096 Oct 22  2010
modules
> >> >> >> > -rw-r--r--  1 root root  980 May 27  2010
puppet.conf
> >> >> >> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
> >> >> >> >
> >> >> >> > I am getting these error in the log:
> >> >> >> >
> >> >> >> > puppet-master[3519]: Could not parse for
environment production:
> >> >> >> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
> >> >> >> > /etc/
> >> >> >> > puppet/manifests/site.pp:3 on node client1
> >> >> >> >
> >> >> >> > Dec 27 14:25:46 server puppet-master[3519]:
Could not parse for
> >> >> >> > environment production: Permission denied -
> /etc/puppet/manifests/
> >> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >> >> > client2
> >> >> >> >
> >> >> >> > Dec 27 14:27:15 server puppet-master[3519]:
Could not parse for
> >> >> >> > environment production: Permission denied -
> /etc/puppet/manifests/
> >> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >> >> > client3
> >> >> >> >
> >> >> >> > Dec 27 14:27:15 server 
puppet-master[3519]: Could not parse for
> >> >> >> > environment production: Permission denied -
> /etc/puppet/manifests/
> >> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >> >> > client4
> >> >> >> >
> >> >> >> > Dec 27 14:27:15 server puppet-agent[10407]:
Could not retrieve
> >> >> >> > catalog
> >> >> >> > from remote server: Error 400 on SERVER:
Could not parse for
> >> >> >> > environment production: Permission denied -
> /etc/puppet/manifests/
> >> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >> >> > server
> >> >> >> > Any Help will be greatly appreciated.
> >> >> >>
> >> >> >> --
> >> >> >> You received this message because you are
subscribed to the Google
> >> >> >> Groups
> >> >> >> "Puppet Users" group.
> >> >> >> To post to this group, send email to
> puppet-users@googlegroups.com.
> >> >> >> To unsubscribe from this group, send email to
> >> >> >> puppet-users+unsubscribe@googlegroups.com.
> >> >> >> For more options, visit this group at
> >> >> >>
http://groups.google.com/group/puppet-users?hl=en.
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Regards,
> >> >> > Mohammad
> >> >> >
> >> >> >
> >> >> > --
> >> >> > You received this message because you are subscribed
to the Google
> >> >> > Groups
> >> >> > "Puppet Users" group.
> >> >> > To post to this group, send email to
puppet-users@googlegroups.com
> .
> >> >> > To unsubscribe from this group, send email to
> >> >> > puppet-users+unsubscribe@googlegroups.com.
> >> >> > For more options, visit this group at
> >> >> > http://groups.google.com/group/puppet-users?hl=en.
> >> >>
> >> >> --
> >> >> You received this message because you are subscribed to
the Google
> >> >> Groups
> >> >> "Puppet Users" group.
> >> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> >> To unsubscribe from this group, send email to
> >> >> puppet-users+unsubscribe@googlegroups.com.
> >> >> For more options, visit this group at
> >> >> http://groups.google.com/group/puppet-users?hl=en.
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Regards,
> >> > Mohammad
> >> >
> >> > --
> >> > You received this message because you are subscribed to the
Google
> >> > Groups
> >> > "Puppet Users" group.
> >> > To post to this group, send email to
puppet-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > puppet-users+unsubscribe@googlegroups.com.
> >> > For more options, visit this group at
> >> > http://groups.google.com/group/puppet-users?hl=en.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >
> >
> >
> > --
> > Regards,
> > Mohammad
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I''ve never integrated Puppet with LDAP so I can''t help much
there.

On Thu, Dec 29, 2011 at 12:25 PM, Mohammad Khan <makhan628@gmail.com>
wrote:
> I am getting these messages now at the puppetmaster start:
>
>
> Denying access: Forbidden request: server(ip) access to
> /catalog/server.domain.co [find] at line 93
> Dec 29 15:13:20 server puppet-master[3311]: Forbidden request: server (ip)
> access to /catalog/server.domain.co [find] at line 93
> Dec 29 15:13:20 server puppet-agent[4382]: Could not retrieve catalog from
> remote server: Error 403 on SERVER: Forbidden request: server (ip) access
to
> /catalog/server.domain.co [find] at line 93
> And also the same error: but on 17 line now. Which represent my ldap if i
> disable ldap line then the error moves to next line and so on.
>
>
> On Thu, Dec 29, 2011 at 2:22 PM, Aaron Grewell
<aaron.grewell@gmail.com>
> wrote:
>>
>> Run puppet --genconfig for an example.
>>
>>
>> On Thu, Dec 29, 2011 at 11:12 AM, Mohammad Khan
<makhan628@gmail.com>
>> wrote:
>> > same results after changes , what should i add into master
section?
>> >
>> >
>> > On Thu, Dec 29, 2011 at 2:08 PM, Aaron Grewell
<aaron.grewell@gmail.com>
>> > wrote:
>> >>
>> >> You''ll want to change [puppetd] to [agent], as well
as adding a
>> >> [master] section with appropriate contents.
>> >>
>> >> On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan
<makhan628@gmail.com>
>> >> wrote:
>> >> > [main]
>> >> >     # Where Puppet stores dynamic and growing data.
>> >> >     # The default value is
''/var/puppet''.
>> >> >     vardir = /var/lib/puppet
>> >> >
>> >> >     # The Puppet log directory.
>> >> >     # The default value is
''$vardir/log''.
>> >> >     logdir = /var/log/puppet
>> >> >
>> >> >     # Where Puppet PID files are kept.
>> >> >     # The default value is
''$vardir/run''.
>> >> >     rundir = /var/run/puppet
>> >> >
>> >> >     # Where SSL certificates are kept.
>> >> >     # The default value is
''$confdir/ssl''.
>> >> >     ssldir = $vardir/ssl
>> >> >
>> >> > [puppetd]
>> >> >     # The file in which puppetd stores a list of the
classes
>> >> >     # associated with the retrieved configuratiion.  Can
be loaded in
>> >> >     # the separate ``puppet`` executable using the
``--loadclasses``
>> >> >     # option.
>> >> >     # The default value is
''$confdir/classes.txt''.
>> >> >     classfile = $vardir/classes.txt
>> >> >
>> >> >     # Where puppetd caches the local configuration.  An
>> >> >     # extension indicating the cache format is added
automatically.
>> >> >     # The default value is
''$confdir/localconfig''.
>> >> >     localconfig = $vardir/localconfig
>> >> >
>> >> >
>> >> >
>> >> > On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell
>> >> > <aaron.grewell@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> Can you post your config?  It sounds like there may
be  an error in
>> >> >> it.
>> >> >>
>> >> >> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan
>> >> >> <makhan628@gmail.com>
>> >> >> wrote:
>> >> >> > Thanks for your response.
>> >> >> > I have cahnge the permission to 655 on manifests
and still the
>> >> >> > same
>> >> >> > thing.
>> >> >> > My puppetmaster was not even starting then and
now. The user/group
>> >> >> > is
>> >> >> > root
>> >> >> > for this folder. Every time when I try to start
puppetmaster is
>> >> >> > get
>> >> >> > this
>> >> >> > error message:
>> >> >> >
>> >> >> > server puppet-master[20965]: Starting Puppet
master version 2.6.12
>> >> >> > Dec 29 13:29:26 server  puppet-master[20982]:
You have
>> >> >> > configuration
>> >> >> > parameter $classfile specified in [puppetd],
which is a deprecated
>> >> >> > section.
>> >> >> > I''m assuming you meant [agent]
>> >> >> > Dec 29 13:29:26 server puppet-master[20982]: You
have
>> >> >> > configuration
>> >> >> > parameter $localconfig specified in [puppetd],
which is a
>> >> >> > deprecated
>> >> >> > section. I''m assuming you meant [agent]
>> >> >> > Dec 29 13:29:27 server puppet-master[21035]:
Reopening log files
>> >> >> > Dec 29 13:29:27 server puppet-master[21035]:
Starting Puppet
>> >> >> > master
>> >> >> > version
>> >> >> > 2.6.12
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On Thu, Dec 29, 2011 at 12:35 PM, Justin
>> >> >> > <justin.stoller@gmail.com>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> Hello Khan,
>> >> >> >>
>> >> >> >> I''m fairly new to Puppet as well.
>> >> >> >> I''m assuming that
`manifests/classes/sysctl.pp` is being
>> >> >> >> referenced
>> >> >> >> by
>> >> >> >> the line 3 of `manifests/site.pp` from the
error msgs.
>> >> >> >> My first thing would be to double check the
permissions on
>> >> >> >> `manifests/
>> >> >> >> classes/sysctl.pp`
>> >> >> >>
>> >> >> >> After that I would check the content and
files being referenced
>> >> >> >> by
>> >> >> >> sysctl.pp and see if it''s a
permission issue at a lower level and
>> >> >> >> Puppet is errorring at an unhelpfully high
level.
>> >> >> >>
>> >> >> >> If that doesn''t help, what the
users/groups for the manifests and
>> >> >> >> files being created by the manifests? Are
you using filebucket?
>> >> >> >>
>> >> >> >>
>> >> >> >>  - Justin
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> On Dec 29, 8:36 am, Khan
<makhan...@gmail.com> wrote:
>> >> >> >> > Hello everyone,
>> >> >> >> > I am new to puppet. I have installed on
redhat Enterprise 5and
>> >> >> >> > seems
>> >> >> >> > to be working fine. Couple days ago I
was testing some
>> >> >> >> > permissions
>> >> >> >> > on
>> >> >> >> > /
>> >> >> >> > etc folder and applied 600 /etc and sub
folders. Although I
>> >> >> >> > have
>> >> >> >> > reverted the permission but I am having
issues on puppetmaster.
>> >> >> >> > Currently I have these permission on
etc 755 and puppet folder:
>> >> >> >> > my /etc folder is 755 and puppet folder
with tese permsions:
>> >> >> >> >
>> >> >> >> > -rw-r--r--  1 root root 2346 May  8
 2010 auth.conf
>> >> >> >> > -rw-r--r--  1 root root  419 May 19
 2010 fileserver.conf
>> >> >> >> > drwxr-xr-x  3 root root 4096 Dec 23
10:48 manifests
>> >> >> >> > drwxr-xr-x 21 root root 4096 Oct 22
 2010 modules
>> >> >> >> > -rw-r--r--  1 root root  980 May 27
 2010 puppet.conf
>> >> >> >> > -rw-r--r--  1 root root  855 May 17
 2010 puppet.conf.rpmnew
>> >> >> >> >
>> >> >> >> > I am getting these error in the log:
>> >> >> >> >
>> >> >> >> > puppet-master[3519]: Could not parse
for environment
>> >> >> >> > production:
>> >> >> >> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
>> >> >> >> > /etc/
>> >> >> >> > puppet/manifests/site.pp:3 on node
client1
>> >> >> >> >
>> >> >> >> > Dec 27 14:25:46 server
puppet-master[3519]: Could not parse for
>> >> >> >> > environment production: Permission
denied -
>> >> >> >> > /etc/puppet/manifests/
>> >> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >> >> > client2
>> >> >> >> >
>> >> >> >> > Dec 27 14:27:15 server
puppet-master[3519]: Could not parse for
>> >> >> >> > environment production: Permission
denied -
>> >> >> >> > /etc/puppet/manifests/
>> >> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >> >> > client3
>> >> >> >> >
>> >> >> >> > Dec 27 14:27:15 server
 puppet-master[3519]: Could not parse
>> >> >> >> > for
>> >> >> >> > environment production: Permission
denied -
>> >> >> >> > /etc/puppet/manifests/
>> >> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >> >> > client4
>> >> >> >> >
>> >> >> >> > Dec 27 14:27:15 server
puppet-agent[10407]: Could not retrieve
>> >> >> >> > catalog
>> >> >> >> > from remote server: Error 400 on
SERVER: Could not parse for
>> >> >> >> > environment production: Permission
denied -
>> >> >> >> > /etc/puppet/manifests/
>> >> >> >> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >> >> > server
>> >> >> >> > Any Help will be greatly appreciated.
>> >> >> >>
>> >> >> >> --
>> >> >> >> You received this message because you are
subscribed to the
>> >> >> >> Google
>> >> >> >> Groups
>> >> >> >> "Puppet Users" group.
>> >> >> >> To post to this group, send email to
>> >> >> >> puppet-users@googlegroups.com.
>> >> >> >> To unsubscribe from this group, send email
to
>> >> >> >> puppet-users+unsubscribe@googlegroups.com.
>> >> >> >> For more options, visit this group at
>> >> >> >>
http://groups.google.com/group/puppet-users?hl=en.
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > Regards,
>> >> >> > Mohammad
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > You received this message because you are
subscribed to the Google
>> >> >> > Groups
>> >> >> > "Puppet Users" group.
>> >> >> > To post to this group, send email to
>> >> >> > puppet-users@googlegroups.com.
>> >> >> > To unsubscribe from this group, send email to
>> >> >> > puppet-users+unsubscribe@googlegroups.com.
>> >> >> > For more options, visit this group at
>> >> >> >
http://groups.google.com/group/puppet-users?hl=en.
>> >> >>
>> >> >> --
>> >> >> You received this message because you are subscribed
to the Google
>> >> >> Groups
>> >> >> "Puppet Users" group.
>> >> >> To post to this group, send email to
puppet-users@googlegroups.com.
>> >> >> To unsubscribe from this group, send email to
>> >> >> puppet-users+unsubscribe@googlegroups.com.
>> >> >> For more options, visit this group at
>> >> >> http://groups.google.com/group/puppet-users?hl=en.
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Regards,
>> >> > Mohammad
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to
the Google
>> >> > Groups
>> >> > "Puppet Users" group.
>> >> > To post to this group, send email to
puppet-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > puppet-users+unsubscribe@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/puppet-users?hl=en.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the
Google
>> >> Groups
>> >> "Puppet Users" group.
>> >> To post to this group, send email to
puppet-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> puppet-users+unsubscribe@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/puppet-users?hl=en.
>> >>
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Mohammad
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Regards,
> Mohammad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I''m pretty sure that, besides the other answers already provided, your
main problem is the wrong user for your Puppet configuration. It should be user
''puppet'' and not ''root''. That''s how
''/etc/puppet'' should look like:

drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48 .
drwxr-xr-x 79 root   root    12K Dec 26 04:03 ..
-rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48 auth.conf
drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48 environments
drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48 manifests
-rw-r--r--  1 puppet puppet  838 Dec 12 17:48 namespaceauth.conf
-rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48 puppet.conf
drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20 .svn

So a command like ''chown -R puppet:puppet /etc/puppet'' issued
as ''root'' should solve your main problem which is the
''Permission denied'' error as well as the non starting Puppet
process.

Bernd
> -----Ursprüngliche Nachricht-----
> Von: puppet-users@googlegroups.com [mailto:puppet-
> users@googlegroups.com] Im Auftrag von Khan
> Gesendet: Donnerstag, 29. Dezember 2011 17:37
> An: Puppet Users
> Betreff: [Puppet Users] Puppetserver error
> 
> Hello everyone,
> I am new to puppet. I have installed on redhat Enterprise 5and seems
> to be working fine. Couple days ago I was testing some permissions on /
> etc folder and applied 600 /etc and sub folders. Although I have
> reverted the permission but I am having issues on puppetmaster.
> Currently I have these permission on etc 755 and puppet folder:
> my /etc folder is 755 and puppet folder with tese permsions:
> 
> -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
> -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
> drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
> drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
> -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
> -rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew
> 
> I am getting these error in the log:
> 
> puppet-master[3519]: Could not parse for environment production:
> Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/
> puppet/manifests/site.pp:3 on node client1
> 
> Dec 27 14:25:46 server puppet-master[3519]: Could not parse for
> environment production: Permission denied - /etc/puppet/manifests/
> classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2
> 
> Dec 27 14:27:15 server puppet-master[3519]: Could not parse for
> environment production: Permission denied - /etc/puppet/manifests/
> classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3
> 
> Dec 27 14:27:15 server  puppet-master[3519]: Could not parse for
> environment production: Permission denied - /etc/puppet/manifests/
> classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4
> 
> Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog
> from remote server: Error 400 on SERVER: Could not parse for
> environment production: Permission denied - /etc/puppet/manifests/
> classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server
> Any Help will be greatly appreciated.
> 
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-
> users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks guys; I am getting closer but still some errors. I am getting these
errors now.
 Starting Puppet client version 2.6.12
Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from
remote server: Retrieved certificate does not match private key; please
remove certificate from server and regenerate it with the current key
Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog
Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog;
skipping run



On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz <
Bernd.Adamowicz@esailors.de> wrote:
> I''m pretty sure that, besides the other answers already provided,
your
> main problem is the wrong user for your Puppet configuration. It should be
> user ''puppet'' and not ''root''.
That''s how ''/etc/puppet'' should look like:
>
> drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48 .
> drwxr-xr-x 79 root   root    12K Dec 26 04:03 ..
> -rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48 auth.conf
> drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48 environments
> drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48 manifests
> -rw-r--r--  1 puppet puppet  838 Dec 12 17:48 namespaceauth.conf
> -rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48 puppet.conf
> drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20 .svn
>
> So a command like ''chown -R puppet:puppet /etc/puppet''
issued as ''root''
> should solve your main problem which is the ''Permission
denied'' error as
> well as the non starting Puppet process.
>
> Bernd
>
> > -----Ursprüngliche Nachricht-----
> > Von: puppet-users@googlegroups.com [mailto:puppet-
> > users@googlegroups.com] Im Auftrag von Khan
> > Gesendet: Donnerstag, 29. Dezember 2011 17:37
> > An: Puppet Users
> > Betreff: [Puppet Users] Puppetserver error
> >
> > Hello everyone,
> > I am new to puppet. I have installed on redhat Enterprise 5and seems
> > to be working fine. Couple days ago I was testing some permissions on
/
> > etc folder and applied 600 /etc and sub folders. Although I have
> > reverted the permission but I am having issues on puppetmaster.
> > Currently I have these permission on etc 755 and puppet folder:
> > my /etc folder is 755 and puppet folder with tese permsions:
> >
> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
> > -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
> > -rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew
> >
> > I am getting these error in the log:
> >
> > puppet-master[3519]: Could not parse for environment production:
> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/
> > puppet/manifests/site.pp:3 on node client1
> >
> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for
> > environment production: Permission denied - /etc/puppet/manifests/
> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2
> >
> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for
> > environment production: Permission denied - /etc/puppet/manifests/
> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3
> >
> > Dec 27 14:27:15 server  puppet-master[3519]: Could not parse for
> > environment production: Permission denied - /etc/puppet/manifests/
> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4
> >
> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog
> > from remote server: Error 400 on SERVER: Could not parse for
> > environment production: Permission denied - /etc/puppet/manifests/
> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server
> > Any Help will be greatly appreciated.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to puppet-
> > users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I have tried to deleted the ssl folder under puppet. And then tried to
clean the certificate from the server but did not work.
#puppetca --clean hostname
notice: Revoked certificate with serial # Inventory of signed certificates
# SERIAL NOT_BEFORE NOT_AFTER SUBJECT


err:  Could not call revoke: Cannot convert into OpenSSL::BN


On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> Thanks guys; I am getting closer but still some errors. I am getting these
> errors now.
>  Starting Puppet client version 2.6.12
> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog
> from remote server: Retrieved certificate does not match private key;
> please remove certificate from server and regenerate it with the current
key
> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog
> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog;
> skipping run
>
>
>
>
> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz <
> Bernd.Adamowicz@esailors.de> wrote:
>
>> I''m pretty sure that, besides the other answers already
provided, your
>> main problem is the wrong user for your Puppet configuration. It should
be
>> user ''puppet'' and not ''root''.
That''s how ''/etc/puppet'' should look like:
>>
>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48 .
>> drwxr-xr-x 79 root   root    12K Dec 26 04:03 ..
>> -rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48 auth.conf
>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48 environments
>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48 manifests
>> -rw-r--r--  1 puppet puppet  838 Dec 12 17:48 namespaceauth.conf
>> -rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48 puppet.conf
>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20 .svn
>>
>> So a command like ''chown -R puppet:puppet
/etc/puppet'' issued as ''root''
>> should solve your main problem which is the ''Permission
denied'' error as
>> well as the non starting Puppet process.
>>
>> Bernd
>>
>> > -----Ursprüngliche Nachricht-----
>> > Von: puppet-users@googlegroups.com [mailto:puppet-
>> > users@googlegroups.com] Im Auftrag von Khan
>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37
>> > An: Puppet Users
>> > Betreff: [Puppet Users] Puppetserver error
>> >
>> > Hello everyone,
>> > I am new to puppet. I have installed on redhat Enterprise 5and
seems
>> > to be working fine. Couple days ago I was testing some permissions
on /
>> > etc folder and applied 600 /etc and sub folders. Although I have
>> > reverted the permission but I am having issues on puppetmaster.
>> > Currently I have these permission on etc 755 and puppet folder:
>> > my /etc folder is 755 and puppet folder with tese permsions:
>> >
>> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
>> > -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
>> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
>> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
>> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
>> > -rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew
>> >
>> > I am getting these error in the log:
>> >
>> > puppet-master[3519]: Could not parse for environment production:
>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at
/etc/
>> > puppet/manifests/site.pp:3 on node client1
>> >
>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for
>> > environment production: Permission denied - /etc/puppet/manifests/
>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client2
>> >
>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for
>> > environment production: Permission denied - /etc/puppet/manifests/
>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client3
>> >
>> > Dec 27 14:27:15 server  puppet-master[3519]: Could not parse for
>> > environment production: Permission denied - /etc/puppet/manifests/
>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client4
>> >
>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve
catalog
>> > from remote server: Error 400 on SERVER: Could not parse for
>> > environment production: Permission denied - /etc/puppet/manifests/
>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
server
>> > Any Help will be greatly appreciated.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to puppet-
>> > users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> --
> Regards,
> Mohammad
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I have gone little further nowwhat I have done is to delete the ssl folder
from one of the client and ran this command on server: puppetca --clean
clientname
it has generated new certificate but in the end I get the same error:
err: Could not call revoke: Cannot convert into OpenSSL::BN
Further more when i restart the agent from the client now I get this
message under server message log: client has a waiting certificate request
Under my client message log:
hostname  puppet-agent[13385]: Did not receive certificate



