Clay
2012-Jul-04 20:56 UTC
[Puppet Users] on puppet master server , puppet agent can''t connect to itself
on my puppet master server (v 2.7.17 , both server and client version) , the puppet agent can''t connect to itself. other clients connected to this puppet server are working fine. the hostname is puppet.domain.com [root@puppet /]# cat /etc/puppet/puppet.conf [main] # The Puppet log directory. # The default value is ''$vardir/log''. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is ''$vardir/run''. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is ''$confdir/ssl''. certname = puppet.domain.com reports = store, http ,foreman reporturl = http://puppet.domain.com:3000/reports/upload modulepath = $confdir/modules manifest = $confdir/manifests/site.pp http_proxy_host = proxy.domain.com http_proxy_port = 8080 [dev] modulepath = $confdir/env/dev/modules manifest = $confdir/env/dev/manifests/site.pp [testing] modulepath = $confdir/env/testing/modules manifest = $confdir/env/testing/manifests/site.pp [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is ''$confdir/classes.txt''. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is ''$confdir/localconfig''. localconfig = $vardir/localconfig puppet agent will get a 403 "Forbidden" error, anyone have any suggestion what to look ? [root@puppet ]# puppet agent --test --debug debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Failed to load library ''ldap'' for feature ''ldap'' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /File[/etc/puppet/ssl/certs/puppet.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/etc/puppet/ssl/private_keys/puppet.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/public_keys/puppet.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/public_keys] debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/state/resources.txt]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state] debug: Finishing transaction 69951197233260 debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl/certs/puppet.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/private_keys/puppet.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/public_keys/puppet.domain.com.pem]: Autorequiring File[/etc/puppet/ssl/public_keys] debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] debug: Finishing transaction 69951196018460 debug: Using cached certificate for ca debug: Using cached certificate for puppet.domain.com debug: Finishing transaction 69951197856120 debug: Loaded state in 0.00 seconds info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml; using pson debug: Using cached certificate for ca debug: Using cached certificate for puppet.domain.com debug: Using cached certificate_revocation_list for ca *err: Could not retrieve catalog from remote server: 403 "Forbidden"* warning: Not using cache on failed catalog *err: Could not retrieve catalog; skipping run* debug: Value of ''preferred_serialization_format'' (pson) is invalid for report, using default (yaml) debug: report supports formats: b64_zlib_yaml raw yaml; using yaml *err: Could not send report: 403 "Forbidden"* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/T4bdf31IAvAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Corey Hammerton
2012-Jul-04 22:09 UTC
[Puppet Users] Re: on puppet master server , puppet agent can''t connect to itself
How does your auth.conf file look? On Wednesday, July 4, 2012 4:56:10 PM UTC-4, Clay wrote:> > on my puppet master server (v 2.7.17 , both server and client version) , > the puppet agent can''t connect to itself. other clients connected to this > puppet server are working fine. > the hostname is puppet.domain.com > > [root@puppet /]# cat /etc/puppet/puppet.conf > [main] > # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = /var/log/puppet > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = /var/run/puppet > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > > certname = puppet.domain.com > reports = store, http ,foreman > reporturl = http://puppet.domain.com:3000/reports/upload > modulepath = $confdir/modules > manifest = $confdir/manifests/site.pp > http_proxy_host = proxy.domain.com > http_proxy_port = 8080 > > [dev] > modulepath = $confdir/env/dev/modules > manifest = $confdir/env/dev/manifests/site.pp > > [testing] > modulepath = $confdir/env/testing/modules > manifest = $confdir/env/testing/manifests/site.pp > > > [agent] > # The file in which puppetd stores a list of the classes > # associated with the retrieved configuratiion. Can be loaded in > # the separate ``puppet`` executable using the ``--loadclasses`` > # option. > # The default value is ''$confdir/classes.txt''. > classfile = $vardir/classes.txt > > # Where puppetd caches the local configuration. An > # extension indicating the cache format is added automatically. > # The default value is ''$confdir/localconfig''. > localconfig = $vardir/localconfig > > puppet agent will get a 403 "Forbidden" error, anyone have any > suggestion what to look ? > [root@puppet ]# puppet agent --test --debug > debug: Puppet::Type::User::ProviderPw: file pw does not exist > debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not > exist > debug: Failed to load library ''ldap'' for feature ''ldap'' > debug: Puppet::Type::User::ProviderLdap: feature ldap is missing > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl > does not exist > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/etc/puppet/ssl/certs/puppet.domain.com.