Puppet users - Jun 2012 - Starting over with Puppet Master and Puppet Client

I am making a huge mess, so I''d rather to start over and configure
them.

This is a total newbie trying to setup something for his lab.... I think 
this would also help many people out there..
*
Part I. *
I reinstalled puppetmaster and puppet on the master and client machine.

Here is the /etc/hosts for the master
127.0.0.1       localhost
127.0.1.1       ghive-ldap 
10.10.0.57      ghive-ldap.abc.edu ghive-ldap
#10.10.0.57     ghive-ldap.abc.edu puppet
10.10.0.56      giab10

You see the line I commented out? In many tutorials, they say put the 
default puuet after there. I am not sure if I am supposed to do that 
(repeating a line like that...)? Everything else is default (our sys admin 
sets up that way...)

Here is the /etc/hosts on the client
127.0.0.1   localhost
127.0.1.1   giab10

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
130.55.57.51 ghive-ldap

I can ping puppet, ghive-ldap, giab10.....

So for this step one... how am I supposed to tweak things??? Uncomment what 
I have?

----------------
*Part II.
*
I started puppetmaster on the master machine like this

Then on client:
sudo puppet agent --server ghive-ldap --waitforcert 60 --test --verbose
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session

It hangs there, so back to master and check the cert list
sudo puppet cert --list

I got none! 

By the way, I have to add double dash in front of list, because of this:
sudo puppet cert list
Invalid method  to apply

So what should I do? I am not sure where the Doc covers this... 
Should I issue sudo puppetca --sign giab10 on the master??? 

Please guide me through this. Thanks!


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/jWD3_YwGhcsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Silly Question Number One:

What node definitions do you have in your manifest ?

Classically, you have *.pp files in /etc/puppet/manifest/nodes that are
referenced from /etc/puppet/manifest/site.pp

As an example, this line is in my site.pp file:

import "nodes/*-nodes.pp"


“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- tas <gokoproject@gmail.com> wrote:
> I am making a huge mess, so I''d rather to start over and configure
them.
> 
> This is a total newbie trying to setup something for his lab.... I think 
> this would also help many people out there..
> *
> Part I. *
> I reinstalled puppetmaster and puppet on the master and client machine.
> 
> Here is the /etc/hosts for the master
> 127.0.0.1       localhost
> 127.0.1.1       ghive-ldap 
> 10.10.0.57      ghive-ldap.abc.edu ghive-ldap
> #10.10.0.57     ghive-ldap.abc.edu puppet
> 10.10.0.56      giab10
> 
> You see the line I commented out? In many tutorials, they say put the 
> default puuet after there. I am not sure if I am supposed to do that 
> (repeating a line like that...)? Everything else is default (our sys admin 
> sets up that way...)
> 
> Here is the /etc/hosts on the client
> 127.0.0.1   localhost
> 127.0.1.1   giab10
> 
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 130.55.57.51 ghive-ldap
> 
> I can ping puppet, ghive-ldap, giab10.....
> 
> So for this step one... how am I supposed to tweak things??? Uncomment what
> I have?
> 
> ----------------
> *Part II.
> *
> I started puppetmaster on the master machine like this
> 
> Then on client:
> sudo puppet agent --server ghive-ldap --waitforcert 60 --test --verbose
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> 
> It hangs there, so back to master and check the cert list
> sudo puppet cert --list
> 
> I got none! 
> 
> By the way, I have to add double dash in front of list, because of this:
> sudo puppet cert list
> Invalid method  to apply
> 
> So what should I do? I am not sure where the Doc covers this... 
> Should I issue sudo puppetca --sign giab10 on the master??? 
> 
> Please guide me through this. Thanks!
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/jWD3_YwGhcsJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Dear Ygor,

I am afraid I don''t have any node definition. I search through... none.