On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> I have tried to deleted the ssl folder under puppet. And then tried to
> clean the certificate from the server but did not work.
> #puppetca --clean hostname
> notice: Revoked certificate with serial # Inventory of signed certificates
> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
>
>
> err:  Could not call revoke: Cannot convert into OpenSSL::BN
>
>
>
> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan
<makhan628@gmail.com>wrote:
>
>> Thanks guys; I am getting closer but still some errors. I am getting
>> these errors now.
>>  Starting Puppet client version 2.6.12
>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog
>> from remote server: Retrieved certificate does not match private key;
>> please remove certificate from server and regenerate it with the
current key
>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog
>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog;
>> skipping run
>>
>>
>>
>>
>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz <
>> Bernd.Adamowicz@esailors.de> wrote:
>>
>>> I''m pretty sure that, besides the other answers already
provided, your
>>> main problem is the wrong user for your Puppet configuration. It
should be
>>> user ''puppet'' and not ''root''.
That''s how ''/etc/puppet'' should look like:
>>>
>>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48 .
>>> drwxr-xr-x 79 root   root    12K Dec 26 04:03 ..
>>> -rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48 auth.conf
>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48 environments
>>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48 manifests
>>> -rw-r--r--  1 puppet puppet  838 Dec 12 17:48 namespaceauth.conf
>>> -rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48 puppet.conf
>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20 .svn
>>>
>>> So a command like ''chown -R puppet:puppet
/etc/puppet'' issued as ''root''
>>> should solve your main problem which is the ''Permission
denied'' error as
>>> well as the non starting Puppet process.
>>>
>>> Bernd
>>>
>>> > -----Ursprüngliche Nachricht-----
>>> > Von: puppet-users@googlegroups.com [mailto:puppet-
>>> > users@googlegroups.com] Im Auftrag von Khan
>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37
>>> > An: Puppet Users
>>> > Betreff: [Puppet Users] Puppetserver error
>>> >
>>> > Hello everyone,
>>> > I am new to puppet. I have installed on redhat Enterprise 5and
seems
>>> > to be working fine. Couple days ago I was testing some
permissions on /
>>> > etc folder and applied 600 /etc and sub folders. Although I
have
>>> > reverted the permission but I am having issues on
puppetmaster.
>>> > Currently I have these permission on etc 755 and puppet
folder:
>>> > my /etc folder is 755 and puppet folder with tese permsions:
>>> >
>>> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
>>> > -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
>>> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
>>> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
>>> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
>>> > -rw-r--r--  1 root root  855 May 17  2010 puppet.conf.rpmnew
>>> >
>>> > I am getting these error in the log:
>>> >
>>> > puppet-master[3519]: Could not parse for environment
production:
>>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at
/etc/
>>> > puppet/manifests/site.pp:3 on node client1
>>> >
>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse
for
>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client2
>>> >
>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse
for
>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client3
>>> >
>>> > Dec 27 14:27:15 server  puppet-master[3519]: Could not parse
for
>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
client4
>>> >
>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve
catalog
>>> > from remote server: Error 400 on SERVER: Could not parse for
>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node
server
>>> > Any Help will be greatly appreciated.
>>> >
>>> > --
>>> > You received this message because you are subscribed to the
Google
>>> > Groups "Puppet Users" group.
>>> > To post to this group, send email to
puppet-users@googlegroups.com.
>>> > To unsubscribe from this group, send email to puppet-
>>> > users+unsubscribe@googlegroups.com.
>>> > For more options, visit this group at
>>> > http://groups.google.com/group/puppet-users?hl=en.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>
>>
>> --
>> Regards,
>> Mohammad
>>
>>
>
>
> --
> Regards,
> Mohammad
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I was able to sign the certificate to the client but still I am getting
this error now on the
client:

Client puppet-agent[15030]: Starting Puppet client version 2.6.12
Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from
remote server: certificate verify failed
Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog
Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog;
skipping run



On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> I have gone little further nowwhat I have done is to delete the ssl folder
> from one of the client and ran this command on server: puppetca --clean
> clientname
> it has generated new certificate but in the end I get the same error:
>
> err: Could not call revoke: Cannot convert into OpenSSL::BN
> Further more when i restart the agent from the client now I get this
> message under server message log: client has a waiting certificate request
> Under my client message log:
> hostname  puppet-agent[13385]: Did not receive certificate
>
>
>
>
> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan
<makhan628@gmail.com>wrote:
>
>> I have tried to deleted the ssl folder under puppet. And then tried to
>> clean the certificate from the server but did not work.
>> #puppetca --clean hostname
>> notice: Revoked certificate with serial # Inventory of signed
certificates
>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
>>
>>
>> err:  Could not call revoke: Cannot convert into OpenSSL::BN
>>
>>
>>
>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan
<makhan628@gmail.com>wrote:
>>
>>> Thanks guys; I am getting closer but still some errors. I am
getting
>>> these errors now.
>>>  Starting Puppet client version 2.6.12
>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve
catalog
>>> from remote server: Retrieved certificate does not match private
key;
>>> please remove certificate from server and regenerate it with the
current key
>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog
>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve
catalog;
>>> skipping run
>>>
>>>
>>>
>>>
>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz <
>>> Bernd.Adamowicz@esailors.de> wrote:
>>>
>>>> I''m pretty sure that, besides the other answers
already provided, your
>>>> main problem is the wrong user for your Puppet configuration.
It should be
>>>> user ''puppet'' and not
''root''. That''s how ''/etc/puppet''
should look like:
>>>>
>>>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48 .
>>>> drwxr-xr-x 79 root   root    12K Dec 26 04:03 ..
>>>> -rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48 auth.conf
>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48 environments
>>>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48 manifests
>>>> -rw-r--r--  1 puppet puppet  838 Dec 12 17:48
namespaceauth.conf
>>>> -rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48 puppet.conf
>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20 .svn
>>>>
>>>> So a command like ''chown -R puppet:puppet
/etc/puppet'' issued as ''root''
>>>> should solve your main problem which is the
''Permission denied'' error as
>>>> well as the non starting Puppet process.
>>>>
>>>> Bernd
>>>>
>>>> > -----Ursprüngliche Nachricht-----
>>>> > Von: puppet-users@googlegroups.com [mailto:puppet-
>>>> > users@googlegroups.com] Im Auftrag von Khan
>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37
>>>> > An: Puppet Users
>>>> > Betreff: [Puppet Users] Puppetserver error
>>>> >
>>>> > Hello everyone,
>>>> > I am new to puppet. I have installed on redhat Enterprise
5and seems
>>>> > to be working fine. Couple days ago I was testing some
permissions on
>>>> /
>>>> > etc folder and applied 600 /etc and sub folders. Although
I have
>>>> > reverted the permission but I am having issues on
puppetmaster.
>>>> > Currently I have these permission on etc 755 and puppet
folder:
>>>> > my /etc folder is 755 and puppet folder with tese
permsions:
>>>> >
>>>> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
>>>> > -rw-r--r--  1 root root  419 May 19  2010 fileserver.conf
>>>> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
>>>> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
>>>> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
>>>> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
>>>> >
>>>> > I am getting these error in the log:
>>>> >
>>>> > puppet-master[3519]: Could not parse for environment
production:
>>>> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at /etc/
>>>> > puppet/manifests/site.pp:3 on node client1
>>>> >
>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not
parse for
>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on
node client2
>>>> >
>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not
parse for
>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on
node client3
>>>> >
>>>> > Dec 27 14:27:15 server  puppet-master[3519]: Could not
parse for
>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on
node client4
>>>> >
>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not
retrieve catalog
>>>> > from remote server: Error 400 on SERVER: Could not parse
for
>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on
node server
>>>> > Any Help will be greatly appreciated.
>>>> >
>>>> > --
>>>> > You received this message because you are subscribed to
the Google
>>>> > Groups "Puppet Users" group.
>>>> > To post to this group, send email to
puppet-users@googlegroups.com.
>>>> > To unsubscribe from this group, send email to puppet-
>>>> > users+unsubscribe@googlegroups.com.
>>>> > For more options, visit this group at
>>>> > http://groups.google.com/group/puppet-users?hl=en.
>>>>
>>>> --
>>>> You received this message because you are subscribed to the
Google
>>>> Groups "Puppet Users" group.
>>>> To post to this group, send email to
puppet-users@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> puppet-users+unsubscribe@googlegroups.com.
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/puppet-users?hl=en.
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Mohammad
>>>
>>>
>>
>>
>> --
>> Regards,
>> Mohammad
>>
>>
>
>
> --
> Regards,
> Mohammad
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Do I need to make any changes to server or delete sl info on the server. I
am still getting the certificate verify failed error on clients?

On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> I was able to sign the certificate to the client but still I am getting
> this error now on the
> client:
>
> Client puppet-agent[15030]: Starting Puppet client version 2.6.12
> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog
> from remote server: certificate verify failed
> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog
> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog;
> skipping run
>
>
>
>
> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan
<makhan628@gmail.com>wrote:
>
>> I have gone little further nowwhat I have done is to delete the ssl
>> folder from one of the client and ran this command on server: puppetca
>> --clean clientname
>> it has generated new certificate but in the end I get the same error:
>>
>> err: Could not call revoke: Cannot convert into OpenSSL::BN
>> Further more when i restart the agent from the client now I get this
>> message under server message log: client has a waiting certificate
request
>> Under my client message log:
>> hostname  puppet-agent[13385]: Did not receive certificate
>>
>>
>>
>>
>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan
<makhan628@gmail.com>wrote:
>>
>>> I have tried to deleted the ssl folder under puppet. And then tried
to
>>> clean the certificate from the server but did not work.
>>> #puppetca --clean hostname
>>> notice: Revoked certificate with serial # Inventory of signed
>>> certificates
>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
>>>
>>>
>>> err:  Could not call revoke: Cannot convert into OpenSSL::BN
>>>
>>>
>>>
>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan
<makhan628@gmail.com>wrote:
>>>
>>>> Thanks guys; I am getting closer but still some errors. I am
getting
>>>> these errors now.
>>>>  Starting Puppet client version 2.6.12
>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve
catalog
>>>> from remote server: Retrieved certificate does not match
private key;
>>>> please remove certificate from server and regenerate it with
the current key
>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached
catalog
>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve
catalog;
>>>> skipping run
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz <
>>>> Bernd.Adamowicz@esailors.de> wrote:
>>>>
>>>>> I''m pretty sure that, besides the other answers
already provided, your
>>>>> main problem is the wrong user for your Puppet
configuration. It should be
>>>>> user ''puppet'' and not
''root''. That''s how ''/etc/puppet''
should look like:
>>>>>
>>>>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48 .
>>>>> drwxr-xr-x 79 root   root    12K Dec 26 04:03 ..
>>>>> -rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48 auth.conf
>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48 environments
>>>>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48 manifests
>>>>> -rw-r--r--  1 puppet puppet  838 Dec 12 17:48
namespaceauth.conf
>>>>> -rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48 puppet.conf
>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20 .svn
>>>>>
>>>>> So a command like ''chown -R puppet:puppet
/etc/puppet'' issued as
>>>>> ''root'' should solve your main problem
which is the ''Permission denied''
>>>>> error as well as the non starting Puppet process.
>>>>>
>>>>> Bernd
>>>>>
>>>>> > -----Ursprüngliche Nachricht-----
>>>>> > Von: puppet-users@googlegroups.com [mailto:puppet-
>>>>> > users@googlegroups.com] Im Auftrag von Khan
>>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37
>>>>> > An: Puppet Users
>>>>> > Betreff: [Puppet Users] Puppetserver error
>>>>> >
>>>>> > Hello everyone,
>>>>> > I am new to puppet. I have installed on redhat
Enterprise 5and seems
>>>>> > to be working fine. Couple days ago I was testing some
permissions
>>>>> on /
>>>>> > etc folder and applied 600 /etc and sub folders.
Although I have
>>>>> > reverted the permission but I am having issues on
puppetmaster.
>>>>> > Currently I have these permission on etc 755 and
puppet folder:
>>>>> > my /etc folder is 755 and puppet folder with tese
permsions:
>>>>> >
>>>>> > -rw-r--r--  1 root root 2346 May  8  2010 auth.conf
>>>>> > -rw-r--r--  1 root root  419 May 19  2010
fileserver.conf
>>>>> > drwxr-xr-x  3 root root 4096 Dec 23 10:48 manifests
>>>>> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
>>>>> > -rw-r--r--  1 root root  980 May 27  2010 puppet.conf
>>>>> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
>>>>> >
>>>>> > I am getting these error in the log:
>>>>> >
>>>>> > puppet-master[3519]: Could not parse for environment
production:
>>>>> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at /etc/
>>>>> > puppet/manifests/site.pp:3 on node client1
>>>>> >
>>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not
parse for
>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3
on node client2
>>>>> >
>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not
parse for
>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3
on node client3
>>>>> >
>>>>> > Dec 27 14:27:15 server  puppet-master[3519]: Could not
parse for
>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3
on node client4
>>>>> >
>>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not
retrieve
>>>>> catalog
>>>>> > from remote server: Error 400 on SERVER: Could not
parse for
>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3
on node server
>>>>> > Any Help will be greatly appreciated.
>>>>> >
>>>>> > --
>>>>> > You received this message because you are subscribed
to the Google
>>>>> > Groups "Puppet Users" group.
>>>>> > To post to this group, send email to
puppet-users@googlegroups.com.
>>>>> > To unsubscribe from this group, send email to puppet-
>>>>> > users+unsubscribe@googlegroups.com.
>>>>> > For more options, visit this group at
>>>>> > http://groups.google.com/group/puppet-users?hl=en.
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the
Google
>>>>> Groups "Puppet Users" group.
>>>>> To post to this group, send email to
puppet-users@googlegroups.com.
>>>>> To unsubscribe from this group, send email to
>>>>> puppet-users+unsubscribe@googlegroups.com.
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/puppet-users?hl=en.
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Mohammad
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Mohammad
>>>
>>>
>>
>>
>> --
>> Regards,
>> Mohammad
>>
>>
>
>
> --
> Regards,
> Mohammad
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Did you remove the ssldir on the server or the client?  Usually to
completely reset the cert you run clean on the server, remove the
contents of the ssldir on the client, then re-run puppet and it should
rebuild the cert.  I wouldn''t recommend removing the ssldir on the
server except as a last resort, otherwise you''ll have to rebuild all
your client certs.

