Puppet users - Nov 2010 - Need some help getting up and running: Could not request certificate: Connection refused - connect(2)

Hi all,

I''m a Puppet newbie and am struggling to get myself up and running on
my
first Puppet install and am looking for some assistance.

To explain where I''m at I have done the following (all based on the
Puppet
getting started guide):

1: sudo apt-get install puppet, installation completed but I noted the
following warning (is this important?):
*adduser*: *Warning: The home directory* `/*var/lib/*
*puppet*'' *does not belong to the user you are currently creating*

2: Created /etc/puppet/manifests/site.pp which contains the following (taken
from the Puppet getting started guide):
# site.pp
#Configure permissions on the sudoers file
file { "/etc/sudoers":
  ownner => root, group => root, mode => 440
}

Permissions on site.pp are as follows:
ls -al /etc/puppet/manifests/site.pp
-rw-r--r-- 1 root root 124 2010-11-13 10:14 /etc/puppet/manifests/site.pp

3: For my initial testing I wanted to use a single machine for both the
puppet server and client so have added the following to /etc/hosts :
#Puppet entries
127.0.0.1 localhost.localdomain localhost puppet

4: Tried to start the puppet server using sudo /etc/init.d/puppet start ,
this yielded the following error:
puppet not configured to start, please edit /etc/default/puppet to enable

5: Configure /etc/default/puppet as follows (changes in red):
# Defaults for puppet - sourced by /etc/init.d/puppet

# Start puppet on boot?
START=yes

# Startup options
DAEMON_OPTS=""

6: Tried to start the puppet server using sudo /etc/init.d/puppet
startagain, this time it started without console error however I note
the
following in /var/log/syslog
Nov 13 12:40:11 mibi puppet-agent[14053]: Reopening log files
Nov 13 12:40:11 mibi puppet-agent[14053]: Could not request certificate:
Connection refused - connect(2)

ps -ef | grep puppet shows the following:
root     14053     1  0 12:40 ?        00:00:00 /usr/bin/ruby1.8
/usr/bin/puppet agent

7: Attempting to start the Puppet client also yields the connection refused
error:
sudo puppetd --server localhost --waitforcert 60 --test
err: Could not request certificate: Connection refused - connect(2)

I initially thought that apparmor (firewall) might be blocking the
connection attempts but I have stopped apparmor (using both stop and
teardown options) and yet still the issue persists.
Also I note there is no log file in /var/log/puppet

Does anyone know what i might have done wrong? Most grateful for any insight
here.

Cheers,

Edd

-- 
Web: http://www.eddgrant.com

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Nov 13, 2010, at 4:53 AM, Edd Grant wrote:
> 2: Created /etc/puppet/manifests/site.pp which contains the following
(taken from the Puppet getting started guide):
> # site.pp
> #Configure permissions on the sudoers file
> file { "/etc/sudoers":
>   ownner => root, group => root, mode => 440
> }
This isn''t your problem, but eventually you''ll need to change
ownner to owner.


For everything else, the server is puppetmaster or puppetmasterd depending on
your distro.  Not puppet.  Try installing that package and running that service.

Puppet the service and puppet the package are for the client.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Sat, Nov 13, 2010 at 12:53:35PM +0000, Edd Grant
wrote:
> Hi all,
> 
> 1: sudo apt-get install puppet, installation completed but I noted the
> following warning (is this important?):
> *adduser*: *Warning: The home directory* `/*var/lib/*
> *puppet*'' *does not belong to the user you are currently creating*
This is important because the puppetmaster will normally run as the user
puppet. And when you have something like ssldir = $vardir/ssl in your
/etc/puppet/pupppet.conf, then puppet cannot create its certificates.

You can try the following as user root (or sudo)

rm -R /var/lib/puppet
mkdir -m 0755 /var/lib/puppet
chown puppet:puppet /var/lib/puppet
puppet master --no-daemonize --verbose

The puppetmaster now can/should create everything necessary in
/var/lib/puppet. In another terminal now run

puppet agent --server puppet_or_whatever_hostname --test

You should now see a certificate request via
puppet cert --list

-Stefan

Thanks Patrick, Stefan,

Have installed puppetmaster package and have sorted the
''ownner'' typo
and file permissions. Have re-tested and everything is now looking
good for me to start playing!

Thanks again,

Edd!

On Nov 14, 12:46 pm, Stefan Schulte <stefan.schu...@taunusstein.net>
wrote:
> On Sat, Nov 13, 2010 at 12:53:35PM +0000, Edd Grant wrote:
> > Hi all,
>
> > 1: sudo apt-get install puppet, installation completed but I noted the
> > following warning (is this important?):
> > *adduser*: *Warning: The home directory* `/*var/lib/*
> > *puppet*'' *does not belong to the user you are currently
creating*
>
> This is important because the puppetmaster will normally run as the user
> puppet. And when you have something like ssldir = $vardir/ssl in your
> /etc/puppet/pupppet.conf, then puppet cannot create its certificates.
>
> You can try the following as user root (or sudo)
>
> rm -R /var/lib/puppet
> mkdir -m 0755 /var/lib/puppet
> chown puppet:puppet /var/lib/puppet
> puppet master --no-daemonize --verbose
>
> The puppetmaster now can/should create everything necessary in
> /var/lib/puppet. In another terminal now run
>
> puppet agent --server puppet_or_whatever_hostname --test
>
> You should now see a certificate request via
> puppet cert --list
>
> -Stefan
>
>  application_pgp-signature_part
> < 1KViewDownload
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.