We basically first blueprint our blueprint machine, generate puppet files, 
and then move them to the puppetmaster''s /etc/puppet/modules
Then there is an init.pp file.

root@ghive-ldap:/etc/puppet# ls -r
ssl  modules  manifests

root@ghive-ldap:/etc/puppet/manifests# ls    (gives none...)

root@ghive-ldap:/etc/puppet/modules# ls
files  manifests  templates

root@ghive-ldap:/etc/puppet/modules/manifests# ls
init.pp

I don''t have site.pp... according to the previous tech''s
manual (giab012412
is the blueprint name, used to generate puppets)
Then, in /etc/puppet/manifests/site.pp modify the line that reads
"include giab.." to say "include giab012412".  This will
tell the
puppetmaster
to apply the new giab blueprint to all giabs that connect to it.


Thanks...
Sorry for making things so confusing...

John
On Thursday, June 14, 2012 5:53:53 PM UTC-4, Ygor wrote:
>
> Silly Question Number One: 
>
> What node definitions do you have in your manifest ? 
>
> Classically, you have *.pp files in /etc/puppet/manifest/nodes that are 
> referenced from /etc/puppet/manifest/site.pp 
>
> As an example, this line is in my site.pp file: 
>
> import "nodes/*-nodes.pp" 
>
>
> “Sometimes I think the surest sign that intelligent life exists elsewhere 
> in the universe is that none of it has tried to contact us.” 
> Bill Waterson (Calvin & Hobbes) 
>
> ----- tas <gokoproject@gmail.com> wrote: 
> > I am making a huge mess, so I''d rather to start over and
configure them.
> > 
> > This is a total newbie trying to setup something for his lab.... I
think
> > this would also help many people out there.. 
> > * 
> > Part I. * 
> > I reinstalled puppetmaster and puppet on the master and client
machine.
> > 
> > Here is the /etc/hosts for the master 
> > 127.0.0.1       localhost 
> > 127.0.1.1       ghive-ldap 
> > 10.10.0.57      ghive-ldap.abc.edu ghive-ldap 
> > #10.10.0.57     ghive-ldap.abc.edu puppet 
> > 10.10.0.56      giab10 
> > 
> > You see the line I commented out? In many tutorials, they say put the 
> > default puuet after there. I am not sure if I am supposed to do that 
> > (repeating a line like that...)? Everything else is default (our sys 
> admin 
> > sets up that way...) 
> > 
> > Here is the /etc/hosts on the client 
> > 127.0.0.1   localhost 
> > 127.0.1.1   giab10 
> > 
> > # The following lines are desirable for IPv6 capable hosts 
> > ::1     localhost ip6-localhost ip6-loopback 
> > fe00::0 ip6-localnet 
> > ff00::0 ip6-mcastprefix 
> > ff02::1 ip6-allnodes 
> > ff02::2 ip6-allrouters 
> > 130.55.57.51 ghive-ldap 
> > 
> > I can ping puppet, ghive-ldap, giab10..... 
> > 
> > So for this step one... how am I supposed to tweak things??? Uncomment
> what 
> > I have? 
> > 
> > ---------------- 
> > *Part II. 
> > * 
> > I started puppetmaster on the master machine like this 
> > 
> > Then on client: 
> > sudo puppet agent --server ghive-ldap --waitforcert 60 --test
--verbose
> > warning: peer certificate won''t be verified in this SSL
session
> > warning: peer certificate won''t be verified in this SSL
session
> > warning: peer certificate won''t be verified in this SSL
session
> > 
> > It hangs there, so back to master and check the cert list 
> > sudo puppet cert --list 
> > 
> > I got none! 
> > 
> > By the way, I have to add double dash in front of list, because of
this:
> > sudo puppet cert list 
> > Invalid method  to apply 
> > 
> > So what should I do? I am not sure where the Doc covers this... 
> > Should I issue sudo puppetca --sign giab10 on the master??? 
> > 
> > Please guide me through this. Thanks! 
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/jWD3_YwGhcsJ. 
> > To post to this group, send email to puppet-users@googlegroups.com. 
> > To unsubscribe from this group, send email to 
> puppet-users+unsubscribe@googlegroups.com. 
> > For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en. 
> > 
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/aeE-5g1vAWkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Without a default node definition as an absolute minimum,
what is the Puppet Master supposed to do when queried by the Puppet Client/Agent
?

