thr3ads.net - Puppet users - [Puppet Users] unable to get puppet client to work [Oct 2010]

If this information is useful, please help other people find it:
Share via:

marcel@fearless.nl

2010-Oct-18 16:06 UTC

[Puppet Users] unable to get puppet client to work

Hi All,

first off, i''m new to puppet. I''ve started playing with it for
a few
days now and it seems to be perfectly matching my needs.

I''ve created two labs, one at home (working) and one in the office
(not working).
Now as you can gather, i would like some help on find the reason the
the office-lab not to work.

The puppetmaster works as expected, starts good and without issue.

Starting it in debug mode says :

root@master:/etc/puppet# puppetmasterd --no-daemonize -d -v
debug: Failed to load library ''selinux'' for feature
''selinux''
debug: Failed to load library ''ldap'' for feature
''ldap''
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does
not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: /File[/var/puppet/yaml]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/
puppet/ssl/certs]
debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet]
debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/public_keys/master.pem]: Autorequiring
File[/etc/puppet/ssl/public_keys]
debug: /File[/var/puppet/log/masterhttp.log]: Autorequiring File[/var/
puppet/log]
debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/var/puppet/rrd]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/var/puppet/bucket]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/auth.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/puppet/reports]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/manifests/site.pp]: Autorequiring File[/etc/
puppet/manifests]
debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet]
debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet]
debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/
puppet]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/certs/master.pem]: Autorequiring File[/
etc/puppet/ssl/certs]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys/master.pem]: Autorequiring
File[/etc/puppet/ssl/private_keys]
debug: /File[/var/run/puppetmasterd.pid]: Autorequiring File[/var/run]
debug: Finishing transaction -610961228 with 0 changes
debug: /File[/etc/puppet/ssl/ca/private]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/serial]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/
etc/puppet/ssl/ca/private]
debug: /File[/etc/puppet/ssl/ca/requests]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/ca_crt.pem]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/inventory.txt]: Autorequiring File[/
etc/puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/ca_key.pem]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/signed]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: /File[/etc/puppet/ssl/ca/ca_pub.pem]: Autorequiring File[/etc/
puppet/ssl/ca]
debug: Finishing transaction -611217558 with 0 changes
debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50
UTC 2015
debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50
UTC 2015
debug: Using cached certificate for master, good until Fri Oct 16
14:58:50 UTC 2015
notice: Starting Puppet server version 0.25.4

Which seems good to me.

Now when i start a client, this happens :

root@ubuntu:~# puppetd --no-daemonize --verbose --server master --fqdn
ubuntu.lab --waitforcert 60 -o
err: Could not retrieve catalog from remote server: Error 403 on
SERVER: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/
ubuntu.lab [find] at line 93
notice: using cached catalog
erro: Could not retrieve catalog; skipping run

The master says the following :

info: access[^/catalog/([^/]+)$]: allowing ''method'' find
info: access[^/catalog/([^/]+)$]: allowing $1 access
info: access[/certificate_revocation_list/ca]: allowing
''method'' find
info: access[/certificate_revocation_list/ca]: allowing * access
info: access[/report]: allowing ''method'' save
info: access[/report]: allowing * access
info: access[/file]: allowing * access
info: access[/certificate/ca]: adding authentication no
info: access[/certificate/ca]: allowing ''method'' find
info: access[/certificate/ca]: allowing * access
info: access[/certificate/]: adding authentication no
info: access[/certificate/]: allowing ''method'' find
info: access[/certificate/]: allowing * access
info: access[/certificate_request]: adding authentication no
info: access[/certificate_request]: allowing ''method'' find
info: access[/certificate_request]: allowing ''method'' save
info: access[/certificate_request]: allowing * access
info: access[/]: adding authentication any
info: access[/]: defaulting to no access for ubuntu.lab
warning: Denying access: Forbidden request: ubuntu.lab(10.31.18.31)
access to /catalog/ubuntu.lab [find] at line 93
err: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/
ubuntu.lab [find] at line 93

My config files are

master puppet.conf

[puppetmasterd]
    report_port = 8140
    ca_port = 8140
    puppetdlockfile = /var/puppet/state/puppetdlock
    localconfig = /var/puppet/state/localconfig
    classfile = /var/puppet/state/classes.txt
    reportserver = master.lab
    statefile = /var/puppet/state/state.yaml
    clientbucketdir = /var/puppet/clientbucket
    puppetdlog = /var/puppet/log/puppetd.log
    report_server = master.lab
    # noop = false
    graphdir = /var/puppet/state/graphs
    ca_server = master.lab
    # preferred_serialization_format = pson
    # ignorecache = false
    splaylimit = 1800
    clientyamldir = /var/puppet/client_yaml
    # configtimeout = 120
    csrdir = /etc/puppet/ssl/ca/requests
    serial = /etc/puppet/ssl/ca/serial
    # ca_ttl = 5y
    # keylength = 1024
    cacert = /etc/puppet/ssl/ca/ca_crt.pem
    cacrl = /etc/puppet/ssl/ca/ca_crl.pem
    signeddir = /etc/puppet/ssl/ca/signed
    autosign = /etc/puppet/autosign.conf
    # ca_md = md5
    cert_inventory = /etc/puppet/ssl/ca/inventory.txt
    cakey = /etc/puppet/ssl/ca/ca_key.pem
    caprivatedir = /etc/puppet/ssl/ca/private
    capass = /etc/puppet/ssl/ca/private/ca.pass
    # ca_days     # req_bits = 2048
    cadir = /etc/puppet/ssl/ca
    capub = /etc/puppet/ssl/ca/ca_pub.pem
    # node_terminus = plain
    publickeydir = /etc/puppet/ssl/public_keys
    # http_proxy_port = 3128
    plugindest = /var/puppet/lib
    # color = ansi
    privatedir = /etc/puppet/ssl/private
    # queue_source = stomp://localhost:61613/
    # pluginsignore = .svn CVS .git
    hostcert = /etc/puppet/ssl/certs/master.lab.pem
    confdir = /etc/puppet
    # thin_storeconfigs = false
    factsource = puppet://master.lab/facts/
    localcacert = /etc/puppet/ssl/certs/ca.pem
    logdir = /var/puppet/log
    # filetimeout = 15
    # path = none
    # prerun_command     genconfig = false
    # casesensitive = false
    # genmanifest = false
    # diff_args = -u
    certdir = /etc/puppet/ssl/certs
    httplog = /var/puppet/log/http.log
    # syslogfacility = daemon
    name = puppetmasterd
    requestdir = /etc/puppet/ssl/certificate_requests
    # mkusers = false
    # http_enable_post_connection_check = true
    pluginsource = puppet://master.lab/plugins
    passfile = /etc/puppet/ssl/private/password
    # async_storeconfigs = false
    # maximum_uid = 4294967290
    # trace = false
    factpath = /var/puppet/facts/
    environment = production
    hostprivkey = /etc/puppet/ssl/private_keys/master.lab.pem
    vardir = /var/puppet
    # config_version     # factsync = false
    libdir = /var/puppet/lib
    hostcrl = /etc/puppet/ssl/crl.pem
    rundir = /var/run
    # postrun_command     # diff = diff
    daemonize = true
    # ignoreimport = false
    # external_nodes = none
    certname = master.lab
    # show_diff = false
    ssldir = /etc/puppet/ssl
    # http_proxy_host = none
    privatekeydir = /etc/puppet/ssl/private_keys
    # autoflush = false
    # queue_type = stomp
    # pluginsync = false
    hostcsr = /etc/puppet/ssl/csr_master.lab.pem
    factdest = /var/puppet/facts/
    # configprint     hostpubkey = /etc/puppet/ssl/public_keys/master.lab.pem
    # zlib = true
    # manage_internal_file_permissions = true
    # factsignore = .svn CVS
    statedir = /var/puppet/state
    authconfig = /etc/puppet/namespaceauth.conf
    # certdnsnames     # ldapserver = ldap
    # ldapclassattrs = puppetclass
    # ldapparentattr = parentnode
    # ldapbase     # ldapssl = false
    # ldapport = 389
    # ldapstackedattrs = puppetvar
    # ldapuser     # ldaptls = false
    # ldapstring = (&(objectclass=puppetClient)(cn=%s))
    # ldapattrs = all
    # ldappassword     # ldapnodes = false
    bucketdir = /var/puppet/bucket
    # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
    reportdir = /var/puppet/reports
    rrdinterval = 1800
    modulepath = /etc/puppet/modules:/usr/share/puppet/modules
    bindaddress = 10.31.18.30
    # parseonly = false
    manifest = /etc/puppet/manifests/site.pp
    group = puppet
    masterport = 8140
    rest_authconfig = /etc/puppet/auth.conf
    yamldir = /var/puppet/yaml
    # storeconfigs = false
    fileserverconfig = /etc/puppet/fileserver.conf
    # strict_hostname_checking = false
    # servertype = webrick
    masterlog = /var/puppet/log/puppetmaster.log
    # node_name = cert
    # code     # ssl_client_header = HTTP_X_CLIENT_DN
    # reports = store
    user = puppet
    config = /etc/puppet/puppet.conf
    rrddir = /var/puppet/rrd
    pidfile = /var/run/puppetmasterd.pid
    manifestdir = /etc/puppet/manifests
    ca = true
    masterhttplog = /var/puppet/log/masterhttp.log
    # dbmigrate = false
    # dbuser = puppet
    railslog = /var/puppet/log/rails.log
    dblocation = /var/puppet/state/clientconfigs.sqlite3
    # dbname = puppet
    # dbpassword = puppet
    # rails_loglevel = info
    # dbadapter = sqlite3
    # dbserver = localhost
    # dbsocket     # summarize = false
    # tags     # evaltrace = false
    # lexical = false
    # typecheck = true
    templatedir = /var/puppet/templates
    # paramcheck = true
    # reportfrom = report@master.lab
    tagmap = /etc/puppet/tagmail.conf
    #smtpserver     # sendmail = /usr/sbin/sendmail

