Puppet is kicking my ass. Maybe I''m having a stupid day. Anyway -- currently working through the "Simplest Puppet Install Recipe" at <http://reductivelabs.com/trac/puppet/wiki/ SimplestPuppetInstallRecipe>. Both client and server systems are Centos. Puppet[master] installed from RPMs, client has puppet-0.22.4-1.el5.rf (on Centos 5.2), server has puppet-server-0.22.4-1.el4.rf (on Centos 4.6). Putting in the simple sudo.pp class, and the site.pp as given, and starting the server (via the Redhat init script) went fine. Now, I start puppetd --verbose on the client. I''m supposed to see a message about not receiving a certificate. I don''t get one; I get: err: Could not find server puppet: getaddrinfo: Name or service not known err: Could not request certificate: Certificate retrieval failed: Could not find server puppet And I notice at this point that I wasn''t directed to configure the server name (or IP) anywhere. So I look at puppetd --help, and look at the online docs, and can''t find any hint about how you configure where the server is. So what''s up with that? It''s probably relevant to mention that the client is behind NAT on a private LAN (it''s part of a cluster behind LVS in NAT mode). The client system can connect out to other services on the same host as the puppet server, but if it''s depending on picking up server broadcasts or anything, that''s not going to fly. (Posted via email over an hour ago, an nothing has shown up either in email or in groups, so I''m posting this via the web; sorry if it ends up being a duplicate!) -- David Dyer-Bennet, dd-b@dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Following up to myself to add that I performed the obvious test of trying the puppetd run on a system directly on the same LAN as the master, and got the identical error, still unable to find the master. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
"puppetd --server=YOUR PUPPET MASTER" should get you rolling. I believe by default puppet looks for a server named puppet in the DNS search path. --dn On Mon, Sep 29, 2008 at 2:41 PM, dd-b <illegalname@gmail.com> wrote:> > Following up to myself to add that I performed the obvious test of > trying the puppetd run on a system directly on the same LAN as the > master, and got the identical error, still unable to find the master. > > > >-- --dn http://www.cordump.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
As Dave Nash mentioned, by default, Puppet tries to contact a host called "puppet" to receive it''s configuration. It doesn''t *necessarily* use DNS; a hosts file entry will work, as will other methods. You can configure the option on the command line with the --server option, or you can use /etc/puppet/puppet.conf. --Paul On Mon, Sep 29, 2008 at 1:57 PM, dd-b <illegalname@gmail.com> wrote:> > > Puppet is kicking my ass. Maybe I''m having a stupid day. > > Anyway -- currently working through the "Simplest Puppet Install > Recipe" at > <http://reductivelabs.com/trac/puppet/wiki/ > SimplestPuppetInstallRecipe>. > > Both client and server systems are Centos. Puppet[master] installed > from RPMs, client has puppet-0.22.4-1.el5.rf (on Centos 5.2), server > has puppet-server-0.22.4-1.el4.rf (on Centos 4.6). > > Putting in the simple sudo.pp class, and the site.pp as given, and > starting the server (via the Redhat init script) went fine. > > Now, I start puppetd --verbose on the client. I''m supposed to see a > message about not receiving a certificate. I don''t get one; I get: > > err: Could not find server puppet: getaddrinfo: Name or service not > known > err: Could not request certificate: Certificate retrieval failed: > Could not > find server puppet > > And I notice at this point that I wasn''t directed to configure the > server name (or IP) anywhere. So I look at puppetd --help, and look > at the online docs, and can''t find any hint about how you configure > where the server is. > > So what''s up with that? > > It''s probably relevant to mention that the client is behind NAT on a > private LAN (it''s part of a cluster behind LVS in NAT mode). The > client system can connect out to other services on the same host as > the puppet server, but if it''s depending on picking up server > broadcasts or anything, that''s not going to fly. > > (Posted via email over an hour ago, an nothing has shown up either in > email or in groups, so I''m posting this via the web; sorry if it ends > up being a duplicate!) > > -- > David Dyer-Bennet, dd-b@dd-b.net; http://dd-b.net/ > Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ > Photos: http://dd-b.net/photography/gallery/ > Dragaera: http://dragaera.info > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Sep 29, 4:44 pm, "Dave Nash" <harbinge...@gmail.com> wrote:> "puppetd --server=YOUR PUPPET MASTER" should get you rolling. I believe by > default puppet looks for a server named puppet in the DNS search path.Okay, that solved the problem of not finding the server. Thanks! But didn''t get me much further; I''m still not getting configuration data to the client. [ddb@prcapp03 ~]$ sudo puppetd --verbose --server=prcapp00 warning: peer certificate won''t be verified in this SSL session notice: Did not receive certificate [ In between here I used puppetca on the server to sign the certificate ] notice: Got signed certificate notice: Starting Puppet client version 0.22.4 err: Could not retrieve configuration: Certificates were not trusted: hostname not match with the server certificate err: Could not run Puppet::Network::Client::Master: Cannot connect to server and there is no cached configuration I can''t even tell for sure from this message which end had a problem with certificates, and I don''t know what hostname it tried to check against which certificate. Reverse DNS on the client IP does get back the client name. Is puppet heavily intertwined with DNS? Like most people in commercial environments, I don''t really have control over what DNS is doing with the names. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Sep 29, 4:44 pm, "Dave Nash" <harbinge...@gmail.com> wrote:> "puppetd --server=YOUR PUPPET MASTER" should get you rolling. I believe by > default puppet looks for a server named puppet in the DNS search path.Okay, that solved the problem of not finding the server. Thanks! But didn''t get me much further; I''m still not getting configuration data to the client. [ddb@prcapp03 ~]$ sudo puppetd --verbose --server=prcapp00 warning: peer certificate won''t be verified in this SSL session notice: Did not receive certificate [ In between here I used puppetca on the server to sign the certificate ] notice: Got signed certificate notice: Starting Puppet client version 0.22.4 err: Could not retrieve configuration: Certificates were not trusted: hostname not match with the server certificate err: Could not run Puppet::Network::Client::Master: Cannot connect to server and there is no cached configuration I can''t even tell for sure from this message which end had a problem with certificates, and I don''t know what hostname it tried to check against which certificate. Reverse DNS on the client IP does get back the client name. Is puppet heavily intertwined with DNS? Like most people in commercial environments, I don''t really have control over what DNS is doing with the names. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Sep 29, 4:44 pm, "Dave Nash" <harbinge...@gmail.com> wrote:> "puppetd --server=YOUR PUPPET MASTER" should get you rolling. I believe by > default puppet looks for a server named puppet in the DNS search path.Okay, that solved the problem of not finding the server. Thanks! But didn''t get me much further; I''m still not getting configuration data to the client. [ddb@prcapp03 ~]$ sudo puppetd --verbose --server=prcapp00 warning: peer certificate won''t be verified in this SSL session notice: Did not receive certificate [ In between here I used puppetca on the server to sign the certificate ] notice: Got signed certificate notice: Starting Puppet client version 0.22.4 err: Could not retrieve configuration: Certificates were not trusted: hostname not match with the server certificate err: Could not run Puppet::Network::Client::Master: Cannot connect to server and there is no cached configuration I can''t even tell for sure from this message which end had a problem with certificates, and I don''t know what hostname it tried to check against which certificate. Reverse DNS on the client IP does get back the client name. Is puppet heavily intertwined with DNS? Like most people in commercial environments, I don''t really have control over what DNS is doing with the names. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
dd-b wrote:> On Sep 29, 4:44 pm, "Dave Nash" <harbinge...@gmail.com> wrote: > >> "puppetd --server=YOUR PUPPET MASTER" should get you rolling. I believe by >> default puppet looks for a server named puppet in the DNS search path. >> > > Okay, that solved the problem of not finding the server. Thanks! > > But didn''t get me much further; I''m still not getting configuration > data to the client. > > [ddb@prcapp03 ~]$ sudo puppetd --verbose --server=prcapp00 > warning: peer certificate won''t be verified in this SSL session > notice: Did not receive certificate > [ In between here I used puppetca on the server to sign the > certificate ] > notice: Got signed certificate > notice: Starting Puppet client version 0.22.4 > err: Could not retrieve configuration: Certificates were not trusted: > hostname not match with the server certificate > err: Could not run Puppet::Network::Client::Master: Cannot connect to > server and there is no cached configuration >I think this might be a time sync problem. Please check that the time matches on the puppetmaster and the client. When I was first experimenting with Puppet, I saw this, and curing the time issues resolved the problem. </edg> Ed Greenberg --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Sep 30, 9:55 am, Ed Greenberg <e...@greenberg.org> wrote:> I think this might be a time sync problem. Please check that the time > matches on the puppetmaster and the client.Thanks, but no. All the systems involved are running NTP, and the actual times on them match very closely. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
There is a FAQ on the website which addresses this error message; I suspect you''d have less trouble if you upgraded to a more recent version of Puppet. --Paul On Tue, Sep 30, 2008 at 8:42 AM, dd-b <illegalname@gmail.com> wrote:> > > > On Sep 30, 9:55 am, Ed Greenberg <e...@greenberg.org> wrote: > >> I think this might be a time sync problem. Please check that the time >> matches on the puppetmaster and the client. > > Thanks, but no. All the systems involved are running NTP, and the > actual times on them match very closely. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---