I believe it will do exactly what your servers are doing: bupkis !

http://en.wiktionary.org/wiki/bupkis

“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- tas <gokoproject@gmail.com> wrote:
> Dear Ygor,
> 
> I am afraid I don''t have any node definition. I search through...
none.
> 
> We basically first blueprint our blueprint machine, generate puppet files, 
> and then move them to the puppetmaster''s /etc/puppet/modules
> Then there is an init.pp file.
> 
> root@ghive-ldap:/etc/puppet# ls -r
> ssl  modules  manifests
> 
> root@ghive-ldap:/etc/puppet/manifests# ls    (gives none...)
> 
> root@ghive-ldap:/etc/puppet/modules# ls
> files  manifests  templates
> 
> root@ghive-ldap:/etc/puppet/modules/manifests# ls
> init.pp
> 
> I don''t have site.pp... according to the previous tech''s
manual (giab012412
> is the blueprint name, used to generate puppets)
> Then, in /etc/puppet/manifests/site.pp modify the line that reads
> "include giab.." to say "include giab012412".  This
will tell the
> puppetmaster
> to apply the new giab blueprint to all giabs that connect to it.
> 
> 
> Thanks...
> Sorry for making things so confusing...
> 
> John
> On Thursday, June 14, 2012 5:53:53 PM UTC-4, Ygor wrote:
> >
> > Silly Question Number One: 
> >
> > What node definitions do you have in your manifest ? 
> >
> > Classically, you have *.pp files in /etc/puppet/manifest/nodes that
are
> > referenced from /etc/puppet/manifest/site.pp 
> >
> > As an example, this line is in my site.pp file: 
> >
> > import "nodes/*-nodes.pp" 
> >
> >
> > “Sometimes I think the surest sign that intelligent life exists
elsewhere
> > in the universe is that none of it has tried to contact us.” 
> > Bill Waterson (Calvin & Hobbes) 
> >
> > ----- tas <gokoproject@gmail.com> wrote: 
> > > I am making a huge mess, so I''d rather to start over and
configure them.
> > > 
> > > This is a total newbie trying to setup something for his lab....
I think
> > > this would also help many people out there.. 
> > > * 
> > > Part I. * 
> > > I reinstalled puppetmaster and puppet on the master and client
machine.
> > > 
> > > Here is the /etc/hosts for the master 
> > > 127.0.0.1       localhost 
> > > 127.0.1.1       ghive-ldap 
> > > 10.10.0.57      ghive-ldap.abc.edu ghive-ldap 
> > > #10.10.0.57     ghive-ldap.abc.edu puppet 
> > > 10.10.0.56      giab10 
> > > 
> > > You see the line I commented out? In many tutorials, they say put
the
> > > default puuet after there. I am not sure if I am supposed to do
that
> > > (repeating a line like that...)? Everything else is default (our
sys
> > admin 
> > > sets up that way...) 
> > > 
> > > Here is the /etc/hosts on the client 
> > > 127.0.0.1   localhost 
> > > 127.0.1.1   giab10 
> > > 
> > > # The following lines are desirable for IPv6 capable hosts 
> > > ::1     localhost ip6-localhost ip6-loopback 
> > > fe00::0 ip6-localnet 
> > > ff00::0 ip6-mcastprefix 
> > > ff02::1 ip6-allnodes 
> > > ff02::2 ip6-allrouters 
> > > 130.55.57.51 ghive-ldap 
> > > 
> > > I can ping puppet, ghive-ldap, giab10..... 
> > > 
> > > So for this step one... how am I supposed to tweak things???
Uncomment
> > what 
> > > I have? 
> > > 
> > > ---------------- 
> > > *Part II. 
> > > * 
> > > I started puppetmaster on the master machine like this 
> > > 
> > > Then on client: 
> > > sudo puppet agent --server ghive-ldap --waitforcert 60 --test
--verbose
> > > warning: peer certificate won''t be verified in this SSL
session
> > > warning: peer certificate won''t be verified in this SSL
session
> > > warning: peer certificate won''t be verified in this SSL
session
> > > 
> > > It hangs there, so back to master and check the cert list 
> > > sudo puppet cert --list 
> > > 
> > > I got none! 
> > > 
> > > By the way, I have to add double dash in front of list, because
of this:
> > > sudo puppet cert list 
> > > Invalid method  to apply 
> > > 
> > > So what should I do? I am not sure where the Doc covers this... 
> > > Should I issue sudo puppetca --sign giab10 on the master??? 
> > > 
> > > Please guide me through this. Thanks! 
> > > 
> > > 
> > > -- 
> > > You received this message because you are subscribed to the
Google
> > Groups "Puppet Users" group. 
> > > To view this discussion on the web visit 
> > https://groups.google.com/d/msg/puppet-users/-/jWD3_YwGhcsJ. 
> > > To post to this group, send email to
puppet-users@googlegroups.com.
> > > To unsubscribe from this group, send email to 
> > puppet-users+unsubscribe@googlegroups.com. 
> > > For more options, visit this group at 
> > http://groups.google.com/group/puppet-users?hl=en. 
> > > 
> >
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/aeE-5g1vAWkJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Dear Ygor,

