Hi everyone, Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139. iptables -L: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination /etc/puppet/puppet.conf: [main] # The Puppet log directory. # The default value is ''$vardir/log''. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is ''$vardir/run''. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is ''$confdir/ssl''. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is ''$confdir/classes.txt''. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is ''$confdir/localconfig''. localconfig = $vardir/localconfig listen = true server = mypuppet server.fqdn /etc/puppet/namespaceauth.conf: [puppetmaster] allow mypuppet server.fqdn /etc/puppet/auth.conf: # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # --------------------------------- # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # ------------- # This one is differenciated from the path one by a ''~'' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # Puppetrun settings path /run allow mypuppet server fqdn # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn''t ### have a valid certificate # allow access to the master CA path /certificate/ca auth no method find allow * path /certificate/ auth no method find allow * path /certificate_request auth no method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any It seems as though the puppet is running: 4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log But I cant even telnet to port 8139 on the localhost to test that the port is open. Can any one please help? Any suggestions welcome, I have copied the /etc/puppet/*.conf files from another working server. Please Help! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7kFNpVNAyd4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Gabriel Filion
2012-Oct-10 15:50 UTC
Re: [Puppet Users] Puppet client not listening on port 8139
On 2012-10-10 02:35, Pondy wrote:> Hi everyone, > > Please help, I have built a new server and installed puppet (2.6.17) > running on RHEL 6.3. It seems that it is not listening on port 8139.By default, puppet listens on 8140, not 8139. And your configuration doesn''t seem to be specifying an alternative port. maybe that''s what you ought to looking for? tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 18794/ruby1.8> iptables -L: > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > /etc/puppet/puppet.conf: > [main] > # The Puppet log directory. > # The default value is ''$vardir/log''. > logdir = /var/log/puppet > > # Where Puppet PID files are kept. > # The default value is ''$vardir/run''. > rundir = /var/run/puppet > > # Where SSL certificates are kept. > # The default value is ''$confdir/ssl''. > ssldir = $vardir/ssl > > [agent] > # The file in which puppetd stores a list of the classes > # associated with the retrieved configuratiion. Can be loaded in > # the separate ``puppet`` executable using the ``--loadclasses`` > # option. > # The default value is ''$confdir/classes.txt''. > classfile = $vardir/classes.txt > > # Where puppetd caches the local configuration. An > # extension indicating the cache format is added automatically. > # The default value is ''$confdir/localconfig''. > localconfig = $vardir/localconfig > listen = true > server = mypuppet server.fqdn > > /etc/puppet/namespaceauth.conf: > [puppetmaster] > allow mypuppet server.fqdn > > /etc/puppet/auth.conf: > # This is an example auth.conf file, it mimics the puppetmasterd defaults > # > # The ACL are checked in order of appearance in this file. > # > # Supported syntax: > # This file supports two different syntax depending on how > # you want to express the ACL. > # > # Path syntax (the one used below): > # --------------------------------- > # path /path/to/resource > # [environment envlist] > # [method methodlist] > # [auth[enthicated] {yes|no|on|off|any}] > # allow [host|ip|*] > # deny [host|ip] > # > # The path is matched as a prefix. That is /file match at > # the same time /file_metadat and /file_content. > # > # Regex syntax: > # ------------- > # This one is differenciated from the path one by a ''~'' > # > # path ~ regex > # [environment envlist] > # [method methodlist] > # [auth[enthicated] {yes|no|on|off|any}] > # allow [host|ip|*] > # deny [host|ip] > # > # The regex syntax is the same as ruby ones. > # > # Ex: > # path ~ .pp$ > # will match every resource ending in .pp (manifests files for instance) > # > # path ~ ^/path/to/resource > # is essentially equivalent to path /path/to/resource > # > # environment:: restrict an ACL to a specific set of environments > # method:: restrict an ACL to a specific set of methods > # auth:: restrict an ACL to an authenticated or unauthenticated request > # the default when unspecified is to restrict the ACL to authenticated > requests > # (ie exactly as if auth yes was present). > # > > ### Authenticated ACL - those applies only when the client > ### has a valid certificate and is thus authenticated > > # allow nodes to retrieve their own catalog (ie their configuration) > path ~ ^/catalog/([^/]+)$ > method find > allow $1 > > # allow all nodes to access the certificates services > path /certificate_revocation_list/ca > method find > allow * > > # allow all nodes to store their reports > path /report > method save > allow * > > # Puppetrun settings > path /run > allow mypuppet server