If that''s what you already did, make sure that your ssldir and its
contents are owned by user & group puppet as well.

On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> Do I need to make any changes to server or delete sl info on the server. I
> am still getting the certificate verify failed error on clients?
>
>
> On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
>>
>> I was able to sign the certificate to the client but still I am getting
>> this error now on the
>> client:
>>
>> Client puppet-agent[15030]: Starting Puppet client version 2.6.12
>> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog
>> from remote server: certificate verify failed
>> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog
>> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog;
>> skipping run
>>
>>
>>
>>
>> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan
<makhan628@gmail.com>
>> wrote:
>>>
>>> I have gone little further nowwhat I have done is to delete the ssl
>>> folder from one of the client and ran this command on server:
puppetca
>>> --clean clientname
>>> it has generated new certificate but in the end I get the same
error:
>>>
>>> err: Could not call revoke: Cannot convert into OpenSSL::BN
>>> Further more when i restart the agent from the client now I get
this
>>> message under server message log: client has a waiting certificate
request
>>> Under my client message log:
>>> hostname  puppet-agent[13385]: Did not receive certificate
>>>
>>>
>>>
>>>
>>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan
<makhan628@gmail.com>
>>> wrote:
>>>>
>>>> I have tried to deleted the ssl folder under puppet. And then
tried to
>>>> clean the certificate from the server but did not work.
>>>> #puppetca --clean hostname
>>>> notice: Revoked certificate with serial # Inventory of signed
>>>> certificates
>>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
>>>>
>>>>
>>>> err:  Could not call revoke: Cannot convert into OpenSSL::BN
>>>>
>>>>
>>>>
>>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan
<makhan628@gmail.com>
>>>> wrote:
>>>>>
>>>>> Thanks guys; I am getting closer but still some errors. I
am getting
>>>>> these errors now.
>>>>>  Starting Puppet client version 2.6.12
>>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not
retrieve catalog
>>>>> from remote server: Retrieved certificate does not match
private key; please
>>>>> remove certificate from server and regenerate it with the
current key
>>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached
catalog
>>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not
retrieve catalog;
>>>>> skipping run
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz
>>>>> <Bernd.Adamowicz@esailors.de> wrote:
>>>>>>
>>>>>> I''m pretty sure that, besides the other
answers already provided, your
>>>>>> main problem is the wrong user for your Puppet
configuration. It should be
>>>>>> user ''puppet'' and not
''root''. That''s how ''/etc/puppet''
should look like:
>>>>>>
>>>>>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48 .
>>>>>> drwxr-xr-x 79 root   root    12K Dec 26 04:03 ..
>>>>>> -rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48 auth.conf
>>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48
environments
>>>>>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48 manifests
>>>>>> -rw-r--r--  1 puppet puppet  838 Dec 12 17:48
namespaceauth.conf
>>>>>> -rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48
puppet.conf
>>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20 .svn
>>>>>>
>>>>>> So a command like ''chown -R puppet:puppet
/etc/puppet'' issued as
>>>>>> ''root'' should solve your main problem
which is the ''Permission denied'' error
>>>>>> as well as the non starting Puppet process.
>>>>>>
>>>>>> Bernd
>>>>>>
>>>>>> > -----Ursprüngliche Nachricht-----
>>>>>> > Von: puppet-users@googlegroups.com [mailto:puppet-
>>>>>> > users@googlegroups.com] Im Auftrag von Khan
>>>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37
>>>>>> > An: Puppet Users
>>>>>> > Betreff: [Puppet Users] Puppetserver error
>>>>>> >
>>>>>> > Hello everyone,
>>>>>> > I am new to puppet. I have installed on redhat
Enterprise 5and seems
>>>>>> > to be working fine. Couple days ago I was testing
some permissions
>>>>>> > on /
>>>>>> > etc folder and applied 600 /etc and sub folders.
Although I have
>>>>>> > reverted the permission but I am having issues on
puppetmaster.
>>>>>> > Currently I have these permission on etc 755 and
puppet folder:
>>>>>> > my /etc folder is 755 and puppet folder with tese
permsions:
>>>>>> >
>>>>>> > -rw-r--r--  1 root root 2346 May  8  2010
auth.conf
>>>>>> > -rw-r--r--  1 root root  419 May 19  2010
fileserver.conf
>>>>>> > drwxr-xr-x  3 root root 4096 Dec 23 10:48
manifests
>>>>>> > drwxr-xr-x 21 root root 4096 Oct 22  2010 modules
>>>>>> > -rw-r--r--  1 root root  980 May 27  2010
puppet.conf
>>>>>> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
>>>>>> >
>>>>>> > I am getting these error in the log:
>>>>>> >
>>>>>> > puppet-master[3519]: Could not parse for
environment production:
>>>>>> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at /etc/
>>>>>> > puppet/manifests/site.pp:3 on node client1
>>>>>> >
>>>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could
not parse for
>>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node client2
>>>>>> >
>>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could
not parse for
>>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node client3
>>>>>> >
>>>>>> > Dec 27 14:27:15 server  puppet-master[3519]: Could
not parse for
>>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node client4
>>>>>> >
>>>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could
not retrieve
>>>>>> > catalog
>>>>>> > from remote server: Error 400 on SERVER: Could not
parse for
>>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
>>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node server
>>>>>> > Any Help will be greatly appreciated.
>>>>>> >
>>>>>> > --
>>>>>> > You received this message because you are
subscribed to the Google
>>>>>> > Groups "Puppet Users" group.
>>>>>> > To post to this group, send email to
puppet-users@googlegroups.com.
>>>>>> > To unsubscribe from this group, send email to
puppet-
>>>>>> > users+unsubscribe@googlegroups.com.
>>>>>> > For more options, visit this group at
>>>>>> > http://groups.google.com/group/puppet-users?hl=en.
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to
the Google
>>>>>> Groups "Puppet Users" group.
>>>>>> To post to this group, send email to
puppet-users@googlegroups.com.
>>>>>> To unsubscribe from this group, send email to
>>>>>> puppet-users+unsubscribe@googlegroups.com.
>>>>>> For more options, visit this group at
>>>>>> http://groups.google.com/group/puppet-users?hl=en.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Mohammad
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Mohammad
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Mohammad
>>>
>>
>>
>>
>> --
>> Regards,
>> Mohammad
>>
>
>
>
> --
> Regards,
> Mohammad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I removed ssldir from clients and ran the puppetca --clean from the server.
It ran fine finally. Now I am stuck on where client complains that
''certificate verify failed" I dont know what to do now?