Thank you for the guidance. 
I didn''t know we have to specify one... almost every single tutorial I 
visit didn''t mention it :( bad...
http://pratikamin.wordpress.com/2011/05/24/turning-a-blueprint-puppet-recipe-into-a-puppet-deployment/

Based on that tutorial, since I blueprint my server....

I ran puppetd --test on client and didn''t get anything back. No one is 
waiting to be signed by the master.
warning: peer certificate won''t be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled


Structure of my Master
> fileserver.conf
> manifests        ===>   site.pp
> modules          ===>   giab061112
>                                            ===>        files   ==>
tmp
>
> ==> xxxxxxxxxxx.tar
>                                                            manifests    
> ==> init.pp
>                                                            templates    
> ==> etc files
> ssl
>
                                        

site.pp has the following (''giab10'' is the host name of the
client)

node giab061112 {
        include giab061112
}

node ''giab10'' inherits giab061112 {
}

The fileserver.conf is setup like this  (the ip for client is 
10.10.0.56....)
[giab061112]
path /etc/puppet/modules/giab061112/files
allow 10.10.0.0/56

Any idea? Thanks!




On Thursday, June 14, 2012 6:26:05 PM UTC-4, Ygor wrote:
>
> Without a default node definition as an absolute minimum, 
> what is the Puppet Master supposed to do when queried by the Puppet 
> Client/Agent ? 
>
> I believe it will do exactly what your servers are doing: bupkis ! 
>
> http://en.wiktionary.org/wiki/bupkis 
>
> “Sometimes I think the surest sign that intelligent life exists elsewhere 
> in the universe is that none of it has tried to contact us.” 
> Bill Waterson (Calvin & Hobbes) 
>
> ----- tas <gokoproject@gmail.com> wrote: 
> > Dear Ygor, 
> > 
> > I am afraid I don''t have any node definition. I search
through... none.
> > 
> > We basically first blueprint our blueprint machine, generate puppet 
> files, 
> > and then move them to the puppetmaster''s /etc/puppet/modules 
> > Then there is an init.pp file. 
> > 
> > root@ghive-ldap:/etc/puppet# ls -r 
> > ssl  modules  manifests 
> > 
> > root@ghive-ldap:/etc/puppet/manifests# ls    (gives none...) 
> > 
> > root@ghive-ldap:/etc/puppet/modules# ls 
> > files  manifests  templates 
> > 
> > root@ghive-ldap:/etc/puppet/modules/manifests# ls 
> > init.pp 
> > 
> > I don''t have site.pp... according to the previous
tech''s manual
> (giab012412 
> > is the blueprint name, used to generate puppets) 
> > Then, in /etc/puppet/manifests/site.pp modify the line that reads 
> > "include giab.." to say "include giab012412". 
This will tell the
> > puppetmaster 
> > to apply the new giab blueprint to all giabs that connect to it. 
> > 
> > 
> > Thanks... 
> > Sorry for making things so confusing... 
> > 
> > John 
> > On Thursday, June 14, 2012 5:53:53 PM UTC-4, Ygor wrote: 
> > > 
> > > Silly Question Number One: 
> > > 
> > > What node definitions do you have in your manifest ? 
> > > 
> > > Classically, you have *.pp files in /etc/puppet/manifest/nodes
that
> are 
> > > referenced from /etc/puppet/manifest/site.pp 
> > > 
> > > As an example, this line is in my site.pp file: 
> > > 
> > > import "nodes/*-nodes.pp" 
> > > 
> > > 
> > > “Sometimes I think the surest sign that intelligent life exists 
> elsewhere 
> > > in the universe is that none of it has tried to contact us.” 
> > > Bill Waterson (Calvin & Hobbes) 
> > > 
> > > ----- tas <gokoproject@gmail.com> wrote: 
> > > > I am making a huge mess, so I''d rather to start
over and configure
> them. 
> > > > 
> > > > This is a total newbie trying to setup something for his