my client config puppet.conf

[puppetd]
    # ldappassword     # ldapnodes = false
    # ldapserver = ldap
    # ldapclassattrs = puppetclass
    # ldapparentattr = parentnode
    # ldapbase     # ldapssl = false
    # ldapport = 389
    # ldapstackedattrs = puppetvar
    # ldapuser     # ldaptls = false
    # ldapstring = (&(objectclass=puppetClient)(cn=%s))
    # ldapattrs = all
    factdest = /var/puppet/facts/
    hostprivkey = /etc/puppet/ssl/private_keys/ubuntu.lab.pem
    # autoflush = false
    # factsignore = .svn CVS
    hostcrl = /etc/puppet/ssl/crl.pem
    confdir = /etc/puppet
    # configprint     environment = production
    # zlib = true
    logdir = /var/puppet/log
    ssldir = /etc/puppet/ssl
    # path = none
    # node_terminus = plain
    plugindest = /var/puppet/lib
    privatekeydir = /etc/puppet/ssl/private_keys
    # http_proxy_port = 3128
    # pluginsignore = .svn CVS .git
    hostcsr = /etc/puppet/ssl/csr_ubuntu.lab.pem
    # queue_source = stomp://localhost:61613/
    factsource = puppet://master.lab/facts/
    # color = ansi
    hostpubkey = /etc/puppet/ssl/public_keys/ubuntu.lab.pem
    name = puppetd
    vardir = /var/puppet
    # filetimeout = 15
    # casesensitive = false
    certname = ubuntu.lab
    # prerun_command     rundir = /var/puppet/run
    genconfig = false
    # certdnsnames     # diff = diff
    # ignoreimport = false
    authconfig = /etc/puppet/namespaceauth.conf
    publickeydir = /etc/puppet/ssl/public_keys
    httplog = /var/puppet/log/http.log
    pluginsource = puppet://master.lab/plugins
    # trace = false
    privatedir = /etc/puppet/ssl/private
    # http_enable_post_connection_check = true
    syslogfacility = daemon
    factpath = /var/puppet/facts/
    hostcert = /etc/puppet/ssl/certs/ubuntu.lab.pem
    # async_storeconfigs = false
    # factsync = false
    localcacert = /etc/puppet/ssl/certs/ca.pem
    # config_version     # maximum_uid = 4294967290
    # show_diff = false
    libdir = /var/puppet/lib
    # external_nodes = none
    # postrun_command     # manage_internal_file_permissions = true
    statedir = /var/puppet/state
    daemonize = true
    certdir = /etc/puppet/ssl/certs
    # genmanifest = false
    # diff_args = -u
    requestdir = /etc/puppet/ssl/certificate_requests
    # http_proxy_host = none
    # pluginsync = false
    passfile = /etc/puppet/ssl/private/password
    # mkusers = false
    # queue_type = stomp
    yamldir = /var/puppet/yaml
    # storeconfigs = false
    fileserverconfig = /etc/puppet/fileserver.conf
    # strict_hostname_checking = false
    manifestdir = /etc/puppet/manifests
    masterhttplog = /var/puppet/log/masterhttp.log
    # node_name = cert
    # ssl_client_header = HTTP_X_CLIENT_DN
    # group = puppet
    # reports = store
    rrddir = /var/puppet/rrd
    modulepath = /etc/puppet/modules:/usr/share/puppet/modules
    # ca = true
    manifest = /etc/puppet/manifests/site.pp
    # masterport = 8140
    bucketdir = /var/puppet/bucket
    # code     # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
    # user = puppet
    reportdir = /var/puppet/reports
    rrdinterval = 1800
    masterlog = /var/puppet/log/puppetmaster.log
    # parseonly = false
    rest_authconfig = /etc/puppet/auth.conf
    # evaltrace = false
    # summarize = false
    # tags     # ignorecache = false
    splaylimit = 1800
    # bindaddress     # configtimeout = 120
    clientyamldir = /var/puppet/client_yaml
    report_port = 8140
    # ignoreschedules = false
    ca_port = 8140
    puppetdlockfile = /var/puppet/state/puppetdlock
    # downcasefacts = false
    # noop = false
    config = /etc/puppet/puppet.conf
    # splay = false
    # servertype = webrick
    localconfig = /var/puppet/state/localconfig
    reportserver = master.lab
    classfile = /var/puppet/state/classes.txt
    # graph = false
    server = master.lab
    # listen = false
    # runinterval = 1800
    # catalog_format     # usecacheonfailure = true
    # dynamicfacts = memorysize,memoryfree,swapsize,swapfree
    pidfile = /var/puppet/run/puppetd.pid
    clientbucketdir = /var/puppet/clientbucket
    statefile = /var/puppet/state/state.yaml
    report_server = master.lab
    puppetdlog = /var/puppet/log/puppetd.log
    graphdir = /var/puppet/state/graphs
    ca_server = master.lab
     # report = false
    puppetport = 8139
    # preferred_serialization_format = pson
    # keylength = 1024
    cacert = /etc/puppet/ssl/ca/ca_crt.pem
    cacrl = /etc/puppet/ssl/ca/ca_crl.pem
    signeddir = /etc/puppet/ssl/ca/signed
    autosign = /etc/puppet/autosign.conf
    # ca_md = md5
    cert_inventory = /etc/puppet/ssl/ca/inventory.txt
    cakey = /etc/puppet/ssl/ca/ca_key.pem
    caprivatedir = /etc/puppet/ssl/ca/private
    capass = /etc/puppet/ssl/ca/private/ca.pass
    # ca_days     # req_bits = 2048
    cadir = /etc/puppet/ssl/ca
    capub = /etc/puppet/ssl/ca/ca_pub.pem
    csrdir = /etc/puppet/ssl/ca/requests
    serial = /etc/puppet/ssl/ca/serial
    # ca_ttl = 5y
    # paramcheck = true
    # lexical = false
    # typecheck = true
    templatedir = /var/puppet/templates
    # sendmail     # reportfrom = report@ubuntu.lab
    tagmap = /etc/puppet/tagmail.conf
    # smtpserver = none
    # dbmigrate = false
    # dbuser = puppet
    railslog = /var/puppet/log/rails.log
    dblocation = /var/puppet/state/clientconfigs.sqlite3
    # dbname = puppet
    # dbpassword = puppet
    # rails_loglevel = info
    # dbadapter = sqlite3
    # dbserver = localhost
    # dbsocket 
I''m hoping someone can spot my mistake cause i can''t see it.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Mohit Chawla