On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell
<aaron.grewell@gmail.com>wrote:
> Did you remove the ssldir on the server or the client?  Usually to
> completely reset the cert you run clean on the server, remove the
> contents of the ssldir on the client, then re-run puppet and it should
> rebuild the cert.  I wouldn''t recommend removing the ssldir on the
> server except as a last resort, otherwise you''ll have to rebuild
all
> your client certs.
>
> If that''s what you already did, make sure that your ssldir and its
> contents are owned by user & group puppet as well.
>
> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan <makhan628@gmail.com>
> wrote:
> > Do I need to make any changes to server or delete sl info on the
server.
> I
> > am still getting the certificate verify failed error on clients?
> >
> >
> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan
<makhan628@gmail.com>
> wrote:
> >>
> >> I was able to sign the certificate to the client but still I am
getting
> >> this error now on the
> >> client:
> >>
> >> Client puppet-agent[15030]: Starting Puppet client version 2.6.12
> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve
catalog
> >> from remote server: certificate verify failed
> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog
> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve
catalog;
> >> skipping run
> >>
> >>
> >>
> >>
> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan
<makhan628@gmail.com>
> >> wrote:
> >>>
> >>> I have gone little further nowwhat I have done is to delete
the ssl
> >>> folder from one of the client and ran this command on server:
puppetca
> >>> --clean clientname
> >>> it has generated new certificate but in the end I get the same
error:
> >>>
> >>> err: Could not call revoke: Cannot convert into OpenSSL::BN
> >>> Further more when i restart the agent from the client now I
get this
> >>> message under server message log: client has a waiting
certificate
> request
> >>> Under my client message log:
> >>> hostname  puppet-agent[13385]: Did not receive certificate
> >>>
> >>>
> >>>
> >>>
> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan
<makhan628@gmail.com>
> >>> wrote:
> >>>>
> >>>> I have tried to deleted the ssl folder under puppet. And
then tried to
> >>>> clean the certificate from the server but did not work.
> >>>> #puppetca --clean hostname
> >>>> notice: Revoked certificate with serial # Inventory of
signed
> >>>> certificates
> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
> >>>>
> >>>>
> >>>> err:  Could not call revoke: Cannot convert into
OpenSSL::BN
> >>>>
> >>>>
> >>>>
> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan
<makhan628@gmail.com>
> >>>> wrote:
> >>>>>
> >>>>> Thanks guys; I am getting closer but still some
errors. I am getting
> >>>>> these errors now.
> >>>>>  Starting Puppet client version 2.6.12
> >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not
retrieve
> catalog
> >>>>> from remote server: Retrieved certificate does not
match private
> key; please
> >>>>> remove certificate from server and regenerate it with
the current key
> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using
cached catalog
> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not
retrieve
> catalog;
> >>>>> skipping run
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz
> >>>>> <Bernd.Adamowicz@esailors.de> wrote:
> >>>>>>
> >>>>>> I''m pretty sure that, besides the other
answers already provided,
> your
> >>>>>> main problem is the wrong user for your Puppet
configuration. It
> should be
> >>>>>> user ''puppet'' and not
''root''. That''s how ''/etc/puppet''
should look
> like:
> >>>>>>
> >>>>>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48 .
> >>>>>> drwxr-xr-x 79 root   root    12K Dec 26 04:03 ..
> >>>>>> -rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48
auth.conf
> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48
environments
> >>>>>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48
manifests
> >>>>>> -rw-r--r--  1 puppet puppet  838 Dec 12 17:48
namespaceauth.conf
> >>>>>> -rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48
puppet.conf
> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20 .svn
> >>>>>>
> >>>>>> So a command like ''chown -R puppet:puppet
/etc/puppet'' issued as
> >>>>>> ''root'' should solve your main
problem which is the ''Permission
> denied'' error
> >>>>>> as well as the non starting Puppet process.
> >>>>>>
> >>>>>> Bernd
> >>>>>>
> >>>>>> > -----Ursprüngliche Nachricht-----
> >>>>>> > Von: puppet-users@googlegroups.com
[mailto:puppet-
> >>>>>> > users@googlegroups.com] Im Auftrag von Khan
> >>>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37
> >>>>>> > An: Puppet Users
> >>>>>> > Betreff: [Puppet Users] Puppetserver error
> >>>>>> >
> >>>>>> > Hello everyone,
> >>>>>> > I am new to puppet. I have installed on
redhat Enterprise 5and
> seems
> >>>>>> > to be working fine. Couple days ago I was
testing some permissions
> >>>>>> > on /
> >>>>>> > etc folder and applied 600 /etc and sub
folders. Although I have
> >>>>>> > reverted the permission but I am having
issues on puppetmaster.
> >>>>>> > Currently I have these permission on etc 755
and puppet folder:
> >>>>>> > my /etc folder is 755 and puppet folder with
tese permsions:
> >>>>>> >
> >>>>>> > -rw-r--r--  1 root root 2346 May  8  2010
auth.conf
> >>>>>> > -rw-r--r--  1 root root  419 May 19  2010
fileserver.conf
> >>>>>> > drwxr-xr-x  3 root root 4096 Dec 23 10:48
manifests
> >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22  2010
modules
> >>>>>> > -rw-r--r--  1 root root  980 May 27  2010
puppet.conf
> >>>>>> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
> >>>>>> >
> >>>>>> > I am getting these error in the log:
> >>>>>> >
> >>>>>> > puppet-master[3519]: Could not parse for
environment production:
> >>>>>> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
> /etc/
> >>>>>> > puppet/manifests/site.pp:3 on node client1
> >>>>>> >
> >>>>>> > Dec 27 14:25:46 server puppet-master[3519]:
Could not parse for
> >>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> client2
> >>>>>> >
> >>>>>> > Dec 27 14:27:15 server puppet-master[3519]:
Could not parse for
> >>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> client3
> >>>>>> >
> >>>>>> > Dec 27 14:27:15 server  puppet-master[3519]:
Could not parse for
> >>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> client4
> >>>>>> >
> >>>>>> > Dec 27 14:27:15 server puppet-agent[10407]:
Could not retrieve
> >>>>>> > catalog
> >>>>>> > from remote server: Error 400 on SERVER:
Could not parse for
> >>>>>> > environment production: Permission denied -
/etc/puppet/manifests/
> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> server
> >>>>>> > Any Help will be greatly appreciated.
> >>>>>> >
> >>>>>> > --
> >>>>>> > You received this message because you are
subscribed to the Google
> >>>>>> > Groups "Puppet Users" group.
> >>>>>> > To post to this group, send email to
> puppet-users@googlegroups.com.
> >>>>>> > To unsubscribe from this group, send email to
puppet-
> >>>>>> > users+unsubscribe@googlegroups.com.
> >>>>>> > For more options, visit this group at
> >>>>>> >
http://groups.google.com/group/puppet-users?hl=en.
> >>>>>>
> >>>>>> --
> >>>>>> You received this message because you are
subscribed to the Google
> >>>>>> Groups "Puppet Users" group.
> >>>>>> To post to this group, send email to
puppet-users@googlegroups.com.
> >>>>>> To unsubscribe from this group, send email to
> >>>>>> puppet-users+unsubscribe@googlegroups.com.
> >>>>>> For more options, visit this group at
> >>>>>> http://groups.google.com/group/puppet-users?hl=en.
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Regards,
> >>>>> Mohammad
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Regards,
> >>>> Mohammad
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Regards,
> >>> Mohammad
> >>>
> >>
> >>
> >>
> >> --
> >> Regards,
> >> Mohammad
> >>
> >
> >
> >
> > --
> > Regards,
> > Mohammad
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

You''ll have to re-sign your node''s cert using puppetca --sign
<hostname>

On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> I removed ssldir from clients and ran the puppetca --clean from the server.
> It ran fine finally. Now I am stuck on where client complains that
> ''certificate verify failed" I dont know what to do now?
>
>
> On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell
<aaron.grewell@gmail.com>
> wrote:
>>
>> Did you remove the ssldir on the server or the client?  Usually to
>> completely reset the cert you run clean on the server, remove the
>> contents of the ssldir on the client, then re-run puppet and it should
>> rebuild the cert.  I wouldn''t recommend removing the ssldir on
the
>> server except as a last resort, otherwise you''ll have to
rebuild all
>> your client certs.
>>
>> If that''s what you already did, make sure that your ssldir and
its
>> contents are owned by user & group puppet as well.
>>
>> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan
<makhan628@gmail.com>
>> wrote:
>> > Do I need to make any changes to server or delete sl info on the
server.
>> > I
>> > am still getting the certificate verify failed error on clients?
>> >
>> >
>> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan
<makhan628@gmail.com>
>> > wrote:
>> >>
>> >> I was able to sign the certificate to the client but still I
am getting
>> >> this error now on the
>> >> client:
>> >>
>> >> Client puppet-agent[15030]: Starting Puppet client version
2.6.12
>> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve
catalog
>> >> from remote server: certificate verify failed
>> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached
catalog
>> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve
catalog;
>> >> skipping run
>> >>
>> >>
>> >>
>> >>
>> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan
<makhan628@gmail.com>
>> >> wrote:
>> >>>
>> >>> I have gone little further nowwhat I have done is to
delete the ssl
>> >>> folder from one of the client and ran this command on
server: puppetca
>> >>> --clean clientname
>> >>> it has generated new certificate but in the end I get the
same error:
>> >>>
>> >>> err: Could not call revoke: Cannot convert into
OpenSSL::BN
>> >>> Further more when i restart the agent from the client now
I get this
>> >>> message under server message log: client has a waiting
certificate
>> >>> request
>> >>> Under my client message log:
>> >>> hostname  puppet-agent[13385]: Did not receive certificate
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan
<makhan628@gmail.com>
>> >>> wrote:
>> >>>>
>> >>>> I have tried to deleted the ssl folder under puppet.
And then tried
>> >>>> to
>> >>>> clean the certificate from the server but did not
work.
>> >>>> #puppetca --clean hostname
>> >>>> notice: Revoked certificate with serial # Inventory of
signed
>> >>>> certificates
>> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
>> >>>>
>> >>>>
>> >>>> err:  Could not call revoke: Cannot convert into
OpenSSL::BN
>> >>>>
>> >>>>
>> >>>>
>> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan
<makhan628@gmail.com>
>> >>>> wrote:
>> >>>>>
>> >>>>> Thanks guys; I am getting closer but still some
errors. I am getting
>> >>>>> these errors now.
>> >>>>>  Starting Puppet client version 2.6.12
>> >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could
not retrieve
>> >>>>> catalog
>> >>>>> from remote server: Retrieved certificate does not
match private
>> >>>>> key; please
>> >>>>> remove certificate from server and regenerate it
with the current
>> >>>>> key
>> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using
cached catalog
>> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could
not retrieve
>> >>>>> catalog;
>> >>>>> skipping run
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz
>> >>>>> <Bernd.Adamowicz@esailors.de> wrote:
>> >>>>>>
>> >>>>>> I''m pretty sure that, besides the
other answers already provided,
>> >>>>>> your
>> >>>>>> main problem is the wrong user for your Puppet
configuration. It
>> >>>>>> should be
>> >>>>>> user ''puppet'' and not
''root''. That''s how ''/etc/puppet''
should look
>> >>>>>> like:
>> >>>>>>
>> >>>>>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12 17:48
.
>> >>>>>> drwxr-xr-x 79 root   root    12K Dec 26 04:03
..
>> >>>>>> -rw-r--r--  1 puppet puppet 3.1K Dec 12 17:48
auth.conf
>> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12 17:48
environments
>> >>>>>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12 17:48
manifests
>> >>>>>> -rw-r--r--  1 puppet puppet  838 Dec 12 17:48
namespaceauth.conf
>> >>>>>> -rw-r--r--  1 puppet puppet 1.8K Dec 12 17:48
puppet.conf
>> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30 08:20
.svn
>> >>>>>>
>> >>>>>> So a command like ''chown -R
puppet:puppet /etc/puppet'' issued as
>> >>>>>> ''root'' should solve your
main problem which is the ''Permission
>> >>>>>> denied'' error
>> >>>>>> as well as the non starting Puppet process.
>> >>>>>>
>> >>>>>> Bernd
>> >>>>>>
>> >>>>>> > -----Ursprüngliche Nachricht-----
>> >>>>>> > Von: puppet-users@googlegroups.com
[mailto:puppet-
>> >>>>>> > users@googlegroups.com] Im Auftrag von
Khan
>> >>>>>> > Gesendet: Donnerstag, 29. Dezember 2011
17:37
>> >>>>>> > An: Puppet Users
>> >>>>>> > Betreff: [Puppet Users] Puppetserver
error
>> >>>>>> >
>> >>>>>> > Hello everyone,
>> >>>>>> > I am new to puppet. I have installed on
redhat Enterprise 5and
>> >>>>>> > seems
>> >>>>>> > to be working fine. Couple days ago I was
testing some
>> >>>>>> > permissions
>> >>>>>> > on /
>> >>>>>> > etc folder and applied 600 /etc and sub
folders. Although I have
>> >>>>>> > reverted the permission but I am having
issues on puppetmaster.
>> >>>>>> > Currently I have these permission on etc
755 and puppet folder:
>> >>>>>> > my /etc folder is 755 and puppet folder
with tese permsions:
>> >>>>>> >
>> >>>>>> > -rw-r--r--  1 root root 2346 May  8  2010
auth.conf
>> >>>>>> > -rw-r--r--  1 root root  419 May 19  2010
fileserver.conf
>> >>>>>> > drwxr-xr-x  3 root root 4096 Dec 23 10:48
manifests
>> >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22  2010
modules
>> >>>>>> > -rw-r--r--  1 root root  980 May 27  2010
puppet.conf
>> >>>>>> > -rw-r--r--  1 root root  855 May 17  2010
puppet.conf.rpmnew
>> >>>>>> >
>> >>>>>> > I am getting these error in the log:
>> >>>>>> >
>> >>>>>> > puppet-master[3519]: Could not parse for
environment production:
>> >>>>>> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
>> >>>>>> > /etc/
>> >>>>>> > puppet/manifests/site.pp:3 on node
client1
>> >>>>>> >
>> >>>>>> > Dec 27 14:25:46 server
puppet-master[3519]: Could not parse for
>> >>>>>> > environment production: Permission denied
-
>> >>>>>> > /etc/puppet/manifests/
>> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >>>>>> > client2
>> >>>>>> >
>> >>>>>> > Dec 27 14:27:15 server
puppet-master[3519]: Could not parse for
>> >>>>>> > environment production: Permission denied
-
>> >>>>>> > /etc/puppet/manifests/
>> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >>>>>> > client3
>> >>>>>> >
>> >>>>>> > Dec 27 14:27:15 server
 puppet-master[3519]: Could not parse for
>> >>>>>> > environment production: Permission denied
-
>> >>>>>> > /etc/puppet/manifests/
>> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >>>>>> > client4
>> >>>>>> >
>> >>>>>> > Dec 27 14:27:15 server
puppet-agent[10407]: Could not retrieve
>> >>>>>> > catalog
>> >>>>>> > from remote server: Error 400 on SERVER:
Could not parse for
>> >>>>>> > environment production: Permission denied
-
>> >>>>>> > /etc/puppet/manifests/
>> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >>>>>> > server
>> >>>>>> > Any Help will be greatly appreciated.
>> >>>>>> >
>> >>>>>> > --
>> >>>>>> > You received this message because you are
subscribed to the
>> >>>>>> > Google
>> >>>>>> > Groups "Puppet Users" group.
>> >>>>>> > To post to this group, send email to
>> >>>>>> > puppet-users@googlegroups.com.
>> >>>>>> > To unsubscribe from this group, send
email to puppet-
>> >>>>>> > users+unsubscribe@googlegroups.com.
>> >>>>>> > For more options, visit this group at
>> >>>>>> >
http://groups.google.com/group/puppet-users?hl=en.
>> >>>>>>
>> >>>>>> --
>> >>>>>> You received this message because you are
subscribed to the Google
>> >>>>>> Groups "Puppet Users" group.
>> >>>>>> To post to this group, send email to
puppet-users@googlegroups.com.
>> >>>>>> To unsubscribe from this group, send email to
>> >>>>>> puppet-users+unsubscribe@googlegroups.com.
>> >>>>>> For more options, visit this group at
>> >>>>>>
http://groups.google.com/group/puppet-users?hl=en.
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> --
>> >>>>> Regards,
>> >>>>> Mohammad
>> >>>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> --
>> >>>> Regards,
>> >>>> Mohammad
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Regards,
>> >>> Mohammad
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Regards,
>> >> Mohammad
>> >>
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Mohammad
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Regards,
> Mohammad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I have done this already; however, client "certificate verify failed"
is
occurring now where I am stuck.