lab.... I
> think 
> > > > this would also help many people out there.. 
> > > > * 
> > > > Part I. * 
> > > > I reinstalled puppetmaster and puppet on the master and
client
> machine. 
> > > > 
> > > > Here is the /etc/hosts for the master 
> > > > 127.0.0.1       localhost 
> > > > 127.0.1.1       ghive-ldap 
> > > > 10.10.0.57      ghive-ldap.abc.edu ghive-ldap 
> > > > #10.10.0.57     ghive-ldap.abc.edu puppet 
> > > > 10.10.0.56      giab10 
> > > > 
> > > > You see the line I commented out? In many tutorials, they
say put
> the 
> > > > default puuet after there. I am not sure if I am supposed to
do that
> > > > (repeating a line like that...)? Everything else is default
(our sys
> > > admin 
> > > > sets up that way...) 
> > > > 
> > > > Here is the /etc/hosts on the client 
> > > > 127.0.0.1   localhost 
> > > > 127.0.1.1   giab10 
> > > > 
> > > > # The following lines are desirable for IPv6 capable hosts 
> > > > ::1     localhost ip6-localhost ip6-loopback 
> > > > fe00::0 ip6-localnet 
> > > > ff00::0 ip6-mcastprefix 
> > > > ff02::1 ip6-allnodes 
> > > > ff02::2 ip6-allrouters 
> > > > 130.55.57.51 ghive-ldap 
> > > > 
> > > > I can ping puppet, ghive-ldap, giab10..... 
> > > > 
> > > > So for this step one... how am I supposed to tweak things???
> Uncomment 
> > > what 
> > > > I have? 
> > > > 
> > > > ---------------- 
> > > > *Part II. 
> > > > * 
> > > > I started puppetmaster on the master machine like this 
> > > > 
> > > > Then on client: 
> > > > sudo puppet agent --server ghive-ldap --waitforcert 60
--test
> --verbose 
> > > > warning: peer certificate won''t be verified in this
SSL session
> > > > warning: peer certificate won''t be verified in this
SSL session
> > > > warning: peer certificate won''t be verified in this
SSL session
> > > > 
> > > > It hangs there, so back to master and check the cert list 
> > > > sudo puppet cert --list 
> > > > 
> > > > I got none! 
> > > > 
> > > > By the way, I have to add double dash in front of list,
because of
> this: 
> > > > sudo puppet cert list 
> > > > Invalid method  to apply 
> > > > 
> > > > So what should I do? I am not sure where the Doc covers
this...
> > > > Should I issue sudo puppetca --sign giab10 on the master??? 
> > > > 
> > > > Please guide me through this. Thanks! 
> > > > 
> > > > 
> > > > -- 
> > > > You received this message because you are subscribed to the
Google
> > > Groups "Puppet Users" group. 
> > > > To view this discussion on the web visit 
> > > https://groups.google.com/d/msg/puppet-users/-/jWD3_YwGhcsJ. 
> > > > To post to this group, send email to
puppet-users@googlegroups.com.
> > > > To unsubscribe from this group, send email to 
> > > puppet-users+unsubscribe@googlegroups.com. 
> > > > For more options, visit this group at 
> > > http://groups.google.com/group/puppet-users?hl=en. 
> > > > 
> > > 
> > > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/aeE-5g1vAWkJ. 
> > To post to this group, send email to puppet-users@googlegroups.com. 
> > To unsubscribe from this group, send email to 
> puppet-users+unsubscribe@googlegroups.com. 
> > For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en. 
> > 
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/qNnqu5DR8_wJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thursday, June 14, 2012 6:39:36 PM UTC-5, tas wrote:
>
> Dear Ygor,
>
> Thank you for the guidance. 
> I didn''t know we have to specify one... almost every single
tutorial I
> visit didn''t mention it :( bad...
>
>
http://pratikamin.wordpress.com/2011/05/24/turning-a-blueprint-puppet-recipe-into-a-puppet-deployment/
>
Do you mean like this section from that article?

