trying to deploy puppetdb , puppet server is RHEL 6.1 , [root@puppet ~]# rpm -qa|grep puppet puppetdb-0.9.1-2.el6.noarch puppet-dashboard-1.2.9-1.el6.noarch puppet-server-2.7.17-1.el6.noarch puppetdb-terminus-0.9.1-2.el6.noarch puppet-2.7.17-1.el6.noarch on the clients, got an error for puppetdb , client1 :~ # puppet agent --test err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit ''replace facts'' command for client1.domain.com to PuppetDB at puppet.domain.com:8081: 403 "Forbidden" warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run on the puppet server, noticed puppetdb is listening on IPv6 not ipv4, is it normal ? [root@puppet ~]# lsof -i:8081 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 1050 puppetdb 39u IPv6 820438 0t0 TCP puppet.domain.com:tproxy (LISTEN) tried to telnet to puppet:8081, works though. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ertxm14svw4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Deepak Giridharagopal
2012-Jul-06 19:42 UTC
Re: [Puppet Users] puppetdb listening on ipv6 port 8081 , not ipv4
On Fri, Jul 6, 2012 at 11:48 AM, Clay <clay.ye@gmail.com> wrote:> trying to deploy puppetdb , puppet server is RHEL 6.1 , > > [root@puppet ~]# rpm -qa|grep puppet > puppetdb-0.9.1-2.el6.noarch > puppet-dashboard-1.2.9-1.el6.noarch > puppet-server-2.7.17-1.el6.noarch > puppetdb-terminus-0.9.1-2.el6.noarch > puppet-2.7.17-1.el6.noarch > > on the clients, got an error for puppetdb , > client1 :~ # puppet agent --test > err: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to submit ''replace facts'' command for client1.domain.com to > PuppetDB at puppet.domain.com:8081: 403 "Forbidden" > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > on the puppet server, noticed puppetdb is listening on IPv6 not ipv4, is > it normal ? > [root@puppet ~]# lsof -i:8081 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > java 1050 puppetdb 39u IPv6 820438 0t0 TCP puppet.domain.com:tproxy > (LISTEN) > > tried to telnet to puppet:8081, works though.What does your /etc/puppetdb/conf.d/jetty.ini file look like? Don''t post the whole thing, as it contains keystore/truststore passwords...but what are the "host" and "ssl-host" options set to? That''s how we determine what IP to bind to for HTTP and HTTPS, respectively. deepak -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Deepak Giridharagopal
2012-Jul-06 20:07 UTC
Re: [Puppet Users] puppetdb listening on ipv6 port 8081 , not ipv4
On Fri, Jul 6, 2012 at 11:48 AM, Clay <clay.ye@gmail.com> wrote:> trying to deploy puppetdb , puppet server is RHEL 6.1 , > > [root@puppet ~]# rpm -qa|grep puppet > puppetdb-0.9.1-2.el6.noarch > puppet-dashboard-1.2.9-1.el6.noarch > puppet-server-2.7.17-1.el6.noarch > puppetdb-terminus-0.9.1-2.el6.noarch > puppet-2.7.17-1.el6.noarch > > on the clients, got an error for puppetdb , > client1 :~ # puppet agent --test > err: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to submit ''replace facts'' command for client1.domain.com to > PuppetDB at puppet.domain.com:8081: 403 "Forbidden" > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > on the puppet server, noticed puppetdb is listening on IPv6 not ipv4, is > it normal ? > [root@puppet ~]# lsof -i:8081 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > java 1050 puppetdb 39u IPv6 820438 0t0 TCP puppet.domain.com:tproxy > (LISTEN) > > tried to telnet to puppet:8081, works though.Actually, if the master is getting a 403 Forbidden, then it''s not connectivity that''s the issue; if it couldn''t connect at all, you''d get a very different error message ("could not connect" or the like). Does your puppetdb server have an agent running on it? And does it successfully run against your master? That should verify that there''s a certificate that works for SSL between master and the puppetdb server. At that point, the issue may simply be that that the puppetdb daemon isn''t choosing that certificate for some reason. deepak -- Deepak Giridharagopal / Puppet Labs / grim_radical -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Clay
2012-Jul-06 20:54 UTC
[Puppet Users] Re: puppetdb listening on ipv6 port 8081 , not ipv4
here''s the jetty.ini . [jetty] # Hostname to list for clear-text HTTP. Default is localhost #host = localhost # Port to listen on for clear-text HTTP. port = 8080 ssl-host = puppet.domain.com ssl-port = 8081 ... -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/85KnZBtd6P8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Clay
2012-Jul-11 01:02 UTC
[Puppet Users] Re: puppetdb listening on ipv6 port 8081 , not ipv4
Thanks Deepak for reply. this is resolved, the problem is the puppet agent on puppet master can''t connect to master itself, which is due to proxy config in the puppet.conf , the above ipv6 is just not showing correctly , but it''s working. Clay -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4xSIP8z53QIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.