On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell
<aaron.grewell@gmail.com>wrote:
> You''ll have to re-sign your node''s cert using puppetca
--sign <hostname>
>
> On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan <makhan628@gmail.com>
> wrote:
> > I removed ssldir from clients and ran the puppetca --clean from the
> server.
> > It ran fine finally. Now I am stuck on where client complains that
> > ''certificate verify failed" I dont know what to do now?
> >
> >
> > On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell
<aaron.grewell@gmail.com
> >
> > wrote:
> >>
> >> Did you remove the ssldir on the server or the client?  Usually to
> >> completely reset the cert you run clean on the server, remove the
> >> contents of the ssldir on the client, then re-run puppet and it
should
> >> rebuild the cert.  I wouldn''t recommend removing the
ssldir on the
> >> server except as a last resort, otherwise you''ll have to
rebuild all
> >> your client certs.
> >>
> >> If that''s what you already did, make sure that your
ssldir and its
> >> contents are owned by user & group puppet as well.
> >>
> >> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan
<makhan628@gmail.com>
> >> wrote:
> >> > Do I need to make any changes to server or delete sl info on
the
> server.
> >> > I
> >> > am still getting the certificate verify failed error on
clients?
> >> >
> >> >
> >> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan
<makhan628@gmail.com>
> >> > wrote:
> >> >>
> >> >> I was able to sign the certificate to the client but
still I am
> getting
> >> >> this error now on the
> >> >> client:
> >> >>
> >> >> Client puppet-agent[15030]: Starting Puppet client
version 2.6.12
> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not
retrieve
> catalog
> >> >> from remote server: certificate verify failed
> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached
catalog
> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not
retrieve
> catalog;
> >> >> skipping run
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan
<makhan628@gmail.com>
> >> >> wrote:
> >> >>>
> >> >>> I have gone little further nowwhat I have done is to
delete the ssl
> >> >>> folder from one of the client and ran this command on
server:
> puppetca
> >> >>> --clean clientname
> >> >>> it has generated new certificate but in the end I get
the same
> error:
> >> >>>
> >> >>> err: Could not call revoke: Cannot convert into
OpenSSL::BN
> >> >>> Further more when i restart the agent from the client
now I get this
> >> >>> message under server message log: client has a
waiting certificate
> >> >>> request
> >> >>> Under my client message log:
> >> >>> hostname  puppet-agent[13385]: Did not receive
certificate
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan
<makhan628@gmail.com
> >
> >> >>> wrote:
> >> >>>>
> >> >>>> I have tried to deleted the ssl folder under
puppet. And then tried
> >> >>>> to
> >> >>>> clean the certificate from the server but did not
work.
> >> >>>> #puppetca --clean hostname
> >> >>>> notice: Revoked certificate with serial #
Inventory of signed
> >> >>>> certificates
> >> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
> >> >>>>
> >> >>>>
> >> >>>> err:  Could not call revoke: Cannot convert into
OpenSSL::BN
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan
<
> makhan628@gmail.com>
> >> >>>> wrote:
> >> >>>>>
> >> >>>>> Thanks guys; I am getting closer but still
some errors. I am
> getting
> >> >>>>> these errors now.
> >> >>>>>  Starting Puppet client version 2.6.12
> >> >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]:
Could not retrieve
> >> >>>>> catalog
> >> >>>>> from remote server: Retrieved certificate
does not match private
> >> >>>>> key; please
> >> >>>>> remove certificate from server and regenerate
it with the current
> >> >>>>> key
> >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]:
Using cached catalog
> >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]:
Could not retrieve
> >> >>>>> catalog;
> >> >>>>> skipping run
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd
Adamowicz
> >> >>>>> <Bernd.Adamowicz@esailors.de> wrote:
> >> >>>>>>
> >> >>>>>> I''m pretty sure that, besides
the other answers already provided,
> >> >>>>>> your
> >> >>>>>> main problem is the wrong user for your
Puppet configuration. It
> >> >>>>>> should be
> >> >>>>>> user ''puppet'' and not
''root''. That''s how ''/etc/puppet''
should
> look
> >> >>>>>> like:
> >> >>>>>>
> >> >>>>>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12
17:48 .
> >> >>>>>> drwxr-xr-x 79 root   root    12K Dec 26
04:03 ..
> >> >>>>>> -rw-r--r--  1 puppet puppet 3.1K Dec 12
17:48 auth.conf
> >> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12
17:48 environments
> >> >>>>>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12
17:48 manifests
> >> >>>>>> -rw-r--r--  1 puppet puppet  838 Dec 12
17:48 namespaceauth.conf
> >> >>>>>> -rw-r--r--  1 puppet puppet 1.8K Dec 12
17:48 puppet.conf
> >> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30
08:20 .svn
> >> >>>>>>
> >> >>>>>> So a command like ''chown -R
puppet:puppet /etc/puppet'' issued as
> >> >>>>>> ''root'' should solve
your main problem which is the ''Permission
> >> >>>>>> denied'' error
> >> >>>>>> as well as the non starting Puppet
process.
> >> >>>>>>
> >> >>>>>> Bernd
> >> >>>>>>
> >> >>>>>> > -----Ursprüngliche Nachricht-----
> >> >>>>>> > Von: puppet-users@googlegroups.com
[mailto:puppet-
> >> >>>>>> > users@googlegroups.com] Im Auftrag
von Khan
> >> >>>>>> > Gesendet: Donnerstag, 29. Dezember
2011 17:37
> >> >>>>>> > An: Puppet Users
> >> >>>>>> > Betreff: [Puppet Users] Puppetserver
error
> >> >>>>>> >
> >> >>>>>> > Hello everyone,
> >> >>>>>> > I am new to puppet. I have installed
on redhat Enterprise 5and
> >> >>>>>> > seems
> >> >>>>>> > to be working fine. Couple days ago
I was testing some
> >> >>>>>> > permissions
> >> >>>>>> > on /
> >> >>>>>> > etc folder and applied 600 /etc and
sub folders. Although I
> have
> >> >>>>>> > reverted the permission but I am
having issues on puppetmaster.
> >> >>>>>> > Currently I have these permission on
etc 755 and puppet folder:
> >> >>>>>> > my /etc folder is 755 and puppet
folder with tese permsions:
> >> >>>>>> >
> >> >>>>>> > -rw-r--r--  1 root root 2346 May  8 
2010 auth.conf
> >> >>>>>> > -rw-r--r--  1 root root  419 May 19 
2010 fileserver.conf
> >> >>>>>> > drwxr-xr-x  3 root root 4096 Dec 23
10:48 manifests
> >> >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22 
2010 modules
> >> >>>>>> > -rw-r--r--  1 root root  980 May 27 
2010 puppet.conf
> >> >>>>>> > -rw-r--r--  1 root root  855 May 17 
2010 puppet.conf.rpmnew
> >> >>>>>> >
> >> >>>>>> > I am getting these error in the log:
> >> >>>>>> >
> >> >>>>>> > puppet-master[3519]: Could not parse
for environment
> production:
> >> >>>>>> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
> >> >>>>>> > /etc/
> >> >>>>>> > puppet/manifests/site.pp:3 on node
client1
> >> >>>>>> >
> >> >>>>>> > Dec 27 14:25:46 server
puppet-master[3519]: Could not parse for
> >> >>>>>> > environment production: Permission
denied -
> >> >>>>>> > /etc/puppet/manifests/
> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >>>>>> > client2
> >> >>>>>> >
> >> >>>>>> > Dec 27 14:27:15 server
puppet-master[3519]: Could not parse for
> >> >>>>>> > environment production: Permission
denied -
> >> >>>>>> > /etc/puppet/manifests/
> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >>>>>> > client3
> >> >>>>>> >
> >> >>>>>> > Dec 27 14:27:15 server 
puppet-master[3519]: Could not parse
> for
> >> >>>>>> > environment production: Permission
denied -
> >> >>>>>> > /etc/puppet/manifests/
> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >>>>>> > client4
> >> >>>>>> >
> >> >>>>>> > Dec 27 14:27:15 server
puppet-agent[10407]: Could not retrieve
> >> >>>>>> > catalog
> >> >>>>>> > from remote server: Error 400 on
SERVER: Could not parse for
> >> >>>>>> > environment production: Permission
denied -
> >> >>>>>> > /etc/puppet/manifests/
> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >>>>>> > server
> >> >>>>>> > Any Help will be greatly
appreciated.
> >> >>>>>> >
> >> >>>>>> > --
> >> >>>>>> > You received this message because
you are subscribed to the
> >> >>>>>> > Google
> >> >>>>>> > Groups "Puppet Users"
group.
> >> >>>>>> > To post to this group, send email to
> >> >>>>>> > puppet-users@googlegroups.com.
> >> >>>>>> > To unsubscribe from this group, send
email to puppet-
> >> >>>>>> > users+unsubscribe@googlegroups.com.
> >> >>>>>> > For more options, visit this group
at
> >> >>>>>> >
http://groups.google.com/group/puppet-users?hl=en.
> >> >>>>>>
> >> >>>>>> --
> >> >>>>>> You received this message because you are
subscribed to the
> Google
> >> >>>>>> Groups "Puppet Users" group.
> >> >>>>>> To post to this group, send email to
> puppet-users@googlegroups.com.
> >> >>>>>> To unsubscribe from this group, send
email to
> >> >>>>>>
puppet-users+unsubscribe@googlegroups.com.
> >> >>>>>> For more options, visit this group at
> >> >>>>>>
http://groups.google.com/group/puppet-users?hl=en.
> >> >>>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> --
> >> >>>>> Regards,
> >> >>>>> Mohammad
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> --
> >> >>>> Regards,
> >> >>>> Mohammad
> >> >>>>
> >> >>>
> >> >>>
> >> >>>
> >> >>> --
> >> >>> Regards,
> >> >>> Mohammad
> >> >>>
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Mohammad
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Regards,
> >> > Mohammad
> >> >
> >> > --
> >> > You received this message because you are subscribed to the
Google
> >> > Groups
> >> > "Puppet Users" group.
> >> > To post to this group, send email to
puppet-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > puppet-users+unsubscribe@googlegroups.com.
> >> > For more options, visit this group at
> >> > http://groups.google.com/group/puppet-users?hl=en.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >
> >
> >
> > --
> > Regards,
> > Mohammad
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi, Maybe a Time related Problem? Check the Time on both, Client and Server