4. Edit /etc/puppet/manifests/site.pp, this is the default file puppet 
looks for, and loads first. For now you probably want to do it in here, but 
later put it into node.pp or something(assuming client name is 
blogtest.test.com)

node vpsblueprint {
include vps_blueprint
}

node ''blogtest.test.com'' inherits vpsblueprint{
}

This tells puppet for the client connecting with the hostname 
blogtest.test.com it should use the vpsblueprint node, which includes the 
vps_blueprint module.

I must say that I have not noticed tutorials to be systematically deficient 
in that regard.  Puppetlabs''s own cover the topic, and I don''t
recall
seeing any full-blown tutorials that miss it.  More narrowly-focused 
tutorials might omit it where it would be out of scope, of course.

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/dprdzL7sH8cJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks John. 
Yes. So I have a similar node configuration setup, as described in the 
previous post. I am writing out these steps so I can document this and 
hopefully will benefit more people....

on master:
service puppetmaster stop
service puppetmaster start

on client
service puppet stop
puppet agent --test

Check cert list on master, none.

*NOW*

on client, delete sudo rm -rf /var/lib/puppet/ssl
then run sudo puppetd -tdv

info: Creating a new SSL key for giab10
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won''t be verified in this SSL session
warning: peer certificate won''t be verified in this SSL session
info: Creating a new SSL certificate request for giab10
info: Certificate Request fingerprint (md5): FF:FF:...........

Wow...

Back to master.... 

sudo puppetca --list
  giab10 (FF:FF:...................)
glasslab@ghive-ldap:~$ sudo puppet cert sign giab1
notice: Signed certificate request for giab10
notice: Removing file Puppet::SSL::CertificateRequest giab10 at 
''/etc/puppet/ssl/ca/requests/giab10.pem''
Cool.

Can we test again? Back to client...

sudo puppet agent --test
err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

AHHHH...  Try this?  First delete the ssl....

sudo rm -rf /etc/puppet/ssl/

giabadmin@giab10:~$ sudo puppet agent --server puppet --waitforcert 60 
--test --verbose

          sudo puppet agent --server ghive-ldap --waitforcert 60 --test 
--verbose 

or
sudo puppet agent --test

err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog



NO LUCK....
Where''s the problem? 

Thanks.