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > File[/var/lib/puppet] > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > File[/var/lib/puppet] > debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/etc/puppet/ssl/private_keys/puppet.domain.com.pem]: > Autorequiring File[/etc/puppet/ssl/private_keys] > debug: /File[/var/lib/puppet/client_data]: Autorequiring > File[/var/lib/puppet] > debug: /File[/var/lib/puppet/classes.txt]: Autorequiring > File[/var/lib/puppet] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/public_keys/puppet.domain.com.pem]: > Autorequiring File[/etc/puppet/ssl/public_keys] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/state/resources.txt]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] > debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring > File[/var/lib/puppet/state] > debug: Finishing transaction 69951197233260 > debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/certs/puppet.domain.com.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys/puppet.domain.com.pem]: > Autorequiring File[/etc/puppet/ssl/private_keys] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/public_keys/puppet.domain.com.pem]: > Autorequiring File[/etc/puppet/ssl/public_keys] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: Finishing transaction 69951196018460 > debug: Using cached certificate for ca > debug: Using cached certificate for puppet.domain.com > debug: Finishing transaction 69951197856120 > debug: Loaded state in 0.00 seconds > info: Loading facts in > /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb > info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb > info: Loading facts in > /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb > debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml; using > pson > debug: Using cached certificate for ca > debug: Using cached certificate for puppet.domain.com > debug: Using cached certificate_revocation_list for ca > *err: Could not retrieve catalog from remote server: 403 "Forbidden"* > warning: Not using cache on failed catalog > *err: Could not retrieve catalog; skipping run* > debug: Value of ''preferred_serialization_format'' (pson) is invalid for > report, using default (yaml) > debug: report supports formats: b64_zlib_yaml raw yaml; using yaml > *err: Could not send report: 403 "Forbidden"* >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/94LQU5tNnrsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Clay
2012-Jul-04 22:35 UTC
[Puppet Users] Re: on puppet master server , puppet agent can''t connect to itself
thanks for the reply. I think auth.conf is the default one. [root@puppet ]# grep -v ^# /etc/puppet/auth.conf path ~ ^/catalog/([^/]+)$ method find allow $1 path ~ ^/node/([^/]+)$ method find allow $1 path /certificate_revocation_list/ca method find allow * path /report method save allow * path /file allow * path /modules allow * path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * path / auth any -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/oPAWYxMCSuAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Clay
2012-Jul-06 17:15 UTC
[Puppet Users] Re: on puppet master server , puppet agent can''t connect to itself
On Wednesday, 4 July 2012 13:56:10 UTC-7, Clay wrote:> > on my puppet master server (v 2.7.17 , both server and client version) , > the puppet agent can''t connect to itself. other clients connected to this > puppet server are working fine. > the hostname is puppet.domain.com > > [root@puppet /]# cat /etc/puppet/puppet.conf > [main] > # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = /var/log/puppet > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = /var/run/puppet > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > > certname = puppet.domain.com > reports = store, http ,foreman > reporturl = http://puppet.domain.com:3000/reports/upload > modulepath = $confdir/modules > manifest = $confdir/manifests/site.pp > http_proxy_host = proxy.domain.com > http_proxy_port = 8080 > > [dev] > modulepath = $confdir/env/dev/modules > manifest = $confdir/env/dev/manifests/site.pp > > [testing] > modulepath = $confdir/env/testing/modules > manifest = $confdir/env/testing/manifests/site.pp > > > [agent] > # The file in which puppetd stores a list of the classes > # associated with the retrieved configuratiion. Can be loaded in > # the separate ``puppet`` executable using the ``--loadclasses`` > # option. > # The default value is ''$confdir/classes.txt''. > classfile = $vardir/classes.txt > > # Where puppetd caches the local configuration. An > # extension indicating the cache format is added automatically. > # The default value is ''$confdir/localconfig''. > localconfig = $vardir/localconfig > > puppet agent will get a 403 "Forbidden" error, anyone have any > suggestion what to look ? > [root@puppet ]# puppet agent --test --debug > debug: Puppet::Type::User::ProviderPw: file pw does not exist > debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not > exist > debug: Failed to load library ''ldap'' for feature ''ldap'' > debug: Puppet::Type::User::ProviderLdap: feature ldap is missing > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl > does not exist > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/var/lib/puppet/state/graphs]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/etc/puppet/ssl/certs/puppet.domain.com.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/var/lib/puppet/client_yaml]: Autorequiring > File[/var/lib/puppet] > debug: /File[/var/lib/puppet/clientbucket]: Autorequiring > File[/var/lib/puppet] > debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/etc/puppet/ssl/private_keys/puppet.domain.com.pem]: > Autorequiring File[/etc/puppet/ssl/private_keys] > debug: /File[/var/lib/puppet/client_data]: Autorequiring > File[/var/lib/puppet] > debug: /File[/var/lib/puppet/classes.txt]: Autorequiring > File[/var/lib/puppet] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/public_keys/puppet.domain.com.pem]: > Autorequiring File[/etc/puppet/ssl/public_keys] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/state/resources.txt]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring > File[/var/lib/puppet/state] > debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] > debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring > File[/var/lib/puppet/state] > debug: Finishing transaction 69951197233260 > debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/certs/puppet.domain.com.pem]: Autorequiring > File[/etc/puppet/ssl/certs] > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/private_keys/puppet.domain.com.pem]: > Autorequiring File[/etc/puppet/ssl/private_keys] > debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring > File[/etc/puppet/ssl] > debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] > debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: /File[/etc/puppet/ssl/public_keys/puppet.domain.com.pem]: > Autorequiring File[/etc/puppet/ssl/public_keys] > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/ssl] > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet] > debug: Finishing transaction 69951196018460 > debug: Using cached certificate for ca > debug: Using cached certificate for puppet.domain.com > debug: Finishing transaction 69951197856120 > debug: Loaded state in 0.00 seconds > info: Loading facts in > /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb > info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb > info: Loading facts in > /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb > debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml; using > pson > debug: Using cached certificate for ca > debug: Using cached certificate for puppet.domain.com > debug: Using cached certificate_revocation_list for ca > *err: Could not retrieve catalog from remote server: 403 "Forbidden"* > warning: Not using cache on failed catalog > *err: Could not retrieve catalog; skipping run* > debug: Value of ''preferred_serialization_format'' (pson) is invalid for > report, using default (yaml) > debug: report supports formats: b64_zlib_yaml raw yaml; using yaml > *err: Could not send report: 403 "Forbidden"* >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/RGcinGQV5e4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Clay
2012-Jul-06 17:21 UTC
[Puppet Users] Re: on puppet master server , puppet agent can''t connect to itself
I don''t have to have the puppet agent on the puppet server up , but when setting up puppetdb , I got this error from clients: # puppet agent --test err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit ''replace facts'' command for client1.domain.com to PuppetDB at puppet.domain.com:8081: 403 "Forbidden" from puppetdb document , seems need to get puppet agent on puppet server working first, not sure it''s it''s related. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/SrY-vWsBP2UJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Deepak Giridharagopal
2012-Jul-06 18:37 UTC
Re: [Puppet Users] Re: on puppet master server , puppet agent can''t connect to itself
On Fri, Jul 6, 2012 at 11:21 AM, Clay <clay.ye@gmail.com> wrote:> I don''t have to have the puppet agent on the puppet server up , but when > setting up puppetdb , I got this error from clients: > > # puppet agent --test > err: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to submit ''replace facts'' command for client1.domain.com to > PuppetDB at puppet.domain.com:8081: 403 "Forbidden" > > from puppetdb document , seems need to get puppet agent on puppet server > working first, not sure it''s it''s related.Indeed, PuppetDB requires that SSL is working between agent and master (at least, the default setup scripts invoked when using pre-built packages assume SSL works). The error you''re seeing from PuppetDB is another, separate manifestation of what I think is the same underlying problem. It appears that your master is not trusting the certificate your agent is presenting? For a conclusive test, though, it may help to temporarily disable PuppetDB and retry. If agent/master communication works, then we know the issue is between the master node and the puppetdb node. deepak -- Deepak Giridharagopal / Puppet Labs / grim_radical -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Clay
2012-Jul-06 22:24 UTC
[Puppet Users] Re: on puppet master server , puppet agent can''t connect to itself
Thanks. I already disabled puppetdb and still got the above 403 "Forbidden" error, also tried remove /etc/puppet/ssl and restarted puppet master, same error. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/xz7Y8mlpxZwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2012-Jul-09 13:09 UTC
Re: [Puppet Users] Re: on puppet master server , puppet agent can''t connect to itself
On 07/07/2012 12:24 AM, Clay wrote:> Thanks. I already disabled puppetdb and still got the above 403 > "Forbidden" error, also tried remove /etc/puppet/ssl and restarted > puppet master, same error.This may be a case of apache refusing to talk to clients on the local host. Have you checked apache''s logs? Furthermore, what I like trying is starting puppet master with --no-daemonize and -dv, also --masterport so your regular agents won''t interfere with debugging. Then run the faulty agent against that port and see what happens. If this *does* work, it''s even more likely you''re looking at an Apache/Passenger problem. You may want to try and enable debugging on your productive master then. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Clay
2012-Jul-10 21:53 UTC
[Puppet Users] Re: on puppet master server , puppet agent can''t connect to itself
I find the problem is this in the puppet.conf , http_proxy_host = proxy.domain.com http_proxy_port = 8080 after I removed these lines , puppet agent on the master server cant connect to itself now. I added these because we are behind proxy and need to use it for "puppet module" to connect to internet, now I just set the proxy in http_proxy environment variable. But during trail and error, I had some certificate issue, I ended up re-building the puppet master server. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7e5MjWFYEfQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.