Puppet users - Mar 2013 - Problem while Installing software (agent) from puppetmaster to clients

I had installed puppet master and client on two different machines. machine 
A has puppet master and machine B has client. both are centos6 64 bit 
machines.
Machine B (client) is successfully connected to master (machine A). My aim 
is to install New Relic agent (server monitorinig tool) on different 
clients. I had installed new relic agent on machine A and trying to build a 
module so that I can deploy new relic agent remotely to my clients. right 
now I have only one client but there can be n number of clients.

steps carried out on puppetmaster Machine A

a) I had created a new module mcollective under /etc/puppet/modules 
directory. 

 under manifests, I had created a init.pp with the follwoing contents

#Module: mcollective
#
# Class: mcollective
# Description:
# This class does it all.
#
# Files:
# /etc/yum.repos.d/newrelic.repo
#
#
class mcollective {
$my_repo = ''newrelic_repo''
 if $my_repo { include "mcollective::${my_repo}" }
$my_install = ''install''
 if $my_install { include "mcollective::${my_install}" }
}

class mcollective::newrelic_repo {
file { ''/etc/yum.repos.d/newrelic.repo'':
 owner => "root",
 group => "root",
 mode => 644,
 source => ''puppet:///modules/mcollective/newrelic.repo'',
}
}

class mcollective::install {
exec { ''Installing newrelic-repo'':
 command => ''yum -y install newrelic-repo*'',
 timeout => 600,
 }
}

b)  I had also copied newrelic.repo from /etc/yum.repos.d/newrelic.repo to 
/etc/puppet/modules/manifests

c) under files diretcory, I had created sites.pp as 

import ''mcollective''

node ''basenode'' {
include mcollective
include mcollective::newrelic_repo
include mcollective::install
}

node ''WA19487ORACLE01'' inherits basenode {
license_key => ''d15ff577e5f27e071fe9b2d6809b9f2950fe87d1'',
}
d)  here I have called module and passed the license_key for the node.
e) I had restarted my puppetmaster(machine A) and puppet (machine B). when 
I checked /varlog/messages/ of machine A and machine B, new reliec agent is 
not getting deployed on machine B (clinet).
 
f)  my client is not able to retervie the catalog from puppet master. it 
throws following error  when i run puppet agent --test on clinet I am 
getting the result as
[root@WA19487ORACLE01 ~]# puppet agent --test
notice: Ignoring --listen on onetime run
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
using ''eval_generate'': hostname was not match with the server
certificate
err: /File[/var/lib/puppet/lib]: Could not evaluate: hostname was not match 
with the server certificate Could not retrieve file metadata for 
puppet://WA19487PUPPET01/plugins: hostname was not match with the server 
certificate
err: Could not retrieve catalog from remote server: hostname was not match 
with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
Time:
         Last run: 1362381429
err: Could not send report: hostname was not match with the server 
certificate
please post your suggestions to help me out.
 
Thanks
Sachin 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Hi,

there''s a number of problems with your approach. Have you done any
simple deployment tasks using puppet to get you started? I advise to get
very familiar with the basics before trying a more involved management
operation such as newrelic installation.