2010-Oct-18 16:42 UTC

head link

Re: [Puppet Users] unable to get puppet client to work

Hi,

What''s the client version ?

On Mon, Oct 18, 2010 at 9:36 PM, marcel@fearless.nl
<marcel@fearless.nl>wrote:
> Hi All,
>
> first off, i''m new to puppet. I''ve started playing with
it for a few
> days now and it seems to be perfectly matching my needs.
>
> I''ve created two labs, one at home (working) and one in the office
> (not working).
> Now as you can gather, i would like some help on find the reason the
> the office-lab not to work.
>
> The puppetmaster works as expected, starts good and without issue.
>
> Starting it in debug mode says :
>
> root@master:/etc/puppet# puppetmasterd --no-daemonize -d -v
> debug: Failed to load library ''selinux'' for feature
''selinux''
> debug: Failed to load library ''ldap'' for feature
''ldap''
> debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
> debug: Puppet::Type::User::ProviderPw: file pw does not exist
> debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does
> not exist
> debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
> dscl does not exist
> debug: /File[/var/puppet/yaml]: Autorequiring File[/var/puppet]
> debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/
> puppet/ssl/certs]
> debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet]
> debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet]
> debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet]
> debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
> ssl]
> debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
> debug: /File[/etc/puppet/ssl/public_keys/master.pem]: Autorequiring
> File[/etc/puppet/ssl/public_keys]
> debug: /File[/var/puppet/log/masterhttp.log]: Autorequiring File[/var/
> puppet/log]
> debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/
> ssl]
> debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
> ssl]
> debug: /File[/var/puppet/rrd]: Autorequiring File[/var/puppet]
> debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
> File[/etc/puppet/ssl]
> debug: /File[/var/puppet/bucket]: Autorequiring File[/var/puppet]
> debug: /File[/etc/puppet/auth.conf]: Autorequiring File[/etc/puppet]
> debug: /File[/var/puppet/reports]: Autorequiring File[/var/puppet]
> debug: /File[/etc/puppet/manifests/site.pp]: Autorequiring File[/etc/
> puppet/manifests]
> debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet]
> debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet]
> debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/
> puppet]
> debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
> debug: /File[/etc/puppet/ssl/certs/master.pem]: Autorequiring File[/
> etc/puppet/ssl/certs]
> debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
> puppet/ssl]
> debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
> puppet/ssl]
> debug: /File[/etc/puppet/ssl/private_keys/master.pem]: Autorequiring
> File[/etc/puppet/ssl/private_keys]
> debug: /File[/var/run/puppetmasterd.pid]: Autorequiring File[/var/run]
> debug: Finishing transaction -610961228 with 0 changes
> debug: /File[/etc/puppet/ssl/ca/private]: Autorequiring File[/etc/
> puppet/ssl/ca]
> debug: /File[/etc/puppet/ssl/ca/serial]: Autorequiring File[/etc/
> puppet/ssl/ca]
> debug: /File[/etc/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/
> etc/puppet/ssl/ca/private]
> debug: /File[/etc/puppet/ssl/ca/requests]: Autorequiring File[/etc/
> puppet/ssl/ca]
> debug: /File[/etc/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/etc/
> puppet/ssl/ca]
> debug: /File[/etc/puppet/ssl/ca/ca_crt.pem]: Autorequiring File[/etc/
> puppet/ssl/ca]
> debug: /File[/etc/puppet/ssl/ca/inventory.txt]: Autorequiring File[/
> etc/puppet/ssl/ca]
> debug: /File[/etc/puppet/ssl/ca/ca_key.pem]: Autorequiring File[/etc/
> puppet/ssl/ca]
> debug: /File[/etc/puppet/ssl/ca/signed]: Autorequiring File[/etc/
> puppet/ssl/ca]
> debug: /File[/etc/puppet/ssl/ca/ca_pub.pem]: Autorequiring File[/etc/
> puppet/ssl/ca]
> debug: Finishing transaction -611217558 with 0 changes
> debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50
> UTC 2015
> debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50
> UTC 2015
> debug: Using cached certificate for master, good until Fri Oct 16
> 14:58:50 UTC 2015
> notice: Starting Puppet server version 0.25.4
>
> Which seems good to me.
>
> Now when i start a client, this happens :
>
> root@ubuntu:~# puppetd --no-daemonize --verbose --server master --fqdn
> ubuntu.lab --waitforcert 60 -o
> err: Could not retrieve catalog from remote server: Error 403 on
> SERVER: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/
> ubuntu.lab [find] at line 93
> notice: using cached catalog
> erro: Could not retrieve catalog; skipping run
>
> The master says the following :
>
> info: access[^/catalog/([^/]+)$]: allowing ''method'' find
> info: access[^/catalog/([^/]+)$]: allowing $1 access
> info: access[/certificate_revocation_list/ca]: allowing
''method'' find
> info: access[/certificate_revocation_list/ca]: allowing * access
> info: access[/report]: allowing ''method'' save
> info: access[/report]: allowing * access
> info: access[/file]: allowing * access
> info: access[/certificate/ca]: adding authentication no
> info: access[/certificate/ca]: allowing ''method'' find
> info: access[/certificate/ca]: allowing * access
> info: access[/certificate/]: adding authentication no
> info: access[/certificate/]: allowing ''method'' find
> info: access[/certificate/]: allowing * access
> info: access[/certificate_request]: adding authentication no
> info: access[/certificate_request]: allowing ''method''
find
> info: access[/certificate_request]: allowing ''method''
save
> info: access[/certificate_request]: allowing * access
> info: access[/]: adding authentication any
