No problem installing open puppet and using it. patterns run aok. when trying to use the installer for pe, on the puppetmaster, installs ok. when trying to use the installer for pe, on the puppet agent, installs ok but no cert sent as shown by puppet cert list on puppetmaster. also puppet agent --test on puppet agent shows err: could not retrieve catalog from remote server: error 400 on SERVER: Error 403 on SERVER: forbidden request puppemasters-fully-qualified-name.com access to /facts/ agent [save] authenticated at line 53 warning: not using cache on failed catalog error: could not retrieve catalog: skipping run Anyone knows what causes the above or how to proceed? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hey Stuart, You might want to check out the pe-users list for Enterprise-specific questions (people here can/will answer too, but you might bet better results from the PE users on that list --> http://puppetlabs.com/services/customer-support/ and see the section on Joining the Puppet Enterprise Users list). Are you sure you''re targeting the PE Master and not the original Open Source master? Does the output of `puppet agent --configprint server` match your Puppet Enterprise server address? Did you make any changes to /etc/puppetlabs/puppet/auth.conf on the PE Master? On Sun, Jul 29, 2012 at 11:04 PM, Stuart Cracraft <smcracraft@me.com> wrote:> No problem installing open puppet and using it. patterns run aok. > > when trying to use the installer for pe, on the puppetmaster, installs ok. > > when trying to use the installer for pe, on the puppet agent, installs ok > but no cert sent as shown by puppet cert list on puppetmaster. > > also > > puppet agent --test > > on puppet agent shows > > err: could not retrieve catalog from remote server: > error 400 on SERVER: Error 403 on SERVER: > forbidden request puppemasters-fully-qualified-name.com access to /facts/ > agent [save] authenticated at line 53 > warning: not using cache on failed catalog > error: could not retrieve catalog: skipping run > > Anyone knows what causes the above or how to proceed? > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- Gary Larizza Professional Services Engineer Puppet Labs Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Jul 30, 2012, at 12:53 PM, Gary Larizza <gary@puppetlabs.com> wrote:> Hey Stuart, > > You might want to check out the pe-users list for Enterprise-specific questions (people here can/will answer too, but you might bet better results from the PE users on that list --> http://puppetlabs.com/services/customer-support/ and see the section on Joining the Puppet Enterprise Users list). >++ Thanks - I''ve applied for membership.> Are you sure you''re targeting the PE Master and not the original Open Source master? > Does the output of `puppet agent --configprint server` match your Puppet Enterprise server address?It doesn''t. ++ The master is reporting one fully qualified name, its own, but not its alias puppet. ++ The agent is reporting a different name, puppet. ++ There is a skew. What is the best fix?> Did you make any changes to /etc/puppetlabs/puppet/auth.conf on the PE Master?++ No. It is unchanged.> > > > On Sun, Jul 29, 2012 at 11:04 PM, Stuart Cracraft <smcracraft@me.com> wrote: > No problem installing open puppet and using it. patterns run aok. > > when trying to use the installer for pe, on the puppetmaster, installs ok. > > when trying to use the installer for pe, on the puppet agent, installs ok > but no cert sent as shown by puppet cert list on puppetmaster. > > also > > puppet agent --test > > on puppet agent shows > > err: could not retrieve catalog from remote server: > error 400 on SERVER: Error 403 on SERVER: > forbidden request puppemasters-fully-qualified-name.com access to /facts/ agent [save] authenticated at line 53 > warning: not using cache on failed catalog > error: could not retrieve catalog: skipping run > > Anyone knows what causes the above or how to proceed? > > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > > Gary Larizza > Professional Services Engineer > Puppet Labs > > Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 > > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Mon, Jul 30, 2012 at 3:10 PM, Stuart Cracraft <smcracraft@me.com> wrote:> > On Jul 30, 2012, at 12:53 PM, Gary Larizza <gary@puppetlabs.com> wrote: > > Hey Stuart, > > You might want to check out the pe-users list for Enterprise-specific > questions (people here can/will answer too, but you might bet better > results from the PE users on that list --> > http://puppetlabs.com/services/customer-support/ and see the section on > Joining the Puppet Enterprise Users list). > > ++ Thanks - I''ve applied for membership. > > Are you sure you''re targeting the PE Master and not the original Open > Source master? > > Does the output of `puppet agent --configprint server` match your Puppet > Enterprise server address? > > > It doesn''t. > > ++ The master is reporting one fully qualified name, its own, but not its > alias puppet. > ++ The agent is reporting a different name, puppet. > ++ There is a skew. What is the best fix? >Ahh, great. So, check out /etc/puppetlabs/puppet/puppet.conf and edit the ''server'' parameter to point to your Enterprise Master server''s address. By default the value set is ''puppet'', but you can pass a different value to the installer to change this value - I believe the ''q_puppetagent_server='' question (if you generate an installer answers file). Does this help?