On 03/04/2013 08:22 AM, guptasachin1112mrt@gmail.com
wrote:
> I had installed puppet master and client on two different machines.
> machine A has puppet master and machine B has client. both are centos6
> 64 bit machines.
> Machine B (client) is successfully connected to master (machine A). My
> aim is to install New Relic agent (server monitorinig tool) on different
> clients. I had installed new relic agent on machine A and trying to
> build a module so that I can deploy new relic agent remotely to my
> clients. right now I have only one client but there can be n number of
> clients.
This is fine so far.
> steps carried out on puppetmaster Machine A
> 
> a) I had created a new module mcollective under /etc/puppet/modules
> directory.
Why is the module called mcollective? Should it not be called newrelic
instead?
>  under manifests, I had created a init.pp with the follwoing contents
> 
> #Module: mcollective
> #
> # Class: mcollective
> # Description:
> # This class does it all.
> #
> # Files:
> # /etc/yum.repos.d/newrelic.repo
> #
> #
> class mcollective {
> $my_repo = ''newrelic_repo''
>  if $my_repo { include "mcollective::${my_repo}" }
> $my_install = ''install''
>  if $my_install { include "mcollective::${my_install}" }
> }
Putting the class names into variables does not strike me as really
benefitting. And it does break the KISS principle.
> class mcollective::newrelic_repo {
> file { ''/etc/yum.repos.d/newrelic.repo'':
>  owner => "root",
>  group => "root",
>  mode => 644,
>  source =>
''puppet:///modules/mcollective/newrelic.repo'',
> }
> }
That''s all right.
> class mcollective::install {
> exec { ''Installing newrelic-repo'':
>  command => ''yum -y install newrelic-repo*'',
>  timeout => 600,
>  }
> }
With puppet, you should use exec as little as possible. Instead, try

package { "newrelic-sysmond": ensure => installed }

This won''t work until the repo has been created, so tell puppet about
the order:

package { "newrelic-sysmond":
  ensure => installed,
  require => Class["newrelic::repo"],
}
> b)  I had also copied newrelic.repo from /etc/yum.repos.d/newrelic.repo
> to /etc/puppet/modules/manifests
This won''t work. If you want to make a file available using file {
name:
source => ... }, it needs to be put into an appropriate files tree, such
as /etc/puppet/modules/newrelic/files/...
> c) under files diretcory, I had created sites.pp as
Now this one should be under manifests!
> import ''mcollective''
Importing modules is deprecated. I advise to not even bother with the
import statement.
> node ''basenode'' {
> include mcollective
> include mcollective::newrelic_repo
> include mcollective::install
> }
That''s fine.
> node ''WA19487ORACLE01'' inherits basenode {
> license_key =>
''d15ff577e5f27e071fe9b2d6809b9f2950fe87d1'',
!!! Please get a new license key. You just shared your key with the
internet. !!!
> }
> d)  here I have called module and passed the license_key for the node.
No. No, you haven''t.

For one thing, the above is a syntax error. In a node block, there can
only be resource declarations such as

include newrelic
host { "localhost": ... }
file { "/etc/motd": ... }

etc.

I think what you are thinking of is a construct such as this:

node ''WA19487ORACLE01'' inherits basenode {
  class { "newrelic::install":
    license_key => "...";
  }
}
> e) I had restarted my puppetmaster(machine A) and puppet (machine B).
> when I checked /varlog/messages/ of machine A and machine B, new reliec
> agent is not getting deployed on machine B (clinet).
When developing puppet manifest, use these commands on your client node:

puppet agent --test --noop

If the output is satisfactory, follow that up with

puppet agent --test

to make puppet apply the necessary changes.
> f)  my client is not able to retervie the catalog from puppet master. it
> throws following error  when i run puppet agent --test on clinet I am
> getting the result as
> [root@WA19487ORACLE01 ~]# puppet agent --test
> notice: Ignoring --listen on onetime run
> info: Retrieving plugin
> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
> using ''eval_generate'': hostname was not match with the
server certificate
> err: /File[/var/lib/puppet/lib]: Could not evaluate: hostname was not
> match with the server certificate Could not retrieve file metadata for
> puppet://WA19487PUPPET01/plugins: hostname was not match with the server
> certificate
> err: Could not retrieve catalog from remote server: hostname was not
> match with the server certificate
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> Time:
>          Last run: 1362381429
> err: Could not send report: hostname was not match with the server
> certificate
> please post your suggestions to help me out.
What is in your /etc/puppet/puppet.conf on the client node?

What is your master node''s FQDN and what is the CN of its certificate?

Regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Thanks frank for providing me help..