> info: access[/]: defaulting to no access for ubuntu.lab
> warning: Denying access: Forbidden request: ubuntu.lab(10.31.18.31)
> access to /catalog/ubuntu.lab [find] at line 93
> err: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/
> ubuntu.lab [find] at line 93
>
> My config files are
>
> master puppet.conf
>
> [puppetmasterd]
>    report_port = 8140
>    ca_port = 8140
>    puppetdlockfile = /var/puppet/state/puppetdlock
>    localconfig = /var/puppet/state/localconfig
>    classfile = /var/puppet/state/classes.txt
>    reportserver = master.lab
>    statefile = /var/puppet/state/state.yaml
>    clientbucketdir = /var/puppet/clientbucket
>    puppetdlog = /var/puppet/log/puppetd.log
>    report_server = master.lab
>    # noop = false
>    graphdir = /var/puppet/state/graphs
>    ca_server = master.lab
>    # preferred_serialization_format = pson
>    # ignorecache = false
>    splaylimit = 1800
>    clientyamldir = /var/puppet/client_yaml
>    # configtimeout = 120
>    csrdir = /etc/puppet/ssl/ca/requests
>    serial = /etc/puppet/ssl/ca/serial
>    # ca_ttl = 5y
>    # keylength = 1024
>    cacert = /etc/puppet/ssl/ca/ca_crt.pem
>    cacrl = /etc/puppet/ssl/ca/ca_crl.pem
>    signeddir = /etc/puppet/ssl/ca/signed
>    autosign = /etc/puppet/autosign.conf
>    # ca_md = md5
>    cert_inventory = /etc/puppet/ssl/ca/inventory.txt
>    cakey = /etc/puppet/ssl/ca/ca_key.pem
>    caprivatedir = /etc/puppet/ssl/ca/private
>    capass = /etc/puppet/ssl/ca/private/ca.pass
>    # ca_days >    # req_bits = 2048
>    cadir = /etc/puppet/ssl/ca
>    capub = /etc/puppet/ssl/ca/ca_pub.pem
>    # node_terminus = plain
>    publickeydir = /etc/puppet/ssl/public_keys
>    # http_proxy_port = 3128
>    plugindest = /var/puppet/lib
>    # color = ansi
>    privatedir = /etc/puppet/ssl/private
>    # queue_source = stomp://localhost:61613/
>    # pluginsignore = .svn CVS .git
>    hostcert = /etc/puppet/ssl/certs/master.lab.pem
>    confdir = /etc/puppet
>    # thin_storeconfigs = false
>    factsource = puppet://master.lab/facts/
>    localcacert = /etc/puppet/ssl/certs/ca.pem
>    logdir = /var/puppet/log
>    # filetimeout = 15
>    # path = none
>    # prerun_command >    genconfig = false
>    # casesensitive = false
>    # genmanifest = false
>    # diff_args = -u
>    certdir = /etc/puppet/ssl/certs
>    httplog = /var/puppet/log/http.log
>    # syslogfacility = daemon
>    name = puppetmasterd
>    requestdir = /etc/puppet/ssl/certificate_requests
>    # mkusers = false
>    # http_enable_post_connection_check = true
>    pluginsource = puppet://master.lab/plugins
>    passfile = /etc/puppet/ssl/private/password
>    # async_storeconfigs = false
>    # maximum_uid = 4294967290
>    # trace = false
>    factpath = /var/puppet/facts/
>    environment = production
>    hostprivkey = /etc/puppet/ssl/private_keys/master.lab.pem
>    vardir = /var/puppet
>    # config_version >    # factsync = false
>    libdir = /var/puppet/lib
>    hostcrl = /etc/puppet/ssl/crl.pem
>    rundir = /var/run
>    # postrun_command >    # diff = diff
>    daemonize = true
>    # ignoreimport = false
>    # external_nodes = none
>    certname = master.lab
>    # show_diff = false
>    ssldir = /etc/puppet/ssl
>    # http_proxy_host = none
>    privatekeydir = /etc/puppet/ssl/private_keys
>    # autoflush = false
>    # queue_type = stomp
>    # pluginsync = false
>    hostcsr = /etc/puppet/ssl/csr_master.lab.pem
>    factdest = /var/puppet/facts/
>    # configprint >    hostpubkey =
/etc/puppet/ssl/public_keys/master.lab.pem
>    # zlib = true
>    # manage_internal_file_permissions = true
>    # factsignore = .svn CVS
>    statedir = /var/puppet/state
>    authconfig = /etc/puppet/namespaceauth.conf
>    # certdnsnames >    # ldapserver = ldap
>    # ldapclassattrs = puppetclass
>    # ldapparentattr = parentnode
>    # ldapbase >    # ldapssl = false
>    # ldapport = 389
>    # ldapstackedattrs = puppetvar
>    # ldapuser >    # ldaptls = false
>    # ldapstring = (&(objectclass=puppetClient)(cn=%s))
>    # ldapattrs = all
>    # ldappassword >    # ldapnodes = false
>    bucketdir = /var/puppet/bucket
>    # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
>    reportdir = /var/puppet/reports
>    rrdinterval = 1800
>    modulepath = /etc/puppet/modules:/usr/share/puppet/modules
>    bindaddress = 10.31.18.30
>    # parseonly = false
>    manifest = /etc/puppet/manifests/site.pp
>    group = puppet
>    masterport = 8140
>    rest_authconfig = /etc/puppet/auth.conf
>    yamldir = /var/puppet/yaml
>    # storeconfigs = false
>    fileserverconfig = /etc/puppet/fileserver.conf
>    # strict_hostname_checking = false
>    # servertype = webrick
>    masterlog = /var/puppet/log/puppetmaster.log
>    # node_name = cert
>    # code >    # ssl_client_header = HTTP_X_CLIENT_DN
>    # reports = store
>    user = puppet
>    config = /etc/puppet/puppet.conf
>    rrddir = /var/puppet/rrd
>    pidfile = /var/run/puppetmasterd.pid
>    manifestdir = /etc/puppet/manifests
>    ca = true
>    masterhttplog = /var/puppet/log/masterhttp.log
>    # dbmigrate = false
>    # dbuser = puppet
>    railslog = /var/puppet/log/rails.log
>    dblocation = /var/puppet/state/clientconfigs.sqlite3
>    # dbname = puppet
>    # dbpassword = puppet
>    # rails_loglevel = info
>    # dbadapter = sqlite3
>    # dbserver = localhost
>    # dbsocket >    # summarize = false
>    # tags >    # evaltrace = false
>    # lexical = false
>    # typecheck = true
>    templatedir = /var/puppet/templates
>    # paramcheck = true
>    # reportfrom = report@master.lab
>    tagmap = /etc/puppet/tagmail.conf
>    #smtpserver >    # sendmail = /usr/sbin/sendmail
>
> my client config puppet.conf
>
> [puppetd]
>    # ldappassword >    # ldapnodes = false