fqdn > > # inconditionnally allow access to all files services > # which means in practice that fileserver.conf will > # still be used > path /file > allow * > > ### Unauthenticated ACL, for clients for which the current master doesn''t > ### have a valid certificate > > # allow access to the master CA > path /certificate/ca > auth no > method find > allow * > > path /certificate/ > auth no > method find > allow * > > path /certificate_request > auth no > method find, save > allow * > > # this one is not stricly necessary, but it has the merit > # to show the default policy which is deny everything else > path / > auth any > > It seems as though the puppet is running: > 4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd > --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log > > But I cant even telnet to port 8139 on the localhost to test that the > port is open. > > Can any one please help? > > Any suggestions welcome, I have copied the /etc/puppet/*.conf files from > another working server. > > Please Help!-- Gabriel Filion
Jo Rhett
2012-Oct-10 18:30 UTC
Re: [Puppet Users] Puppet client not listening on port 8139
On Oct 9, 2012, at 11:35 PM, Pondy wrote:> Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139....> It seems as though the puppet is running: > 4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.logThat''s the puppet client. You want to start the puppetmaster with "service puppetmaster start" to get the server. As per the other replier, default port is 8140 unless you''ve changed it in the config. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi All, thanks for your input. So, I am talking about the puppet client. The puppet master server and all other clients seem to be working ok. I am also unable to telnet locally to port 8139 or 8140. On Thursday, 11 October 2012 04:30:21 UTC+10, Jo wrote:> > > On Oct 9, 2012, at 11:35 PM, Pondy wrote: > > Please help, I have built a new server and installed puppet (2.6.17) > running on RHEL 6.3. It seems that it is not listening on port 8139. > > ... > > It seems as though the puppet is running: > 4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd > --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log > > > That''s the puppet client. You want to start the puppetmaster with "service > puppetmaster start" to get the server. > > As per the other replier, default port is 8140 unless you''ve changed it in > the config. > > -- > Jo Rhett > Net Consonance : net philanthropy to improve open source and internet > projects. > > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/skdRN9Ej2uwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Gabriel Filion
2012-Oct-10 23:46 UTC
Re: [Puppet Users] Puppet client not listening on port 8139
On 2012-10-10 18:37, Pondy wrote:> Hi All, thanks for your input. So, I am talking about the puppet client.ah oops sorry, I''m not used to dealing with this option :\ my bad> The puppet master server and all other clients seem to be working ok. I > am also unable to telnet locally to port 8139 or 8140.hmm this is weird. in your original post you showed us that there were no iptables rules, and you do have "listen = true" in your puppet.conf. do you see the port as open and listening with netstat? -- Gabriel Filion
Hi Gabrielle, Yes, I have listen = true and I cannot see that port open with netstat... I am truly confused, theres not much showing in the logs either. Thanks! On Thursday, 11 October 2012 09:46:31 UTC+10, Lelutin wrote:> > On 2012-10-10 18:37, Pondy wrote: > > Hi All, thanks for your input. So, I am talking about the puppet client. > > ah oops sorry, I''m not used to dealing with this option :\ my bad > > > The puppet master server and all other clients seem to be working ok. I > > am also unable to telnet locally to port 8139 or 8140. > > hmm this is weird. in your original post you showed us that there were > no iptables rules, and you do have "listen = true" in your puppet.conf. > > do you see the port as open and listening with netstat? > > -- > Gabriel Filion > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Josh Cooper
2012-Oct-11 15:06 UTC
Re: [Puppet Users] Puppet client not listening on port 8139
Hi, On Oct 10, 2012, at 6:58 PM, Pondy <m.pond@griffith.edu.au> wrote:> Hi Gabrielle, > > Yes, I have listen = true and I cannot see that port open with netstat... I am truly confused, theres not much showing in the logs either. > > Thanks! > > > On Thursday, 11 October 2012 09:46:31 UTC+10, Lelutin wrote: >> >> On 2012-10-10 18:37, Pondy wrote: >> > Hi All, thanks for your input. So, I am talking about the puppet client. >> >> ah oops sorry, I''m not used to dealing with this option :\ my bad >> >> > The puppet master server and all other clients seem to be working ok. I >> > am also unable to telnet locally to port 8139 or 8140. >> >> hmm this is weird. in your original post you showed us that there were >> no iptables rules, and you do have "listen = true" in your puppet.conf. >> >> do you see the port as open and listening with netstat? >> >> -- >> Gabriel Filion > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.Try running with --debug. Note you''ll need to provide an auth.conf on the client otherwise no one will be allowed to connect, and puppet will ignore the listen setting. Josh -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.