I have made few changes in my configuration files. earlier there was also a 
major problem, puppet client is not able to retrieve catalog from master 
but now my puppet cleint is able to retrieve catalog from master.
 my init.pp is as follows:
#Module: newrelic
 #
 # Class: newrelic
 # Description:
 # This class does it all.
 #
 # Files:
 # /etc/yum.repos.d/newrelic.repo
 #
 #
 class newrelic {
 $my_repo = ''newrelic_repo''
  if $my_repo { include "newrelic::${my_repo}" }
 $my_install = ''install''
  if $my_install { include "newrelic::${my_install}" }
 }
---------------------------------------------------------------------------------------------
 class newrelic::newrelic_repo {
 file { ''/etc/yum.repos.d/newrelic.repo'':
  owner => "root",
  group => "root",
  mode => 644,
  source => ''puppet:///modules/newrelic/newrelic.repo'',
 }
 }

--------------------------------------------------------------------------------------------------
 class newrelic::install {
   package { "newrelic-sysmond":
  ensure => installed,
  require => Class["newrelic::newrelic_repo"],
   }
}
-----------------------------------------------------------------------------------------------------
 node ''basenode'' {
    include newrelic
    include newrelic::newrelic_repo
    include newrelic::install
     }
   node ''WA19487ORACLE01'' inherits basenode {
  class { "newrelic::install":
    license_key => "...";
  }
}
-----------------------------------------------
 when I run puppet agent --test from my puppet client machine, I am able to 
get the error message as 

[root@WA19487ORACLE01 yum.repos.d]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb
info: Caching catalog for wa19487oracle01
info: Applying configuration version ''1362564169''
err: /Stage[main]/Newrelic::Install/Package[newrelic-sysmond]/ensure: 
change from absent to present failed: Execution of ''/usr/bin/yum -d 0
-e 0
-y install newrelic-sysmond'' returned 1: warning: rpmts_HdrFromFdno:
Header
V3 DSA/SHA1 Signature, key ID 548c16bf: NOKEY


GPG key retrieval failed: [Errno 14] Could not open/read 
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NewRelic

notice: Finished catalog run in 3.32 seconds
[root@WA19487ORACLE01 yum.repos.d]

right now newrelic.repo is copied to /etc/yum.repos.d/, when I search for 
the package, it says its available but not installed.
what changes I need to do to get it installed.