On Friday, June 15, 2012 10:31:50 AM UTC-4, jcbollinger
wrote:
>
>
>
> On Thursday, June 14, 2012 6:39:36 PM UTC-5, tas wrote:
>>
>> Dear Ygor,
>>
>> Thank you for the guidance. 
>> I didn''t know we have to specify one... almost every single
tutorial I
>> visit didn''t mention it :( bad...
>>
>>
http://pratikamin.wordpress.com/2011/05/24/turning-a-blueprint-puppet-recipe-into-a-puppet-deployment/
>>
>
> Do you mean like this section from that article?
>
> 4. Edit /etc/puppet/manifests/site.pp, this is the default file puppet 
> looks for, and loads first. For now you probably want to do it in here, but
> later put it into node.pp or something(assuming client name is 
> blogtest.test.com)
>
> node vpsblueprint {
> include vps_blueprint
> }
>
> node ''blogtest.test.com'' inherits vpsblueprint{
> }
>
> This tells puppet for the client connecting with the hostname 
> blogtest.test.com it should use the vpsblueprint node, which includes the 
> vps_blueprint module.
>
> I must say that I have not noticed tutorials to be systematically 
> deficient in that regard.  Puppetlabs''s own cover the topic, and I
don''t
> recall seeing any full-blown tutorials that miss it.  More narrowly-focused
> tutorials might omit it where it would be out of scope, of course.
>
> John
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/t_kEkkr1M3kJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

By the way, 

sudo puppetd -tdv    did this again I receive the same SSL error....

My /etc/hosts on client looks like this
134.74.77.21 ghive-ldap.domain.com ghive-ldap puppet

On the client I have this
127.0.0.1       localhost
127.0.1.1       ghive-ldap
10.10.0.57      ghive-ldap.domain.com ghive-ldap
10.10.0.57      ghive-ldap.domain.com puppet    <--------- I added this 
line myself
10.10.0.56      giab10

On Friday, June 15, 2012 12:24:04 PM UTC-4, tas wrote:
>
> Thanks John. 
> Yes. So I have a similar node configuration setup, as described in the 
> previous post. I am writing out these steps so I can document this and 
> hopefully will benefit more people....
>
> on master:
> service puppetmaster stop
> service puppetmaster start
>
> on client
> service puppet stop
> puppet agent --test
>
> Check cert list on master, none.
>
> *NOW*
>
> on client, delete sudo rm -rf /var/lib/puppet/ssl
> then run sudo puppetd -tdv
>
> info: Creating a new SSL key for giab10
> warning: peer certificate won''t be verified in this SSL session
> info: Caching certificate for ca
> warning: peer certificate won''t be verified in this SSL session
> warning: peer certificate won''t be verified in this SSL session
> info: Creating a new SSL certificate request for giab10
> info: Certificate Request fingerprint (md5): FF:FF:...........
>
> Wow...
>
> Back to master.... 
>
> sudo puppetca --list
>   giab10 (FF:FF:...................)
> glasslab@ghive-ldap:~$ sudo puppet cert sign giab1
> notice: Signed certificate request for giab10
> notice: Removing file Puppet::SSL::CertificateRequest giab10 at 
> ''/etc/puppet/ssl/ca/requests/giab10.pem''
> Cool.
>
> Can we test again? Back to client...
>
> sudo puppet agent --test
> err: Could not retrieve catalog from remote server: SSL_connect returned=1 
> errno=0 state=SSLv3 read server certificate B: certificate verify failed
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
>
> AHHHH...  Try this?  First delete the ssl....
>
> sudo rm -rf /etc/puppet/ssl/
>
> giabadmin@giab10:~$ sudo puppet agent --server puppet --waitforcert 60 
> --test --verbose
>
>           sudo puppet agent --server ghive-ldap --waitforcert 60 --test 
> --verbose 
>
> or
> sudo puppet agent --test
>
> err: Could not retrieve catalog from remote server: SSL_connect returned=1 
> errno=0 state=SSLv3 read server certificate B: certificate verify failed
> warning: Not using cache on failed catalog
>
>
>
> NO LUCK....
> Where''s the problem? 
>
> Thanks.
>
>
> On Friday, June 15, 2012 10:31:50 AM UTC-4, jcbollinger wrote:
>>
>>
>>
>> On Thursday, June 14, 2012 6:39:36 PM UTC-5, tas wrote:
>>>
>>> Dear Ygor,
>>>
>>> Thank you for the guidance. 
>>> I didn''t know we have to specify one... almost every
single tutorial I
>>> visit didn''t mention it :( bad...
>>>
>>>
http://pratikamin.wordpress.com/2011/05/24/turning-a-blueprint-puppet-recipe-into-a-puppet-deployment/
>>>
>>
>> Do you mean like this section from that article?
>>
>> 4. Edit /etc/puppet/manifests/site.pp, this is the default file puppet 
>> looks for, and loads first. For now you probably want to do it in here,
but
>> later put it into node.pp or something(assuming client name is 
>> blogtest.test.com)
>>
>> node vpsblueprint {
>> include vps_blueprint
>> }
>>
>> node ''blogtest.test.com'' inherits vpsblueprint{
>> }
>>
>> This tells puppet for the client connecting with the hostname 
>> blogtest.test.com it should use the vpsblueprint node, which includes 
>> the vps_blueprint module.
>>
>> I must say that I have not noticed tutorials to be systematically 
>> deficient in that regard.  Puppetlabs''s own cover the topic,
and I don''t
>> recall seeing any full-blown tutorials that miss it.  More
narrowly-focused
>> tutorials might omit it where it would be out of scope, of course.
>>
>> John
>>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/QrFmi9w1bxoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thursday, June 14, 2012 3:26:05 PM UTC-7, Ygor wrote:
>
> Without a default node definition as an absolute minimum, 
> what is the Puppet Master supposed to do when queried by the Puppet 
> Client/Agent ? 
>
> I believe it will do exactly what your servers are doing: bupkis ! 
>