Am 30.12.2011 um 18:55 schrieb Mohammad Khan <makhan628@gmail.com>:
> I have done this already; however, client "certificate verify
failed" is occurring now where I am stuck.
> 
> On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell
<aaron.grewell@gmail.com> wrote:
> You''ll have to re-sign your node''s cert using puppetca
--sign <hostname>
> 
> On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan <makhan628@gmail.com>
wrote:
> > I removed ssldir from clients and ran the puppetca --clean from the
server.
> > It ran fine finally. Now I am stuck on where client complains that
> > ''certificate verify failed" I dont know what to do now?
> >
> >
> > On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell
<aaron.grewell@gmail.com>
> > wrote:
> >>
> >> Did you remove the ssldir on the server or the client?  Usually to
> >> completely reset the cert you run clean on the server, remove the
> >> contents of the ssldir on the client, then re-run puppet and it
should
> >> rebuild the cert.  I wouldn''t recommend removing the
ssldir on the
> >> server except as a last resort, otherwise you''ll have to
rebuild all
> >> your client certs.
> >>
> >> If that''s what you already did, make sure that your
ssldir and its
> >> contents are owned by user & group puppet as well.
> >>
> >> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan
<makhan628@gmail.com>
> >> wrote:
> >> > Do I need to make any changes to server or delete sl info on
the server.
> >> > I
> >> > am still getting the certificate verify failed error on
clients?
> >> >
> >> >
> >> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan
<makhan628@gmail.com>
> >> > wrote:
> >> >>
> >> >> I was able to sign the certificate to the client but
still I am getting
> >> >> this error now on the
> >> >> client:
> >> >>
> >> >> Client puppet-agent[15030]: Starting Puppet client
version 2.6.12
> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not
retrieve catalog
> >> >> from remote server: certificate verify failed
> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached
catalog
> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not
retrieve catalog;
> >> >> skipping run
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan
<makhan628@gmail.com>
> >> >> wrote:
> >> >>>
> >> >>> I have gone little further nowwhat I have done is to
delete the ssl
> >> >>> folder from one of the client and ran this command on
server: puppetca
> >> >>> --clean clientname
> >> >>> it has generated new certificate but in the end I get
the same error:
> >> >>>
> >> >>> err: Could not call revoke: Cannot convert into
OpenSSL::BN
> >> >>> Further more when i restart the agent from the client
now I get this
> >> >>> message under server message log: client has a
waiting certificate
> >> >>> request
> >> >>> Under my client message log:
> >> >>> hostname  puppet-agent[13385]: Did not receive
certificate
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan
<makhan628@gmail.com>
> >> >>> wrote:
> >> >>>>
> >> >>>> I have tried to deleted the ssl folder under
puppet. And then tried
> >> >>>> to
> >> >>>> clean the certificate from the server but did not
work.
> >> >>>> #puppetca --clean hostname
> >> >>>> notice: Revoked certificate with serial #
Inventory of signed
> >> >>>> certificates
> >> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
> >> >>>>
> >> >>>>
> >> >>>> err:  Could not call revoke: Cannot convert into
OpenSSL::BN
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan
<makhan628@gmail.com>
> >> >>>> wrote:
> >> >>>>>
> >> >>>>> Thanks guys; I am getting closer but still
some errors. I am getting
> >> >>>>> these errors now.
> >> >>>>>  Starting Puppet client version 2.6.12
> >> >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]:
Could not retrieve
> >> >>>>> catalog
> >> >>>>> from remote server: Retrieved certificate
does not match private
> >> >>>>> key; please
> >> >>>>> remove certificate from server and regenerate
it with the current
> >> >>>>> key
> >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]:
Using cached catalog
> >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]:
Could not retrieve
> >> >>>>> catalog;
> >> >>>>> skipping run
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd
Adamowicz
> >> >>>>> <Bernd.Adamowicz@esailors.de> wrote:
> >> >>>>>>
> >> >>>>>> I''m pretty sure that, besides
the other answers already provided,
> >> >>>>>> your
> >> >>>>>> main problem is the wrong user for your
Puppet configuration. It
> >> >>>>>> should be
> >> >>>>>> user ''puppet'' and not
''root''. That''s how ''/etc/puppet''
should look
> >> >>>>>> like:
> >> >>>>>>
> >> >>>>>> drwxr-xr-x  5 puppet puppet 4.0K Dec 12
17:48 .
> >> >>>>>> drwxr-xr-x 79 root   root    12K Dec 26
04:03 ..
> >> >>>>>> -rw-r--r--  1 puppet puppet 3.1K Dec 12
17:48 auth.conf
> >> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 12
17:48 environments
> >> >>>>>> drwxr-xr-x  3 puppet puppet 4.0K Dec 12
17:48 manifests
> >> >>>>>> -rw-r--r--  1 puppet puppet  838 Dec 12
17:48 namespaceauth.conf
> >> >>>>>> -rw-r--r--  1 puppet puppet 1.8K Dec 12
17:48 puppet.conf
> >> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec 30
08:20 .svn
> >> >>>>>>
> >> >>>>>> So a command like ''chown -R
puppet:puppet /etc/puppet'' issued as
> >> >>>>>> ''root'' should solve
your main problem which is the ''Permission
> >> >>>>>> denied'' error
> >> >>>>>> as well as the non starting Puppet
process.
> >> >>>>>>
> >> >>>>>> Bernd
> >> >>>>>>
> >> >>>>>> > -----Ursprüngliche Nachricht-----
> >> >>>>>> > Von: puppet-users@googlegroups.com
[mailto:puppet-
> >> >>>>>> > users@googlegroups.com] Im Auftrag
von Khan
> >> >>>>>> > Gesendet: Donnerstag, 29. Dezember
2011 17:37
> >> >>>>>> > An: Puppet Users
> >> >>>>>> > Betreff: [Puppet Users] Puppetserver
error
> >> >>>>>> >
> >> >>>>>> > Hello everyone,
> >> >>>>>> > I am new to puppet. I have installed
on redhat Enterprise 5and
> >> >>>>>> > seems
> >> >>>>>> > to be working fine. Couple days ago
I was testing some
> >> >>>>>> > permissions
> >> >>>>>> > on /
> >> >>>>>> > etc folder and applied 600 /etc and
sub folders. Although I have
> >> >>>>>> > reverted the permission but I am
having issues on puppetmaster.
> >> >>>>>> > Currently I have these permission on
etc 755 and puppet folder:
> >> >>>>>> > my /etc folder is 755 and puppet
folder with tese permsions:
> >> >>>>>> >
> >> >>>>>> > -rw-r--r--  1 root root 2346 May  8 
2010 auth.conf
> >> >>>>>> > -rw-r--r--  1 root root  419 May 19 
2010 fileserver.conf
> >> >>>>>> > drwxr-xr-x  3 root root 4096 Dec 23
10:48 manifests
> >> >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22 
2010 modules
> >> >>>>>> > -rw-r--r--  1 root root  980 May 27 
2010 puppet.conf
> >> >>>>>> > -rw-r--r--  1 root root  855 May 17 
2010 puppet.conf.rpmnew
> >> >>>>>> >
> >> >>>>>> > I am getting these error in the log:
> >> >>>>>> >
> >> >>>>>> > puppet-master[3519]: Could not parse
for environment production:
> >> >>>>>> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
> >> >>>>>> > /etc/
> >> >>>>>> > puppet/manifests/site.pp:3 on node
client1
> >> >>>>>> >
> >> >>>>>> > Dec 27 14:25:46 server
puppet-master[3519]: Could not parse for
> >> >>>>>> > environment production: Permission
denied -
> >> >>>>>> > /etc/puppet/manifests/
> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >>>>>> > client2
> >> >>>>>> >
> >> >>>>>> > Dec 27 14:27:15 server
puppet-master[3519]: Could not parse for
> >> >>>>>> > environment production: Permission
denied -
> >> >>>>>> > /etc/puppet/manifests/
> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >>>>>> > client3
> >> >>>>>> >
> >> >>>>>> > Dec 27 14:27:15 server 
puppet-master[3519]: Could not parse for
> >> >>>>>> > environment production: Permission
denied -
> >> >>>>>> > /etc/puppet/manifests/
> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >>>>>> > client4
> >> >>>>>> >
> >> >>>>>> > Dec 27 14:27:15 server
puppet-agent[10407]: Could not retrieve
> >> >>>>>> > catalog
> >> >>>>>> > from remote server: Error 400 on
SERVER: Could not parse for
> >> >>>>>> > environment production: Permission
denied -
> >> >>>>>> > /etc/puppet/manifests/
> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
> >> >>>>>> > server
> >> >>>>>> > Any Help will be greatly
appreciated.
> >> >>>>>> >
> >> >>>>>> > --
> >> >>>>>> > You received this message because
you are subscribed to the
> >> >>>>>> > Google
> >> >>>>>> > Groups "Puppet Users"
group.
> >> >>>>>> > To post to this group, send email to
> >> >>>>>> > puppet-users@googlegroups.com.
> >> >>>>>> > To unsubscribe from this group, send
email to puppet-
> >> >>>>>> > users+unsubscribe@googlegroups.com.
> >> >>>>>> > For more options, visit this group
at
> >> >>>>>> >
http://groups.google.com/group/puppet-users?hl=en.
> >> >>>>>>
> >> >>>>>> --
> >> >>>>>> You received this message because you are
subscribed to the Google
> >> >>>>>> Groups "Puppet Users" group.
> >> >>>>>> To post to this group, send email to
puppet-users@googlegroups.com.
> >> >>>>>> To unsubscribe from this group, send
email to
> >> >>>>>>
puppet-users+unsubscribe@googlegroups.com.
> >> >>>>>> For more options, visit this group at
> >> >>>>>>
http://groups.google.com/group/puppet-users?hl=en.
> >> >>>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> --
> >> >>>>> Regards,
> >> >>>>> Mohammad
> >> >>>>>
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> --
> >> >>>> Regards,
> >> >>>> Mohammad
> >> >>>>
> >> >>>
> >> >>>
> >> >>>
> >> >>> --
> >> >>> Regards,
> >> >>> Mohammad
> >> >>>
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Mohammad
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Regards,
> >> > Mohammad
> >> >
> >> > --
> >> > You received this message because you are subscribed to the
Google
> >> > Groups
> >> > "Puppet Users" group.
> >> > To post to this group, send email to
puppet-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > puppet-users+unsubscribe@googlegroups.com.
> >> > For more options, visit this group at
> >> > http://groups.google.com/group/puppet-users?hl=en.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >
> >
> >
> > --
> > Regards,
> > Mohammad
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
> 
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
> 
> 
> 
> -- 
> Regards,
> Mohammad
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I have checked the time it is fine on both client and server, but still the
error is occurring.