Thanks 
Sachin 


On Tuesday, March 5, 2013 5:44:15 PM UTC+5:30, Felix.Frank
wrote:
>
> Hi, 
>
> there''s a number of problems with your approach. Have you done any
> simple deployment tasks using puppet to get you started? I advise to get 
> very familiar with the basics before trying a more involved management 
> operation such as newrelic installation. 
>
> On 03/04/2013 08:22 AM, guptasach...@gmail.com <javascript:> wrote: 
> > I had installed puppet master and client on two different machines. 
> > machine A has puppet master and machine B has client. both are centos6
> > 64 bit machines. 
> > Machine B (client) is successfully connected to master (machine A). My
> > aim is to install New Relic agent (server monitorinig tool) on
different
> > clients. I had installed new relic agent on machine A and trying to 
> > build a module so that I can deploy new relic agent remotely to my 
> > clients. right now I have only one client but there can be n number of
> > clients. 
>
> This is fine so far. 
>
> > steps carried out on puppetmaster Machine A 
> > 
> > a) I had created a new module mcollective under /etc/puppet/modules 
> > directory. 
>
> Why is the module called mcollective? Should it not be called newrelic 
> instead? 
>
> >  under manifests, I had created a init.pp with the follwoing contents 
> > 
> > #Module: mcollective 
> > # 
> > # Class: mcollective 
> > # Description: 
> > # This class does it all. 
> > # 
> > # Files: 
> > # /etc/yum.repos.d/newrelic.repo 
> > # 
> > # 
> > class mcollective { 
> > $my_repo = ''newrelic_repo'' 
> >  if $my_repo { include "mcollective::${my_repo}" } 
> > $my_install = ''install'' 
> >  if $my_install { include "mcollective::${my_install}" } 
> > } 
>
> Putting the class names into variables does not strike me as really 
> benefitting. And it does break the KISS principle. 
>
> > class mcollective::newrelic_repo { 
> > file { ''/etc/yum.repos.d/newrelic.repo'': 
> >  owner => "root", 
> >  group => "root", 
> >  mode => 644, 
> >  source =>
''puppet:///modules/mcollective/newrelic.repo'',
> > } 
> > } 
>
> That''s all right. 
>
> > class mcollective::install { 
> > exec { ''Installing newrelic-repo'': 
> >  command => ''yum -y install newrelic-repo*'', 
> >  timeout => 600, 
> >  } 
> > } 
>
> With puppet, you should use exec as little as possible. Instead, try 
>
> package { "newrelic-sysmond": ensure => installed } 
>
> This won''t work until the repo has been created, so tell puppet
about
> the order: 
>
> package { "newrelic-sysmond": 
>   ensure => installed, 
>   require => Class["newrelic::repo"], 
> } 
>
> > b)  I had also copied newrelic.repo from
/etc/yum.repos.d/newrelic.repo
> > to /etc/puppet/modules/manifests 
>
> This won''t work. If you want to make a file available using file {
name:
> source => ... }, it needs to be put into an appropriate files tree, such
> as /etc/puppet/modules/newrelic/files/... 
>
> > c) under files diretcory, I had created sites.pp as 
>
> Now this one should be under manifests! 
>
> > import ''mcollective'' 
>
> Importing modules is deprecated. I advise to not even bother with the 
> import statement. 
>
> > node ''basenode'' { 
> > include mcollective 
> > include mcollective::newrelic_repo 
> > include mcollective::install 
> > } 
>
> That''s fine. 
>
> > node ''WA19487ORACLE01'' inherits basenode { 
> > license_key =>
''d15ff577e5f27e071fe9b2d6809b9f2950fe87d1'',
>
> !!! Please get a new license key. You just shared your key with the 
> internet. !!! 
>
> > } 
> > d)  here I have called module and passed the license_key for the node.
>
> No. No, you haven''t. 
>
> For one thing, the above is a syntax error. In a node block, there can 
> only be resource declarations such as 
>
> include newrelic 
> host { "localhost": ... } 
> file { "/etc/motd": ... } 
>
> etc. 
>
> I think what you are thinking of is a construct such as this: 
>
> node ''WA19487ORACLE01'' inherits basenode { 
>   class { "newrelic::install": 
>     license_key => "..."; 
>   } 
> } 
>
> > e) I had restarted my puppetmaster(machine A) and puppet (machine B). 
> > when I checked /varlog/messages/ of machine A and machine B, new
reliec
> > agent is not getting deployed on machine B (clinet). 
>
> When developing puppet manifest, use these commands on your client node: 
>
> puppet agent --test --noop 
>
> If the output is satisfactory, follow that up with 
>
> puppet agent --test 
>
> to make puppet apply the necessary changes. 
>
> > f)  my client is not able to retervie the catalog from puppet master.
it
> > throws following error  when i run puppet agent --test on clinet I am 
> > getting the result as 
> > [root@WA19487ORACLE01 ~]# puppet agent --test 
> > notice: Ignoring --listen on onetime run 
> > info: Retrieving plugin 
> > err: /File[/var/lib/puppet/lib]: Failed to generate additional
resources
> > using ''eval_generate'': hostname was not match with
the server
> certificate 
> > err: /File[/var/lib/puppet/lib]: Could not evaluate: hostname was not 
> > match with the server certificate Could not retrieve file metadata for
> > puppet://WA19487PUPPET01/plugins: hostname was not match with the
server
> > certificate 
> > err: Could not retrieve catalog from remote server: hostname was not 
> > match with the server certificate 
> > warning: Not using cache on failed catalog 
> > err: Could not retrieve catalog; skipping run 
> > Time: 
> >          Last run: 1362381429 
> > err: Could not send report: hostname was not match with the server 
> > certificate 
> > please post your suggestions to help me out. 
>
> What is in your /etc/puppet/puppet.conf on the client node? 
>
> What is your master node''s FQDN and what is the CN of its
certificate?
>
> Regards, 
> Felix 
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Hi,

this looks pretty good, although I cannot yet see how your module makes
use of the license key. Will probably need more work.