Minor point of pedantry:

While I think having node definitions are a good idea;  technically 
speaking, I dont think they are required. I think it is possible to have a 
site.pp that does exactly the same thing for all machines, and that is 
technically "legal" puppetry.

But I''m not an expert, so please take my statement with a grain of
salt.
 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/v9vv59Wza30J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks for the suggestion, Phillp. Keep this thread alive :)))  I mean docs 
are great, but sometimes a more comprehensive step-by-step like this one 
might serve better.
Any case, anyone know how to deal with the latest issue I have above?

Thanks... 

On Friday, June 15, 2012 12:44:44 PM UTC-4, Philip Brown
wrote:
>
>
>
> On Thursday, June 14, 2012 3:26:05 PM UTC-7, Ygor wrote:
>>
>> Without a default node definition as an absolute minimum, 
>> what is the Puppet Master supposed to do when queried by the Puppet 
>> Client/Agent ? 
>>
>> I believe it will do exactly what your servers are doing: bupkis ! 
>>
>
>
>
> Minor point of pedantry:
>
> While I think having node definitions are a good idea;  technically 
> speaking, I dont think they are required. I think it is possible to have a 
> site.pp that does exactly the same thing for all machines, and that is 
> technically "legal" puppetry.
>
> But I''m not an expert, so please take my statement with a grain of
salt.
>  
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/5cW9VGx-_JIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Friday, June 15, 2012 11:32:11 AM UTC-5, tas wrote:
>
> By the way, 
>
> sudo puppetd -tdv    did this again I receive the same SSL error....
>
> My /etc/hosts on client looks like this
> 134.74.77.21 ghive-ldap.domain.com ghive-ldap puppet
>
> On the client I have this
> 127.0.0.1       localhost
> 127.0.1.1       ghive-ldap
> 10.10.0.57      ghive-ldap.domain.com ghive-ldap
> 10.10.0.57      ghive-ldap.domain.com puppet    <--------- I added this 
> line myself
> 10.10.0.56      giab10
>
That duplication of the entry for 10.10.0.57 is non-standard, and quite 
possibly either won''t do what you hope or will have unwanted side
effects.
Hosts lines support multiple aliases, so you should instead append the 
"puppet" alias to the first 10.10.0.57 entry.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/QU7ZGPvQ6mQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.