>    # ldapserver = ldap
>    # ldapclassattrs = puppetclass
>    # ldapparentattr = parentnode
>    # ldapbase >    # ldapssl = false
>    # ldapport = 389
>    # ldapstackedattrs = puppetvar
>    # ldapuser >    # ldaptls = false
>    # ldapstring = (&(objectclass=puppetClient)(cn=%s))
>    # ldapattrs = all
>    factdest = /var/puppet/facts/
>    hostprivkey = /etc/puppet/ssl/private_keys/ubuntu.lab.pem
>    # autoflush = false
>    # factsignore = .svn CVS
>    hostcrl = /etc/puppet/ssl/crl.pem
>    confdir = /etc/puppet
>    # configprint >    environment = production
>    # zlib = true
>    logdir = /var/puppet/log
>    ssldir = /etc/puppet/ssl
>    # path = none
>    # node_terminus = plain
>    plugindest = /var/puppet/lib
>    privatekeydir = /etc/puppet/ssl/private_keys
>    # http_proxy_port = 3128
>    # pluginsignore = .svn CVS .git
>    hostcsr = /etc/puppet/ssl/csr_ubuntu.lab.pem
>    # queue_source = stomp://localhost:61613/
>    factsource = puppet://master.lab/facts/
>    # color = ansi
>    hostpubkey = /etc/puppet/ssl/public_keys/ubuntu.lab.pem
>    name = puppetd
>    vardir = /var/puppet
>    # filetimeout = 15
>    # casesensitive = false
>    certname = ubuntu.lab
>    # prerun_command >    rundir = /var/puppet/run
>    genconfig = false
>    # certdnsnames >    # diff = diff
>    # ignoreimport = false
>    authconfig = /etc/puppet/namespaceauth.conf
>    publickeydir = /etc/puppet/ssl/public_keys
>    httplog = /var/puppet/log/http.log
>    pluginsource = puppet://master.lab/plugins
>    # trace = false
>    privatedir = /etc/puppet/ssl/private
>    # http_enable_post_connection_check = true
>    syslogfacility = daemon
>    factpath = /var/puppet/facts/
>    hostcert = /etc/puppet/ssl/certs/ubuntu.lab.pem
>    # async_storeconfigs = false
>    # factsync = false
>    localcacert = /etc/puppet/ssl/certs/ca.pem
>    # config_version >    # maximum_uid = 4294967290
>    # show_diff = false
>    libdir = /var/puppet/lib
>    # external_nodes = none
>    # postrun_command >    # manage_internal_file_permissions = true
>    statedir = /var/puppet/state
>    daemonize = true
>    certdir = /etc/puppet/ssl/certs
>    # genmanifest = false
>    # diff_args = -u
>    requestdir = /etc/puppet/ssl/certificate_requests
>    # http_proxy_host = none
>    # pluginsync = false
>    passfile = /etc/puppet/ssl/private/password
>    # mkusers = false
>    # queue_type = stomp
>    yamldir = /var/puppet/yaml
>    # storeconfigs = false
>    fileserverconfig = /etc/puppet/fileserver.conf
>    # strict_hostname_checking = false
>    manifestdir = /etc/puppet/manifests
>    masterhttplog = /var/puppet/log/masterhttp.log
>    # node_name = cert
>    # ssl_client_header = HTTP_X_CLIENT_DN
>    # group = puppet
>    # reports = store
>    rrddir = /var/puppet/rrd
>    modulepath = /etc/puppet/modules:/usr/share/puppet/modules
>    # ca = true
>    manifest = /etc/puppet/manifests/site.pp
>    # masterport = 8140
>    bucketdir = /var/puppet/bucket
>    # code >    # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
>    # user = puppet
>    reportdir = /var/puppet/reports
>    rrdinterval = 1800
>    masterlog = /var/puppet/log/puppetmaster.log
>    # parseonly = false
>    rest_authconfig = /etc/puppet/auth.conf
>    # evaltrace = false
>    # summarize = false
>    # tags >    # ignorecache = false
>    splaylimit = 1800
>    # bindaddress >    # configtimeout = 120
>    clientyamldir = /var/puppet/client_yaml
>    report_port = 8140
>    # ignoreschedules = false
>    ca_port = 8140
>    puppetdlockfile = /var/puppet/state/puppetdlock
>    # downcasefacts = false
>    # noop = false
>    config = /etc/puppet/puppet.conf
>    # splay = false
>    # servertype = webrick
>    localconfig = /var/puppet/state/localconfig
>    reportserver = master.lab
>    classfile = /var/puppet/state/classes.txt
>    # graph = false
>    server = master.lab
>    # listen = false
>    # runinterval = 1800
>    # catalog_format >    # usecacheonfailure = true
>    # dynamicfacts = memorysize,memoryfree,swapsize,swapfree
>    pidfile = /var/puppet/run/puppetd.pid
>    clientbucketdir = /var/puppet/clientbucket
>    statefile = /var/puppet/state/state.yaml
>    report_server = master.lab
>    puppetdlog = /var/puppet/log/puppetd.log
>    graphdir = /var/puppet/state/graphs
>    ca_server = master.lab
>     # report = false
>    puppetport = 8139
>    # preferred_serialization_format = pson
>    # keylength = 1024
>    cacert = /etc/puppet/ssl/ca/ca_crt.pem
>    cacrl = /etc/puppet/ssl/ca/ca_crl.pem
>    signeddir = /etc/puppet/ssl/ca/signed
>    autosign = /etc/puppet/autosign.conf
>    # ca_md = md5
>    cert_inventory = /etc/puppet/ssl/ca/inventory.txt
>    cakey = /etc/puppet/ssl/ca/ca_key.pem
>    caprivatedir = /etc/puppet/ssl/ca/private
>    capass = /etc/puppet/ssl/ca/private/ca.pass
>    # ca_days >    # req_bits = 2048
>    cadir = /etc/puppet/ssl/ca
>    capub = /etc/puppet/ssl/ca/ca_pub.pem
>    csrdir = /etc/puppet/ssl/ca/requests
>    serial = /etc/puppet/ssl/ca/serial
>    # ca_ttl = 5y
>    # paramcheck = true
>    # lexical = false
>    # typecheck = true
>    templatedir = /var/puppet/templates
>    # sendmail >    # reportfrom = report@ubuntu.lab
>    tagmap = /etc/puppet/tagmail.conf
>    # smtpserver = none
>    # dbmigrate = false
>    # dbuser = puppet
>    railslog = /var/puppet/log/rails.log
>    dblocation = /var/puppet/state/clientconfigs.sqlite3
>    # dbname = puppet
>    # dbpassword = puppet
>    # rails_loglevel = info
>    # dbadapter = sqlite3
>    # dbserver = localhost
>    # dbsocket >
> I''m hoping someone can spot my mistake cause i can''t see
it.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
>
puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