On 03/06/2013 11:05 AM, guptasachin1112mrt@gmail.com
wrote:
> err: /Stage[main]/Newrelic::Install/Package[newrelic-sysmond]/ensure:
> change from absent to present failed: Execution of ''/usr/bin/yum
-d 0 -e
> 0 -y install newrelic-sysmond'' returned 1: warning:
rpmts_HdrFromFdno:
> Header V3 DSA/SHA1 Signature, key ID 548c16bf: NOKEY
> 
> 
> GPG key retrieval failed: [Errno 14] Could not open/read
> file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NewRelic
As to the problem at hand, the newrelic_repo class should also make sure
that the repo key (GPG) from newrelic is imported to yum so it will
accept their packages.

Basically, you want to teach puppet to do all the steps outlined here:
https://newrelic.com/docs/server/server-monitor-installation-redhat-and-centos
...in the correct order. It can be tricky to get certain operations
right (especially, enable puppet to tell if they have been completed in
an earlier run).

Good luck!

Felix

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Thanks Frank for pointing abour the licence key.

I made few more changes in my  newrelic_repo file. i added
/etc/pki/rpm-gpg/RPM-GPG-KEY-NewRelic entry and
//etc/newrelic/nrsysmond.cfg which is present at master. now both these
files will be copied into my agent. now I dont have to pass the licence key
for new relic agent. when I run puppet agent --test on puppet client I am
getting this result
[root@WA19487ORACLE01 rpm-gpg]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb
info: Caching catalog for wa19487oracle01
info: Applying configuration version ''1362568453''
notice:
/Stage[main]/Newrelic::Newrelic_repo/File[/etc/newrelic/nrsysmond.cfg]/ensure:
defined content as ''{md5}0e5a51a23ae986ec7253c12902d66e92''
notice: /Stage[main]/Newrelic::Install/Package[newrelic-sysmond]/ensure:
created
notice: Finished catalog run in 6.58 seconds
New relic package is deployed on my puppet cleint machine successfully and
I am able to see agent nodes in new relic dashboard.

Once again thanks for your help..

Thanks
Sachin



On Wed, Mar 6, 2013 at 3:44 PM, Felix Frank
<felix.frank@alumni.tu-berlin.de
> wrote:
> Hi,
>
> this looks pretty good, although I cannot yet see how your module makes
> use of the license key. Will probably need more work.
>
> On 03/06/2013 11:05 AM, guptasachin1112mrt@gmail.com wrote:
> > err: /Stage[main]/Newrelic::Install/Package[newrelic-sysmond]/ensure:
> > change from absent to present failed: Execution of
''/usr/bin/yum -d 0 -e
> > 0 -y install newrelic-sysmond'' returned 1: warning:
rpmts_HdrFromFdno:
> > Header V3 DSA/SHA1 Signature, key ID 548c16bf: NOKEY
> >
> >
> > GPG key retrieval failed: [Errno 14] Could not open/read
> > file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NewRelic
>
> As to the problem at hand, the newrelic_repo class should also make sure
> that the repo key (GPG) from newrelic is imported to yum so it will
> accept their packages.
>
> Basically, you want to teach puppet to do all the steps outlined here:
>
>
https://newrelic.com/docs/server/server-monitor-installation-redhat-and-centos
> ...in the correct order. It can be tricky to get certain operations
> right (especially, enable puppet to tell if they have been completed in
> an earlier run).
>
> Good luck!
>
> Felix
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
>
https://groups.google.com/d/topic/puppet-users/TKlD60JvPzc/unsubscribe?hl=en
> .
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscribe@googlegroups.com.
>  To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.