Philip Gardner
2013-Apr-25 14:31 UTC
[Puppet Users] Problems Running Puppet Once For Passenger Installation - Certificates Disappear
I''m having issues with installing a Puppetmaster using Passenger, basically this bit of the documentation: "Make sure puppet master has been run at least once (or puppet agent, if this master is not the CA), so that all required SSL certificates are in place." Here''s the bit of Puppet that makes this happen: http://pastie.org/7717475 Essentially what I''m doing is attempting to stand up a Puppetmaster acting as a CA (ca.dev.local), a Puppetmaster without CA capabilities (master.dev.local), and an agent in Vagrant (agent.dev.local). All certificates are signed via autosign.conf, and I''m using the puppetlabs-apache module to configure the vhosts. What I''m finding is that I can stand up ca.dev.local from a clean image just fine, but I can not do the same with master.dev.local. The puppet agent starts up just fine, and I''m able to verify on the master that a certificate has been created and signed after the exec runs, however once the machine completes provisioning the catalog fails as those certificates never seem to be created on the master.dev.local. Here''s the output from the provisioning: notice: /Stage[main]/Puppet::Config::Master/Exec[run_puppet_once]/returns: executed successfully notice: /Stage[main]/Puppet::Config::Master/Apache::Vhost[puppetmasterd]/File[/var/log/httpd]/mode: mode changed ''0700'' to ''0755'' notice: /Stage[main]/Puppet::Config::Master/Apache::Vhost[puppetmasterd]/File[/etc/puppet/rack/public]/ensure: created notice: /Stage[main]/Puppet::Config::Master/Apache::Vhost[puppetmasterd]/File[25-puppetmasterd.conf]/ensure: created err: /Stage[main]/Apache/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of ''/sbin/service httpd start'' returned 1: at /tmp/vagrant-puppet/modules-0/apache/manifests/init.pp:37 notice: /Stage[main]/Apache/Service[httpd]: Triggered ''refresh'' from 51 events notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure changed ''stopped'' to ''running'' notice: /Stage[main]/Puppet::Service/Service[puppet]: Triggered ''refresh'' from 1 events notice: Finished catalog run in 290.04 seconds I''ve tried a number of different ways of running the puppet agent by hand to get this to work, and all fail; the certificate request is signed by the ca but the /var/lib/puppet/ssl directory is never created, and thus we get a mismatch when the puppet agent actually does run. Any thoughts? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Felix Frank
2013-Apr-30 07:42 UTC
Re: [Puppet Users] Problems Running Puppet Once For Passenger Installation - Certificates Disappear
Hi, On 04/25/2013 04:31 PM, Philip Gardner wrote:> notice: > /Stage[main]/Puppet::Config::Master/Exec[run_puppet_once]/returns: > executed successfully > notice: > /Stage[main]/Puppet::Config::Master/Apache::Vhost[puppetmasterd]/File[/var/log/httpd]/mode: > mode changed ''0700'' to ''0755'' > notice: > /Stage[main]/Puppet::Config::Master/Apache::Vhost[puppetmasterd]/File[/etc/puppet/rack/public]/ensure: > created > notice: > /Stage[main]/Puppet::Config::Master/Apache::Vhost[puppetmasterd]/File[25-puppetmasterd.conf]/ensure: > created > err: /Stage[main]/Apache/Service[httpd]/ensure: change from stopped to > running failed: Could not start Service[httpd]: Execution of > ''/sbin/service httpd start'' returned 1: at > /tmp/vagrant-puppet/modules-0/apache/manifests/init.pp:37 > notice: /Stage[main]/Apache/Service[httpd]: Triggered ''refresh'' from 51 > events > notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure > changed ''stopped'' to ''running'' > notice: /Stage[main]/Puppet::Service/Service[puppet]: Triggered > ''refresh'' from 1 events > notice: Finished catalog run in 290.04 seconds > > I''ve tried a number of different ways of running the puppet agent by > hand to get this to work, and all fail; the certificate request is > signed by the ca but the /var/lib/puppet/ssl directory is never created, > and thus we get a mismatch when the puppet agent actually does run.Humm, so the above agent output is from a puppet agent run on master.dev.local? Against the ca.dev.local? Or which master compiles the catalog? I just can''t see how that agent runs without storing the certificat in /var/lib/puppet. Any funny settings in puppet.conf on that node perchance? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.