marcel@fearless.nl

2010-Oct-19 11:48 UTC

head link

[Puppet Users] Re: unable to get puppet client to work

0.25.4 (Ubuntu repository)

However, i got it working now. Seemed the reverse DNS was causing
issues.

Cheers,

Marcel

On 18 okt, 18:42, Mohit Chawla <mohit.chawla.bin...@gmail.com>
wrote:> Hi,
>
> What''s the client version ?
>
> On Mon, Oct 18, 2010 at 9:36 PM, mar...@fearless.nl
<mar...@fearless.nl>wrote:
>
>
>
> > Hi All,
>
> > first off, i''m new to puppet. I''ve started playing
with it for a few
> > days now and it seems to be perfectly matching my needs.
>
> > I''ve created two labs, one at home (working) and one in the
office
> > (not working).
> > Now as you can gather, i would like some help on find the reason the
> > the office-lab not to work.
>
> > The puppetmaster works as expected, starts good and without issue.
>
> > Starting it in debug mode says :
>
> > root@master:/etc/puppet# puppetmasterd --no-daemonize -d -v
> > debug: Failed to load library ''selinux'' for feature
''selinux''
> > debug: Failed to load library ''ldap'' for feature
''ldap''
> > debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
> > debug: Puppet::Type::User::ProviderPw: file pw does not exist
> > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does
> > not exist
> > debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
> > dscl does not exist
> > debug: /File[/var/puppet/yaml]: Autorequiring File[/var/puppet]
> > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/
> > puppet/ssl/certs]
> > debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet]
> > debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet]
> > debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet]
> > debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
> > ssl]
> > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
> > debug: /File[/etc/puppet/ssl/public_keys/master.pem]: Autorequiring
> > File[/etc/puppet/ssl/public_keys]
> > debug: /File[/var/puppet/log/masterhttp.log]: Autorequiring File[/var/
> > puppet/log]
> > debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring File[/etc/puppet/
> > ssl]
> > debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
> > ssl]
> > debug: /File[/var/puppet/rrd]: Autorequiring File[/var/puppet]
> > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
> > File[/etc/puppet/ssl]
> > debug: /File[/var/puppet/bucket]: Autorequiring File[/var/puppet]
> > debug: /File[/etc/puppet/auth.conf]: Autorequiring File[/etc/puppet]
> > debug: /File[/var/puppet/reports]: Autorequiring File[/var/puppet]
> > debug: /File[/etc/puppet/manifests/site.pp]: Autorequiring File[/etc/
> > puppet/manifests]
> > debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet]
> > debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet]
> > debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/
> > puppet]
> > debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
> > debug: /File[/etc/puppet/ssl/certs/master.pem]: Autorequiring File[/
> > etc/puppet/ssl/certs]
> > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
> > puppet/ssl]
> > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
> > puppet/ssl]
> > debug: /File[/etc/puppet/ssl/private_keys/master.pem]: Autorequiring
> > File[/etc/puppet/ssl/private_keys]
> > debug: /File[/var/run/puppetmasterd.pid]: Autorequiring File[/var/run]
> > debug: Finishing transaction -610961228 with 0 changes
> > debug: /File[/etc/puppet/ssl/ca/private]: Autorequiring File[/etc/
> > puppet/ssl/ca]
> > debug: /File[/etc/puppet/ssl/ca/serial]: Autorequiring File[/etc/
> > puppet/ssl/ca]
> > debug: /File[/etc/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/
> > etc/puppet/ssl/ca/private]
> > debug: /File[/etc/puppet/ssl/ca/requests]: Autorequiring File[/etc/
> > puppet/ssl/ca]
> > debug: /File[/etc/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/etc/
> > puppet/ssl/ca]
> > debug: /File[/etc/puppet/ssl/ca/ca_crt.pem]: Autorequiring File[/etc/
> > puppet/ssl/ca]
> > debug: /File[/etc/puppet/ssl/ca/inventory.txt]: Autorequiring File[/
> > etc/puppet/ssl/ca]
> > debug: /File[/etc/puppet/ssl/ca/ca_key.pem]: Autorequiring File[/etc/
> > puppet/ssl/ca]
> > debug: /File[/etc/puppet/ssl/ca/signed]: Autorequiring File[/etc/
> > puppet/ssl/ca]
> > debug: /File[/etc/puppet/ssl/ca/ca_pub.pem]: Autorequiring File[/etc/
> > puppet/ssl/ca]
> > debug: Finishing transaction -611217558 with 0 changes
> > debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50
> > UTC 2015
> > debug: Using cached certificate for ca, good until Fri Oct 16 14:58:50
> > UTC 2015
> > debug: Using cached certificate for master, good until Fri Oct 16
> > 14:58:50 UTC 2015
> > notice: Starting Puppet server version 0.25.4
>
> > Which seems good to me.
>
> > Now when i start a client, this happens :
>
> > root@ubuntu:~# puppetd --no-daemonize --verbose --server master --fqdn
> > ubuntu.lab --waitforcert 60 -o
> > err: Could not retrieve catalog from remote server: Error 403 on
> > SERVER: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/
> > ubuntu.lab [find] at line 93
> > notice: using cached catalog
> > erro: Could not retrieve catalog; skipping run
>
> > The master says the following :
>
> > info: access[^/catalog/([^/]+)$]: allowing ''method''
find
> > info: access[^/catalog/([^/]+)$]: allowing $1 access
> > info: access[/certificate_revocation_list/ca]: allowing
''method'' find
> > info: access[/certificate_revocation_list/ca]: allowing * access
> > info: access[/report]: allowing ''method'' save
> > info: access[/report]: allowing * access
> > info: access[/file]: allowing * access
> > info: access[/certificate/ca]: adding authentication no
> > info: access[/certificate/ca]: allowing ''method''
find
> > info: access[/certificate/ca]: allowing * access
> > info: access[/certificate/]: adding authentication no
> > info: access[/certificate/]: allowing ''method'' find
> > info: access[/certificate/]: allowing * access
> > info: access[/certificate_request]: adding authentication no
> > info: access[/certificate_request]: allowing
''method'' find
> > info: access[/certificate_request]: allowing
''method'' save
> > info: access[/certificate_request]: allowing * access
> > info: access[/]: adding authentication any
> > info: access[/]: defaulting to no access for ubuntu.lab
> > warning: Denying access: Forbidden request: ubuntu.lab(10.31.18.31)
> > access to /catalog/ubuntu.lab [find] at line 93
> > err: Forbidden request: ubuntu.lab(10.31.18.31) access to /catalog/
> > ubuntu.lab [find] at line 93
>
> > My config files are
>
> > master puppet.conf
>
> > [puppetmasterd]
> >    report_port = 8140
> >    ca_port = 8140
> >    puppetdlockfile = /var/puppet/state/puppetdlock
> >    localconfig = /var/puppet/state/localconfig
> >    classfile = /var/puppet/state/classes.txt
> >    reportserver = master.lab
> >    statefile = /var/puppet/state/state.yaml
> >    clientbucketdir = /var/puppet/clientbucket
> >    puppetdlog = /var/puppet/log/puppetd.log
> >    report_server = master.lab
> >    # noop = false
> >    graphdir = /var/puppet/state/graphs
> >    ca_server = master.lab
> >    # preferred_serialization_format = pson
> >    # ignorecache = false
> >    splaylimit = 1800
> >    clientyamldir = /var/puppet/client_yaml
> >    # configtimeout = 120
> >    csrdir = /etc/puppet/ssl/ca/requests
> >    serial = /etc/puppet/ssl/ca/serial
> >    # ca_ttl = 5y
> >    # keylength = 1024
> >    cacert = /etc/puppet/ssl/ca/ca_crt.pem
> >    cacrl = /etc/puppet/ssl/ca/ca_crl.pem
> >    signeddir = /etc/puppet/ssl/ca/signed
> >    autosign = /etc/puppet/autosign.conf
> >    # ca_md = md5
> >    cert_inventory = /etc/puppet/ssl/ca/inventory.txt
> >    cakey = /etc/puppet/ssl/ca/ca_key.pem
> >    caprivatedir = /etc/puppet/ssl/ca/private
> >    capass = /etc/puppet/ssl/ca/private/ca.pass
> >    # ca_days > >    # req_bits = 2048
> >    cadir = /etc/puppet/ssl/ca
> >    capub = /etc/puppet/ssl/ca/ca_pub.pem
> >    # node_terminus = plain
> >    publickeydir = /etc/puppet/ssl/public_keys
> >    # http_proxy_port = 3128
> >    plugindest = /var/puppet/lib
> >    # color = ansi
> >    privatedir = /etc/puppet/ssl/private
> >    # queue_source = stomp://localhost:61613/
> >    # pluginsignore = .svn CVS .git
> >    hostcert = /etc/puppet/ssl/certs/master.lab.pem
> >    confdir = /etc/puppet
> >    # thin_storeconfigs = false
> >    factsource = puppet://master.lab/facts/
> >    localcacert = /etc/puppet/ssl/certs/ca.pem
> >    logdir = /var/puppet/log
> >    # filetimeout = 15
> >    # path = none
> >    # prerun_command > >    genconfig = false
> >    # casesensitive = false
> >    # genmanifest = false
> >    # diff_args = -u
> >    certdir = /etc/puppet/ssl/certs
> >    httplog = /var/puppet/log/http.log
> >    # syslogfacility = daemon
> >    name = puppetmasterd
> >    requestdir = /etc/puppet/ssl/certificate_requests
> >    # mkusers = false
> >    # http_enable_post_connection_check = true
> >    pluginsource = puppet://master.lab/plugins
> >    passfile = /etc/puppet/ssl/private/password
> >    # async_storeconfigs = false
> >    # maximum_uid = 4294967290
> >    # trace = false
> >    factpath = /var/puppet/facts/
> >    environment = production
> >    hostprivkey = /etc/puppet/ssl/private_keys/master.lab.pem
> >    vardir = /var/puppet
> >    # config_version > >    # factsync = false
> >    libdir = /var/puppet/lib
> >    hostcrl = /etc/puppet/ssl/crl.pem
> >    rundir = /var/run
> >    # postrun_command > >    # diff = diff
> >    daemonize = true
> >    # ignoreimport = false
> >    # external_nodes = none
> >    certname = master.lab
> >    # show_diff = false
> >    ssldir = /etc/puppet/ssl
> >    # http_proxy_host = none
> >    privatekeydir = /etc/puppet/ssl/private_keys
> >    # autoflush = false
> >    # queue_type = stomp
> >    # pluginsync = false
> >    hostcsr = /etc/puppet/ssl/csr_master.lab.pem
> >    factdest = /var/puppet/facts/
> >    # configprint > >    hostpubkey =
/etc/puppet/ssl/public_keys/master.lab.pem
> >    # zlib = true
> >    # manage_internal_file_permissions = true
> >    # factsignore = .svn CVS
> >    statedir = /var/puppet/state
> >    authconfig = /etc/puppet/namespaceauth.conf
> >    # certdnsnames > >    # ldapserver = ldap
> >    # ldapclassattrs = puppetclass
> >    # ldapparentattr = parentnode
> >    # ldapbase > >    # ldapssl = false
> >    # ldapport = 389
> >    # ldapstackedattrs = puppetvar
> >    # ldapuser > >    # ldaptls = false
> >    # ldapstring = (&(objectclass=puppetClient)(cn=%s))
> >    # ldapattrs = all
> >    # ldappassword > >    # ldapnodes
>
> ...
>
> meer lezen »
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