On Fri, Dec 30, 2011 at 3:56 PM, Florian Koch <
florian.koch1981@googlemail.com> wrote:
> Hi, Maybe a Time related Problem? Check the Time on both, Client and Server
>
>
>
>
> Am 30.12.2011 um 18:55 schrieb Mohammad Khan <makhan628@gmail.com>:
>
> I have done this already; however, client "certificate verify
failed" is
> occurring now where I am stuck.
>
> On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell
<aaron.grewell@gmail.com>wrote:
>
>> You''ll have to re-sign your node''s cert using
puppetca --sign <hostname>
>>
>> On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan
<makhan628@gmail.com>
>> wrote:
>> > I removed ssldir from clients and ran the puppetca --clean from
the
>> server.
>> > It ran fine finally. Now I am stuck on where client complains that
>> > ''certificate verify failed" I dont know what to do
now?
>> >
>> >
>> > On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell <
>> aaron.grewell@gmail.com>
>> > wrote:
>> >>
>> >> Did you remove the ssldir on the server or the client? 
Usually to
>> >> completely reset the cert you run clean on the server, remove
the
>> >> contents of the ssldir on the client, then re-run puppet and
it should
>> >> rebuild the cert.  I wouldn''t recommend removing the
ssldir on the
>> >> server except as a last resort, otherwise you''ll have
to rebuild all
>> >> your client certs.
>> >>
>> >> If that''s what you already did, make sure that your
ssldir and its
>> >> contents are owned by user & group puppet as well.
>> >>
>> >> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan
<makhan628@gmail.com>
>> >> wrote:
>> >> > Do I need to make any changes to server or delete sl info
on the
>> server.
>> >> > I
>> >> > am still getting the certificate verify failed error on
clients?
>> >> >
>> >> >
>> >> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan
<makhan628@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> I was able to sign the certificate to the client but
still I am
>> getting
>> >> >> this error now on the
>> >> >> client:
>> >> >>
>> >> >> Client puppet-agent[15030]: Starting Puppet client
version 2.6.12
>> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not
retrieve
>> catalog
>> >> >> from remote server: certificate verify failed
>> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using
cached catalog
>> >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not
retrieve
>> catalog;
>> >> >> skipping run
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan
<makhan628@gmail.com
>> >
>> >> >> wrote:
>> >> >>>
>> >> >>> I have gone little further nowwhat I have done is
to delete the ssl
>> >> >>> folder from one of the client and ran this
command on server:
>> puppetca
>> >> >>> --clean clientname
>> >> >>> it has generated new certificate but in the end I
get the same
>> error:
>> >> >>>
>> >> >>> err: Could not call revoke: Cannot convert into
OpenSSL::BN
>> >> >>> Further more when i restart the agent from the
client now I get
>> this
>> >> >>> message under server message log: client has a
waiting certificate
>> >> >>> request
>> >> >>> Under my client message log:
>> >> >>> hostname  puppet-agent[13385]: Did not receive
certificate
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan
<
>> makhan628@gmail.com>
>> >> >>> wrote:
>> >> >>>>
>> >> >>>> I have tried to deleted the ssl folder under
puppet. And then
>> tried
>> >> >>>> to
>> >> >>>> clean the certificate from the server but did
not work.
>> >> >>>> #puppetca --clean hostname
>> >> >>>> notice: Revoked certificate with serial #
Inventory of signed
>> >> >>>> certificates
>> >> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT
>> >> >>>>
>> >> >>>>
>> >> >>>> err:  Could not call revoke: Cannot convert
into OpenSSL::BN
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad
Khan <
>> makhan628@gmail.com>
>> >> >>>> wrote:
>> >> >>>>>
>> >> >>>>> Thanks guys; I am getting closer but
still some errors. I am
>> getting
>> >> >>>>> these errors now.
>> >> >>>>>  Starting Puppet client version 2.6.12
>> >> >>>>> Dec 30 07:20:40 puppet
puppet-agent[19918]: Could not retrieve
>> >> >>>>> catalog
>> >> >>>>> from remote server: Retrieved certificate
does not match private
>> >> >>>>> key; please
>> >> >>>>> remove certificate from server and
regenerate it with the current
>> >> >>>>> key
>> >> >>>>> Dec 30 07:20:40 server
puppet-agent[19918]: Using cached catalog
>> >> >>>>> Dec 30 07:20:40 server
puppet-agent[19918]: Could not retrieve
>> >> >>>>> catalog;
>> >> >>>>> skipping run
>> >> >>>>>
>> >> >>>>>
>> >> >>>>>
>> >> >>>>>
>> >> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd
Adamowicz
>> >> >>>>> <Bernd.Adamowicz@esailors.de>
wrote:
>> >> >>>>>>
>> >> >>>>>> I''m pretty sure that,
besides the other answers already
>> provided,
>> >> >>>>>> your
>> >> >>>>>> main problem is the wrong user for
your Puppet configuration. It
>> >> >>>>>> should be
>> >> >>>>>> user ''puppet'' and
not ''root''. That''s how
''/etc/puppet'' should
>> look
>> >> >>>>>> like:
>> >> >>>>>>
>> >> >>>>>> drwxr-xr-x  5 puppet puppet 4.0K Dec
12 17:48 .
>> >> >>>>>> drwxr-xr-x 79 root   root    12K Dec
26 04:03 ..
>> >> >>>>>> -rw-r--r--  1 puppet puppet 3.1K Dec
12 17:48 auth.conf
>> >> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec
12 17:48 environments
>> >> >>>>>> drwxr-xr-x  3 puppet puppet 4.0K Dec
12 17:48 manifests
>> >> >>>>>> -rw-r--r--  1 puppet puppet  838 Dec
12 17:48 namespaceauth.conf
>> >> >>>>>> -rw-r--r--  1 puppet puppet 1.8K Dec
12 17:48 puppet.conf
>> >> >>>>>> drwxr-xr-x  6 puppet puppet 4.0K Dec
30 08:20 .svn
>> >> >>>>>>
>> >> >>>>>> So a command like ''chown -R
puppet:puppet /etc/puppet'' issued as
>> >> >>>>>> ''root'' should solve
your main problem which is the ''Permission
>> >> >>>>>> denied'' error
>> >> >>>>>> as well as the non starting Puppet
process.
>> >> >>>>>>
>> >> >>>>>> Bernd
>> >> >>>>>>
>> >> >>>>>> > -----Ursprüngliche
Nachricht-----
>> >> >>>>>> > Von:
puppet-users@googlegroups.com [mailto:puppet-
>> >> >>>>>> > users@googlegroups.com] Im
Auftrag von Khan
>> >> >>>>>> > Gesendet: Donnerstag, 29.
Dezember 2011 17:37
>> >> >>>>>> > An: Puppet Users
>> >> >>>>>> > Betreff: [Puppet Users]
Puppetserver error
>> >> >>>>>> >
>> >> >>>>>> > Hello everyone,
>> >> >>>>>> > I am new to puppet. I have
installed on redhat Enterprise 5and
>> >> >>>>>> > seems
>> >> >>>>>> > to be working fine. Couple days
ago I was testing some
>> >> >>>>>> > permissions
>> >> >>>>>> > on /
>> >> >>>>>> > etc folder and applied 600 /etc
and sub folders. Although I
>> have
>> >> >>>>>> > reverted the permission but I am
having issues on
>> puppetmaster.
>> >> >>>>>> > Currently I have these
permission on etc 755 and puppet
>> folder:
>> >> >>>>>> > my /etc folder is 755 and puppet
folder with tese permsions:
>> >> >>>>>> >
>> >> >>>>>> > -rw-r--r--  1 root root 2346 May
8  2010 auth.conf
>> >> >>>>>> > -rw-r--r--  1 root root  419 May
19  2010 fileserver.conf
>> >> >>>>>> > drwxr-xr-x  3 root root 4096 Dec
23 10:48 manifests
>> >> >>>>>> > drwxr-xr-x 21 root root 4096 Oct
22  2010 modules
>> >> >>>>>> > -rw-r--r--  1 root root  980 May
27  2010 puppet.conf
>> >> >>>>>> > -rw-r--r--  1 root root  855 May
17  2010 puppet.conf.rpmnew
>> >> >>>>>> >
>> >> >>>>>> > I am getting these error in the
log:
>> >> >>>>>> >
>> >> >>>>>> > puppet-master[3519]: Could not
parse for environment
>> production:
>> >> >>>>>> > Permission denied -
/etc/puppet/manifests/classes/sysctl.pp at
>> >> >>>>>> > /etc/
>> >> >>>>>> > puppet/manifests/site.pp:3 on
node client1
>> >> >>>>>> >
>> >> >>>>>> > Dec 27 14:25:46 server
puppet-master[3519]: Could not parse
>> for
>> >> >>>>>> > environment production:
Permission denied -
>> >> >>>>>> > /etc/puppet/manifests/
>> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >>>>>> > client2
>> >> >>>>>> >
>> >> >>>>>> > Dec 27 14:27:15 server
puppet-master[3519]: Could not parse
>> for
>> >> >>>>>> > environment production:
Permission denied -
>> >> >>>>>> > /etc/puppet/manifests/
>> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >>>>>> > client3
>> >> >>>>>> >
>> >> >>>>>> > Dec 27 14:27:15 server 
puppet-master[3519]: Could not parse
>> for
>> >> >>>>>> > environment production:
Permission denied -
>> >> >>>>>> > /etc/puppet/manifests/
>> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >>>>>> > client4
>> >> >>>>>> >
>> >> >>>>>> > Dec 27 14:27:15 server
puppet-agent[10407]: Could not retrieve
>> >> >>>>>> > catalog
>> >> >>>>>> > from remote server: Error 400 on
SERVER: Could not parse for
>> >> >>>>>> > environment production:
Permission denied -
>> >> >>>>>> > /etc/puppet/manifests/
>> >> >>>>>> > classes/sysctl.pp at
/etc/puppet/manifests/site.pp:3 on node
>> >> >>>>>> > server
>> >> >>>>>> > Any Help will be greatly
appreciated.
>> >> >>>>>> >
>> >> >>>>>> > --
>> >> >>>>>> > You received this message
because you are subscribed to the
>> >> >>>>>> > Google
>> >> >>>>>> > Groups "Puppet Users"
group.
>> >> >>>>>> > To post to this group, send
email to
>> >> >>>>>> > puppet-users@googlegroups.com.
>> >> >>>>>> > To unsubscribe from this group,
send email to puppet-
>> >> >>>>>> >
users+unsubscribe@googlegroups.com.
>> >> >>>>>> > For more options, visit this
group at
>> >> >>>>>> >
http://groups.google.com/group/puppet-users?hl=en.
>> >> >>>>>>
>> >> >>>>>> --
>> >> >>>>>> You received this message because you
are subscribed to the
>> Google
>> >> >>>>>> Groups "Puppet Users"
group.
>> >> >>>>>> To post to this group, send email to
>> puppet-users@googlegroups.com.
>> >> >>>>>> To unsubscribe from this group, send
email to
>> >> >>>>>>
puppet-users+unsubscribe@googlegroups.com.
>> >> >>>>>> For more options, visit this group at
>> >> >>>>>>
http://groups.google.com/group/puppet-users?hl=en.
>> >> >>>>>>
>> >> >>>>>
>> >> >>>>>
>> >> >>>>>
>> >> >>>>> --
>> >> >>>>> Regards,
>> >> >>>>> Mohammad
>> >> >>>>>
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>> --
>> >> >>>> Regards,
>> >> >>>> Mohammad
>> >> >>>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> --
>> >> >>> Regards,
>> >> >>> Mohammad
>> >> >>>
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Regards,
>> >> >> Mohammad
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Regards,
>> >> > Mohammad
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to
the Google
>> >> > Groups
>> >> > "Puppet Users" group.
>> >> > To post to this group, send email to
puppet-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > puppet-users+unsubscribe@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/puppet-users?hl=en.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the
Google
>> Groups
>> >> "Puppet Users" group.
>> >> To post to this group, send email to
puppet-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> puppet-users+unsubscribe@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/puppet-users?hl=en.
>> >>
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Mohammad
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> --
> Regards,
> Mohammad
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>


-- 
Regards,
Mohammad

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.