> > Did you make any changes to /etc/puppetlabs/puppet/auth.conf on the PE > Master? > > > > ++ No. It is unchanged. > > > > > On Sun, Jul 29, 2012 at 11:04 PM, Stuart Cracraft <smcracraft@me.com>wrote: > >> No problem installing open puppet and using it. patterns run aok. >> >> when trying to use the installer for pe, on the puppetmaster, installs ok. >> >> when trying to use the installer for pe, on the puppet agent, installs ok >> but no cert sent as shown by puppet cert list on puppetmaster. >> >> also >> >> puppet agent --test >> >> on puppet agent shows >> >> err: could not retrieve catalog from remote server: >> error 400 on SERVER: Error 403 on SERVER: >> forbidden request puppemasters-fully-qualified-name.com access to >> /facts/ agent [save] authenticated at line 53 >> warning: not using cache on failed catalog >> error: could not retrieve catalog: skipping run >> >> Anyone knows what causes the above or how to proceed? >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > > > -- > > Gary Larizza > Professional Services Engineer > Puppet Labs > > Join us for PuppetConf 2012 at the Mission Bay Convention Center in San > Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > >-- Gary Larizza Professional Services Engineer Puppet Labs Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Unknown. And a "kick" from the master to the agent returns with "connection refused - connect(2)" despite the ports being set (8140, 61613) open on the puppet master firewall / iptables, and ssh/ping both operational bi-directionally. Any ideas puppeteers? --Stuart On Jul 30, 2012, at 3:17 PM, Gary Larizza <gary@puppetlabs.com> wrote:> > > On Mon, Jul 30, 2012 at 3:10 PM, Stuart Cracraft <smcracraft@me.com> wrote: > > On Jul 30, 2012, at 12:53 PM, Gary Larizza <gary@puppetlabs.com> wrote: > >> Hey Stuart, >> >> You might want to check out the pe-users list for Enterprise-specific questions (people here can/will answer too, but you might bet better results from the PE users on that list --> http://puppetlabs.com/services/customer-support/ and see the section on Joining the Puppet Enterprise Users list). >> > ++ Thanks - I''ve applied for membership. > >> Are you sure you''re targeting the PE Master and not the original Open Source master? >> Does the output of `puppet agent --configprint server` match your Puppet Enterprise server address? > > It doesn''t. > > ++ The master is reporting one fully qualified name, its own, but not its alias puppet. > ++ The agent is reporting a different name, puppet. > ++ There is a skew. What is the best fix? > > Ahh, great. So, check out /etc/puppetlabs/puppet/puppet.conf and edit the ''server'' parameter to point to your Enterprise Master server''s address. By default the value set is ''puppet'', but you can pass a different value to the installer to change this value - I believe the ''q_puppetagent_server='' question (if you generate an installer answers file). Does this help? > > > >> Did you make any changes to /etc/puppetlabs/puppet/auth.conf on the PE Master? > > > ++ No. It is unchanged. > >> >> >> >> On Sun, Jul 29, 2012 at 11:04 PM, Stuart Cracraft <smcracraft@me.com> wrote: >> No problem installing open puppet and using it. patterns run aok. >> >> when trying to use the installer for pe, on the puppetmaster, installs ok. >> >> when trying to use the installer for pe, on the puppet agent, installs ok >> but no cert sent as shown by puppet cert list on puppetmaster. >> >> also >> >> puppet agent --test >> >> on puppet agent shows >> >> err: could not retrieve catalog from remote server: >> error 400 on SERVER: Error 403 on SERVER: >> forbidden request puppemasters-fully-qualified-name.com access to /facts/ agent [save] authenticated at line 53 >> warning: not using cache on failed catalog >> error: could not retrieve catalog: skipping run >> >> Anyone knows what causes the above or how to proceed? >> >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> >> >> >> >> -- >> >> Gary Larizza >> Professional Services Engineer >> Puppet Labs >> >> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >> >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > > Gary Larizza > Professional Services Engineer > Puppet Labs > > Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Here is the log from the puppet master after /etc/init.d/pe-puppet restart: # puppet kick --trace --host rhel.oc.cox.net --debug Jul 30 21:03:25 rhel01 puppet-master[4266]: Starting Puppet master version 2.7.12 (Puppet Enterprise 2.5.2) Jul 30 21:03:25 rhel01 puppet-master[4266]: Denying access: Forbidden request: rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net [save] authenticated at line 53 Jul 30 21:03:25 rhel01 puppet-master[4266]: Forbidden request: rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net [save] authenticated at line 53 Jul 30 21:03:25 rhel01 puppet-master[4212]: Error 403 on SERVER: Forbidden request: rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net [save] authenticated at line 53 Jul 30 21:03:25 rhel01 puppet-master[4266]: Report processor failed: Connection refused - connect(2) On Jul 30, 2012, at 8:42 PM, Stuart Cracraft <smcracraft@me.com> wrote:> Unknown. > > And a "kick" from the master to the agent returns with "connection refused - connect(2)" > despite the ports being set (8140, 61613) open on the puppet master firewall / iptables, > and ssh/ping both operational bi-directionally. > > Any ideas puppeteers? > > --Stuart > > On Jul 30, 2012, at 3:17 PM, Gary Larizza <gary@puppetlabs.com> wrote: > >> >> >> On Mon, Jul 30, 2012 at 3:10 PM, Stuart Cracraft <smcracraft@me.com> wrote: >> >> On Jul 30, 2012, at 12:53 PM, Gary Larizza <gary@puppetlabs.com> wrote: >> >>> Hey Stuart, >>> >>> You might want to check out the pe-users list for Enterprise-specific questions (people here can/will answer too, but you might bet better results from the PE users on that list --> http://puppetlabs.com/services/customer-support/ and see the section on Joining the Puppet Enterprise Users list). >>> >> ++ Thanks - I''ve applied for membership. >> >>> Are you sure you''re targeting the PE Master and not the original Open Source master? >>> Does the output of `puppet agent --configprint server` match your Puppet Enterprise server address? >> >> It doesn''t. >> >> ++ The master is reporting one fully qualified name, its own, but not its alias puppet. >> ++ The agent is reporting a different name, puppet. >> ++ There is a skew. What is the best fix? >> >> Ahh, great. So, check out /etc/puppetlabs/puppet/puppet.conf and edit the ''server'' parameter to point to your Enterprise Master server''s address. By default the value set is ''puppet'', but you can pass a different value to the installer to change this value - I believe the ''q_puppetagent_server='' question (if you generate an installer answers file). Does this help? >> >> >> >>> Did you make any changes to /etc/puppetlabs/puppet/auth.conf on the PE Master? >> >> >> ++ No. It is unchanged. >> >>> >>> >>> >>> On Sun, Jul 29, 2012 at 11:04 PM, Stuart Cracraft <smcracraft@me.com> wrote: >>> No problem installing open puppet and using it. patterns run aok. >>> >>> when trying to use the installer for pe, on the puppetmaster, installs ok. >>> >>> when trying to use the installer for pe, on the puppet agent, installs ok >>> but no cert sent as shown by puppet cert list on puppetmaster. >>> >>> also >>> >>> puppet agent --test >>> >>> on puppet agent shows >>> >>> err: could not retrieve catalog from remote server: >>> error 400 on SERVER: Error 403 on SERVER: >>> forbidden request puppemasters-fully-qualified-name.com access to /facts/ agent [save] authenticated at line 53 >>> warning: not using cache on failed catalog >>> error: could not retrieve catalog: skipping run >>> >>> Anyone knows what causes the above or how to proceed? >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> >>> -- >>> >>> Gary Larizza >>> Professional Services Engineer >>> Puppet Labs >>> >>> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> >> >> >> >> -- >> >> Gary Larizza >> Professional Services Engineer >> Puppet Labs >> >> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >> >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Opened up 8139. Same result: [root@rhel01 puppet]# !562 puppet kick --trace --host rhel03.oc.cox.net --debug Triggering rhel03.oc.cox.net /opt/puppet/lib/ruby/1.8/net/http.rb:560:in `initialize'' /opt/puppet/lib/ruby/1.8/net/http.rb:560:in `open'' /opt/puppet/lib/ruby/1.8/net/http.rb:560:in `connect'' /opt/puppet/lib/ruby/1.8/timeout.rb:67:in `timeout'' /opt/puppet/lib/ruby/1.8/timeout.rb:101:in `timeout'' /opt/puppet/lib/ruby/1.8/net/http.rb:560:in `connect'' /opt/puppet/lib/ruby/1.8/net/http.rb:553:in `do_start'' /opt/puppet/lib/ruby/1.8/net/http.rb:542:in `start'' /opt/puppet/lib/ruby/1.8/net/http.rb:1035:in `request'' /opt/puppet/lib/ruby/1.8/net/http.rb:857:in `put'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:94:in `send'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:94:in `http_request'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:76:in `http_put'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:152:in `save'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:272:in `save'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application/kick.rb:260:in `run_for_host'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application/kick.rb:205:in `main'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application/kick.rb:204:in `fork'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application/kick.rb:204:in `main'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application/kick.rb:181:in `run_command'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application.rb:416:in `hook'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application.rb:407:in `exit_on_fail'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run'' /opt/puppet/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:69:in `execute'' /usr/local/bin/puppet:4 Host rhel03.oc.cox.net failed: Connection refused - connect(2) rhel03.oc.cox.net finished with exit code 2 Failed: rhel03.oc.cox.net [root@rhel01 puppet]# On Jul 30, 2012, at 9:31 PM, Denmat <tu2bgone@gmail.com> wrote:> Kick talks from the master to the client''s agent on port 8139. > > Cheers > Den > > On 31/07/2012, at 13:42, Stuart Cracraft <smcracraft@me.com> wrote: > >> Unknown. >> >> And a "kick" from the master to the agent returns with "connection refused - connect(2)" >> despite the ports being set (8140, 61613) open on the puppet master firewall / iptables, >> and ssh/ping both operational bi-directionally. >> >> Any ideas puppeteers? >> >> --Stuart >> >> On Jul 30, 2012, at 3:17 PM, Gary Larizza <gary@puppetlabs.com> wrote: >> >>> >>> >>> On Mon, Jul 30, 2012 at 3:10 PM, Stuart Cracraft <smcracraft@me.com> wrote: >>> >>> On Jul 30, 2012, at 12:53 PM, Gary Larizza <gary@puppetlabs.com> wrote: >>> >>>> Hey Stuart, >>>> >>>> You might want to check out the pe-users list for Enterprise-specific questions (people here can/will answer too, but you might bet better results from the PE users on that list --> http://puppetlabs.com/services/customer-support/ and see the section on Joining the Puppet Enterprise Users list). >>>> >>> ++ Thanks - I''ve applied for membership. >>> >>>> Are you sure you''re targeting the PE Master and not the original Open Source master? >>>> Does the output of `puppet agent --configprint server` match your Puppet Enterprise server address? >>> >>> It doesn''t. >>> >>> ++ The master is reporting one fully qualified name, its own, but not its alias puppet. >>> ++ The agent is reporting a different name, puppet. >>> ++ There is a skew. What is the best fix? >>> >>> Ahh, great. So, check out /etc/puppetlabs/puppet/puppet.conf and edit the ''server'' parameter to point to your Enterprise Master server''s address. By default the value set is ''puppet'', but you can pass a different value to the installer to change this value - I believe the ''q_puppetagent_server='' question (if you generate an installer answers file). Does this help? >>> >>> >>> >>>> Did you make any changes to /etc/puppetlabs/puppet/auth.conf on the PE Master? >>> >>> >>> ++ No. It is unchanged. >>> >>>> >>>> >>>> >>>> On Sun, Jul 29, 2012 at 11:04 PM, Stuart Cracraft <smcracraft@me.com> wrote: >>>> No problem installing open puppet and using it. patterns run aok. >>>> >>>> when trying to use the installer for pe, on the puppetmaster, installs ok. >>>> >>>> when trying to use the installer for pe, on the puppet agent, installs ok >>>> but no cert sent as shown by puppet cert list on puppetmaster. >>>> >>>> also >>>> >>>> puppet agent --test >>>> >>>> on puppet agent shows >>>> >>>> err: could not retrieve catalog from remote server: >>>> error 400 on SERVER: Error 403 on SERVER: >>>> forbidden request puppemasters-fully-qualified-name.com access to /facts/ agent [save] authenticated at line 53 >>>> warning: not using cache on failed catalog >>>> error: could not retrieve catalog: skipping run >>>> >>>> Anyone knows what causes the above or how to proceed? >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>>> To post to this group, send email to puppet-users@googlegroups.com. >>>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Gary Larizza >>>> Professional Services Engineer >>>> Puppet Labs >>>> >>>> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>>> To post to this group, send email to puppet-users@googlegroups.com. >>>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> >>> -- >>> >>> Gary Larizza >>> Professional Services Engineer >>> Puppet Labs >>> >>> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >>> >>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Completed and master/agent restarted. On Jul 31, 2012, at 11:41 AM, Shabir Ahmed <ahmed.shabir@gmail.com> wrote:> ### edit auth.conf ### > > ##### > # Allow puppet kick access > path /run > method save > auth any > allow * > > ######## > > > ### edit puppet.conf on agent under agent section: > > listen = true > > > > > > > > > On Mon, Jul 30, 2012 at 9:19 PM, Stuart Cracraft <smcracraft@me.com> wrote: > > Here is the log from the puppet master after /etc/init.d/pe-puppet restart: > > # puppet kick --trace --host rhel.oc.cox.net --debug > Jul 30 21:03:25 rhel01 puppet-master[4266]: Starting Puppet master version 2.7.12 (Puppet Enterprise 2.5.2) > Jul 30 21:03:25 rhel01 puppet-master[4266]: Denying access: Forbidden request: rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net [save] authenticated at line 53 > Jul 30 21:03:25 rhel01 puppet-master[4266]: Forbidden request: rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net [save] authenticated at line 53 > Jul 30 21:03:25 rhel01 puppet-master[4212]: Error 403 on SERVER: Forbidden request: rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net [save] authenticated at line 53 > Jul 30 21:03:25 rhel01 puppet-master[4266]: Report processor failed: Connection refused - connect(2) > > On Jul 30, 2012, at 8:42 PM, Stuart Cracraft <smcracraft@me.com> wrote: > >> Unknown. >> >> And a "kick" from the master to the agent returns with "connection refused - connect(2)" >> despite the ports being set (8140, 61613) open on the puppet master firewall / iptables, >> and ssh/ping both operational bi-directionally. >> >> Any ideas puppeteers? >> >> --Stuart >> >> On Jul 30, 2012, at 3:17 PM, Gary Larizza <gary@puppetlabs.com> wrote: >> >>> >>> >>> On Mon, Jul 30, 2012 at 3:10 PM, Stuart Cracraft <smcracraft@me.com> wrote: >>> >>> On Jul 30, 2012, at 12:53 PM, Gary Larizza <gary@puppetlabs.com> wrote: >>> >>>> Hey Stuart, >>>> >>>> You might want to check out the pe-users list for Enterprise-specific questions (people here can/will answer too, but you might bet better results from the PE users on that list --> http://puppetlabs.com/services/customer-support/ and see the section on Joining the Puppet Enterprise Users list). >>>> >>> ++ Thanks - I''ve applied for membership. >>> >>>> Are you sure you''re targeting the PE Master and not the original Open Source master? >>>> Does the output of `puppet agent --configprint server` match your Puppet Enterprise server address? >>> >>> It doesn''t. >>> >>> ++ The master is reporting one fully qualified name, its own, but not its alias puppet. >>> ++ The agent is reporting a different name, puppet. >>> ++ There is a skew. What is the best fix? >>> >>> Ahh, great. So, check out /etc/puppetlabs/puppet/puppet.conf and edit the ''server'' parameter to point to your Enterprise Master server''s address. By default the value set is ''puppet'', but you can pass a different value to the installer to change this value - I believe the ''q_puppetagent_server='' question (if you generate an installer answers file). Does this help? >>> >>> >>> >>>> Did you make any changes to /etc/puppetlabs/puppet/auth.conf on the PE Master? >>> >>> >>> ++ No. It is unchanged. >>> >>>> >>>> >>>> >>>> On Sun, Jul 29, 2012 at 11:04 PM, Stuart Cracraft <smcracraft@me.com> wrote: >>>> No problem installing open puppet and using it. patterns run aok. >>>> >>>> when trying to use the installer for pe, on the puppetmaster, installs ok. >>>> >>>> when trying to use the installer for pe, on the puppet agent, installs ok >>>> but no cert sent as shown by puppet cert list on puppetmaster. >>>> >>>> also >>>> >>>> puppet agent --test >>>> >>>> on puppet agent shows >>>> >>>> err: could not retrieve catalog from remote server: >>>> error 400 on SERVER: Error 403 on SERVER: >>>> forbidden request puppemasters-fully-qualified-name.com access to /facts/ agent [save] authenticated at line 53 >>>> warning: not using cache on failed catalog >>>> error: could not retrieve catalog: skipping run >>>> >>>> Anyone knows what causes the above or how to proceed? >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>>> To post to this group, send email to puppet-users@googlegroups.com. >>>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Gary Larizza >>>> Professional Services Engineer >>>> Puppet Labs >>>> >>>> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>>> To post to this group, send email to puppet-users@googlegroups.com. >>>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> >>> -- >>> >>> Gary Larizza >>> Professional Services Engineer >>> Puppet Labs >>> >>> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >>> >> > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.