vonObelix

2010-Nov-10 21:31 UTC

head link

[Puppet Users] Re: unable to get puppet client to work

How did you fix this?

On 19 Okt., 12:48, "mar...@fearless.nl" <mar...@fearless.nl>
wrote:> 0.25.4 (Ubuntu repository)
>
> However, i got it working now. Seemed the reverse DNS was causing
> issues.
>
> Cheers,
>
> Marcel
>
> On 18 okt, 18:42, Mohit Chawla <mohit.chawla.bin...@gmail.com> wrote:
>
> > Hi,
>
> > What''s the client version ?
>
> > On Mon, Oct 18, 2010 at 9:36 PM, mar...@fearless.nl
<mar...@fearless.nl>wrote:
>
> > > Hi All,
>
> > > first off, i''m new to puppet. I''ve started
playing with it for a few
> > > days now and it seems to be perfectly matching my needs.
>
> > > I''ve created two labs, one at home (working) and one in
the office
> > > (not working).
> > > Now as you can gather, i would like some help on find the reason
the
> > > the office-lab not to work.
>
> > > The puppetmaster works as expected, starts good and without
issue.
>
> > > Starting it in debug mode says :
>
> > > root@master:/etc/puppet# puppetmasterd --no-daemonize -d -v
> > > debug: Failed to load library ''selinux'' for
feature ''selinux''
> > > debug: Failed to load library ''ldap'' for
feature ''ldap''
> > > debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
> > > debug: Puppet::Type::User::ProviderPw: file pw does not exist
> > > debug: Puppet::Type::User::ProviderUser_role_add: file rolemod
does
> > > not exist
> > > debug: Puppet::Type::User::ProviderDirectoryservice: file
/usr/bin/
> > > dscl does not exist
> > > debug: /File[/var/puppet/yaml]: Autorequiring File[/var/puppet]
> > > debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring
File[/etc/
> > > puppet/ssl/certs]
> > > debug: /File[/etc/puppet/manifests]: Autorequiring
File[/etc/puppet]
> > > debug: /File[/var/puppet/state]: Autorequiring File[/var/puppet]
> > > debug: /File[/var/puppet/facts]: Autorequiring File[/var/puppet]
> > > debug: /File[/etc/puppet/ssl/certs]: Autorequiring
File[/etc/puppet/
> > > ssl]
> > > debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
> > > debug: /File[/etc/puppet/ssl/public_keys/master.pem]:
Autorequiring
> > > File[/etc/puppet/ssl/public_keys]
> > > debug: /File[/var/puppet/log/masterhttp.log]: Autorequiring
File[/var/
> > > puppet/log]
> > > debug: /File[/etc/puppet/ssl/crl.pem]: Autorequiring
File[/etc/puppet/
> > > ssl]
> > > debug: /File[/etc/puppet/ssl/private]: Autorequiring
File[/etc/puppet/
> > > ssl]
> > > debug: /File[/var/puppet/rrd]: Autorequiring File[/var/puppet]
> > > debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
> > > File[/etc/puppet/ssl]
> > > debug: /File[/var/puppet/bucket]: Autorequiring File[/var/puppet]
> > > debug: /File[/etc/puppet/auth.conf]: Autorequiring
File[/etc/puppet]
> > > debug: /File[/var/puppet/reports]: Autorequiring
File[/var/puppet]
> > > debug: /File[/etc/puppet/manifests/site.pp]: Autorequiring
File[/etc/
> > > puppet/manifests]
> > > debug: /File[/var/puppet/log]: Autorequiring File[/var/puppet]
> > > debug: /File[/var/puppet/lib]: Autorequiring File[/var/puppet]
> > > debug: /File[/etc/puppet/fileserver.conf]: Autorequiring
File[/etc/
> > > puppet]
> > > debug: /File[/etc/puppet/puppet.conf]: Autorequiring
File[/etc/puppet]
> > > debug: /File[/etc/puppet/ssl/certs/master.pem]: Autorequiring
File[/
> > > etc/puppet/ssl/certs]
> > > debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring
File[/etc/
> > > puppet/ssl]
> > > debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring
File[/etc/
> > > puppet/ssl]
> > > debug: /File[/etc/puppet/ssl/private_keys/master.pem]:
Autorequiring
> > > File[/etc/puppet/ssl/private_keys]
> > > debug: /File[/var/run/puppetmasterd.pid]: Autorequiring
File[/var/run]
> > > debug: Finishing transaction -610961228 with 0 changes
> > > debug: /File[/etc/puppet/ssl/ca/private]: Autorequiring
File[/etc/
> > > puppet/ssl/ca]
> > > debug: /File[/etc/puppet/ssl/ca/serial]: Autorequiring File[/etc/
> > > puppet/ssl/ca]
> > > debug: /File[/etc/puppet/ssl/ca/private/ca.pass]: Autorequiring
File[/
> > > etc/puppet/ssl/ca/private]
> > > debug: /File[/etc/puppet/ssl/ca/requests]: Autorequiring
File[/etc/
> > > puppet/ssl/ca]
> > > debug: /File[/etc/puppet/ssl/ca/ca_crl.pem]: Autorequiring
File[/etc/
> > > puppet/ssl/ca]
> > > debug: /File[/etc/puppet/ssl/ca/ca_crt.pem]: Autorequiring
File[/etc/
> > > puppet/ssl/ca]
> > > debug: /File[/etc/puppet/ssl/ca/inventory.txt]: Autorequiring
File[/
> > > etc/puppet/ssl/ca]
> > > debug: /File[/etc/puppet/ssl/ca/ca_key.pem]: Autorequiring
File[/etc/
> > > puppet/ssl/ca]
> > > debug: /File[/etc/puppet/ssl/ca/signed]: Autorequiring File[/etc/
> > > puppet/ssl/ca]
> > > debug: /File[/etc/puppet/ssl/ca/ca_pub.pem]: Autorequiring
File[/etc/
> > > puppet/ssl/ca]
> > > debug: Finishing transaction -611217558 with 0 changes
> > > debug: Using cached certificate for ca, good until Fri Oct 16
14:58:50
> > > UTC 2015
> > > debug: Using cached certificate for ca, good until Fri Oct 16
14:58:50
> > > UTC 2015
> > > debug: Using cached certificate for master, good until Fri Oct 16
> > > 14:58:50 UTC 2015
> > > notice: Starting Puppet server version 0.25.4
>
> > > Which seems good to me.
>
> > > Now when i start a client, this happens :
>
> > > root@ubuntu:~# puppetd --no-daemonize --verbose --server master
--fqdn
> > > ubuntu.lab --waitforcert 60 -o
> > > err: Could not retrieve catalog from remote server: Error 403 on
> > > SERVER: Forbidden request: ubuntu.lab(10.31.18.31) access to
/catalog/
> > > ubuntu.lab [find] at line 93
> > > notice: using cached catalog
> > > erro: Could not retrieve catalog; skipping run
>
> > > The master says the following :
>
> > > info: access[^/catalog/([^/]+)$]: allowing
''method'' find
> > > info: access[^/catalog/([^/]+)$]: allowing $1 access
> > > info: access[/certificate_revocation_list/ca]: allowing
''method'' find
> > > info: access[/certificate_revocation_list/ca]: allowing * access
> > > info: access[/report]: allowing ''method'' save
> > > info: access[/report]: allowing * access
> > > info: access[/file]: allowing * access
> > > info: access[/certificate/ca]: adding authentication no
> > > info: access[/certificate/ca]: allowing
''method'' find
> > > info: access[/certificate/ca]: allowing * access
> > > info: access[/certificate/]: adding authentication no
> > > info: access[/certificate/]: allowing ''method''
find
> > > info: access[/certificate/]: allowing * access
> > > info: access[/certificate_request]: adding authentication no
> > > info: access[/certificate_request]: allowing
''method'' find
> > > info: access[/certificate_request]: allowing
''method'' save
> > > info: access[/certificate_request]: allowing * access
> > > info: access[/]: adding authentication any
> > > info: access[/]: defaulting to no access for ubuntu.lab
> > > warning: Denying access: Forbidden request:
ubuntu.lab(10.31.18.31)
> > > access to /catalog/ubuntu.lab [find] at line 93
> > > err: Forbidden request: ubuntu.lab(10.31.18.31) access to
/catalog/
> > > ubuntu.lab [find] at line 93
>
> > > My config files are
>
> > > master puppet.conf
>
> > > [puppetmasterd]
> > >    report_port = 8140
> > >    ca_port = 8140
> > >    puppetdlockfile = /var/puppet/state/puppetdlock
> > >    localconfig = /var/puppet/state/localconfig
> > >    classfile = /var/puppet/state/classes.txt
> > >    reportserver = master.lab
> > >    statefile = /var/puppet/state/state.yaml
> > >    clientbucketdir = /var/puppet/clientbucket
> > >    puppetdlog = /var/puppet/log/puppetd.log
> > >    report_server = master.lab
> > >    # noop = false
> > >    graphdir = /var/puppet/state/graphs
> > >    ca_server = master.lab
> > >    # preferred_serialization_format = pson
> > >    # ignorecache = false
> > >    splaylimit = 1800
> > >    clientyamldir = /var/puppet/client_yaml
> > >    # configtimeout = 120
> > >    csrdir = /etc/puppet/ssl/ca/requests
> > >    serial = /etc/puppet/ssl/ca/serial
> > >    # ca_ttl = 5y
> > >    # keylength = 1024
> > >    cacert = /etc/puppet/ssl/ca/ca_crt.pem
> > >    cacrl = /etc/puppet/ssl/ca/ca_crl.pem
> > >    signeddir = /etc/puppet/ssl/ca/signed
> > >    autosign = /etc/puppet/autosign.conf
> > >    # ca_md = md5
> > >    cert_inventory = /etc/puppet/ssl/ca/inventory.txt
> > >    cakey = /etc/puppet/ssl/ca/ca_key.pem
> > >    caprivatedir = /etc/puppet/ssl/ca/private
> > >    capass = /etc/puppet/ssl/ca/private/ca.pass
> > >    # ca_days > > >    # req_bits = 2048
> > >    cadir = /etc/puppet/ssl/ca
> > >    capub = /etc/puppet/ssl/ca/ca_pub.pem
> > >    # node_terminus = plain
> > >    publickeydir = /etc/puppet/ssl/public_keys
> > >    # http_proxy_port = 3128
> > >    plugindest = /var/puppet/lib
> > >    # color = ansi
> > >    privatedir = /etc/puppet/ssl/private
> > >    # queue_source = stomp://localhost:61613/
> > >    # pluginsignore = .svn CVS .git
> > >    hostcert = /etc/puppet/ssl/certs/master.lab.pem
> > >    confdir = /etc/puppet
> > >    # thin_storeconfigs = false
> > >    factsource = puppet://master.lab/facts/
> > >    localcacert = /etc/puppet/ssl/certs/ca.pem
> > >    logdir = /var/puppet/log
> > >    # filetimeout = 15
> > >    # path = none
> > >    # prerun_command > > >    genconfig = false
> > >    # casesensitive = false
> > >    # genmanifest = false
> > >    # diff_args = -u
> > >    certdir = /etc/puppet/ssl/certs
> > >    httplog = /var/puppet/log/http.log
> > >    # syslogfacility = daemon
> > >    name = puppetmasterd
> > >    requestdir = /etc/puppet/ssl/certificate_requests
> > >    # mkusers = false
> > >    # http_enable_post_connection_check = true
> > >    pluginsource = puppet://master.lab/plugins
> > >    passfile = /etc/puppet/ssl/private/password
> > >    # async_storeconfigs = false
> > >    # maximum_uid = 4294967290
> > >    # trace = false
> > >    factpath = /var/puppet/facts/
> > >    environment = production
> > >    hostprivkey = /etc/puppet/ssl/private_keys/master.lab.pem
> > >    vardir = /var/puppet
> > >    # config_version > > >    # factsync = false
> > >    libdir = /var/puppet/lib
> > >    hostcrl = /etc/puppet/ssl/crl.pem
> > >    rundir = /var/run
> > >    # postrun_command > > >    # diff = diff
> > >    daemonize = true
> > >    #
>
> ...
>
> Erfahren Sie mehr »
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Puppet users - Oct 2010 - unable to get puppet client to work

[Puppet Users] unable to get puppet client to work

Re: [Puppet Users] unable to get puppet client to work

[Puppet Users] Re: unable to get puppet client to work

[Puppet Users] Re: unable to get puppet client to work