Hi Akila, I just noticed that everytime I run ./setup.sh in agent, /etc/hosts file is replaced/updated. That causes losing the puppetmaster entry in the file. Any idea why?
Thanks, Bhathiya On Tue, Feb 23, 2016 at 2:51 PM, Akila Ravihansa Perera <[email protected]> wrote: > Hi, > > Looks like Puppet agent cannot resolve the hostname set in puppet.conf. > Please check whether correct hostname is set in puppet.conf and that it is > resolvable via DNS or /etc/hosts file. > > Also make sure hostname is correctly set in Puppet master. Output of > `hostname` command should match the value in puppet.conf. > > Thanks. > > On Tue, Feb 23, 2016 at 2:10 PM, Bhathiya Jayasekara <[email protected]> > wrote: > >> The problem was I didn't have a directory for my APIM version in >> *hieradata/production/wso2/wso2am.* Thanks a lot Akila for helping me a >> lot offline. >> >> But unfortunately I'm still away from success. Now I'm getting below >> error. Any idea about the cause? >> >> root@apim-node-1:/opt# ./setup.sh >> ##################################################### >> Starting cleanup >> ##################################################### >> ##################################################### >> Setting up environment >> ##################################################### >> ##################################################### >> Installing >> ##################################################### >> Warning: Unable to fetch my node definition, but the agent run will >> continue: >> Warning: getaddrinfo: Name or service not known >> Info: Retrieving plugin >> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >> resources using 'eval_generate': getaddrinfo: Name or service not known >> Error: /File[/var/lib/puppet/lib]: Could not evaluate: getaddrinfo: Name >> or service not known Could not retrieve file metadata for >> puppet://puppet/plugins: getaddrinfo: Name or service not known >> Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/service_provider.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/package_provider.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb >> Error: Could not retrieve catalog from remote server: getaddrinfo: Name >> or service not known >> Warning: Not using cache on failed catalog >> Error: Could not retrieve catalog; skipping run >> Error: Could not send report: getaddrinfo: Name or service not known >> >> Thanks, >> Bhathiya >> >> On Tue, Feb 23, 2016 at 10:44 AM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> Hi all, >>> >>> Thanks for the replies. The problem was the hostname as Lahiru >>> mentioned. I didn't restart the VM after changing /etc/hostname before. >>> Just restarted the VM now and issue is solved. I think it's better to >>> update the doc if a restart is required after changing hostname. >>> >>> However I endedup in another error.. >>> >>> Error: Could not retrieve catalog from remote server: Error 400 on >>> SERVER: Could not find data item classes in any Hiera data file and no >>> default supplied at >>> /etc/puppet/environments/production/manifests/site.pp:21 on node >>> apim-node-1.openstacklocal >>> Warning: Not using cache on failed catalog >>> Error: Could not retrieve catalog; skipping run >>> >>> As mentioned in the doc, I have that site.pp in puppet master only. Do I >>> need to have it in agent too? >>> >>> Thanks, >>> Bhathiya >>> >>> >>> >>> On Tue, Feb 23, 2016 at 9:34 AM, Akila Ravihansa Perera < >>> [email protected]> wrote: >>> >>>> Hi Bhathiya, >>>> >>>> Please try the following steps; >>>> >>>> 1. Delete all certificates in Puppet master (rm -rf >>>> /var/lib/puppet/ssl/*) >>>> 2. Delete all certificates in Puppet agent (rm -rf >>>> /var/lib/puppet/ssl/*) >>>> You may use `puppet cert clean --all` command as well >>>> >>>> 3. Check puppet.conf in both Puppet agent and master >>>> Agent should point to master hostname >>>> server = puppet.example.com >>>> >>>> This hostname must resolve to corresponding IP address via DNS or hosts >>>> file mappings >>>> >>>> This hostname must be the Puppet master's system hostname. Or else it >>>> should be added as a property to puppet.conf in Puppet master instance >>>> >>>> dns_alt_names=puppet.example.com >>>> >>>> 4. Auto-signing should be enabled in puppet.conf in Puppet master. Or >>>> all the white-listed hostnames should be added to autosign.conf in Puppet >>>> master. >>>> autosign = true >>>> >>>> 5. Restart Puppet master service after modifying above config files. >>>> >>>> Thanks. >>>> >>>> On Tue, Feb 23, 2016 at 7:43 AM, Lahiru Sandaruwan <[email protected]> >>>> wrote: >>>> >>>>> Hi Bhathiya, >>>>> >>>>> Please check if the hostname(hostname command) is correctly set in >>>>> puppet master. Also, after the certificate clearance, remember to restart >>>>> puppet master. >>>>> >>>>> Thanks. >>>>> >>>>> On Tue, Feb 23, 2016 at 12:34 AM, Sajith Kariyawasam <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Bhathiya, >>>>>> >>>>>> Did you delete old certs in puppet master as explained in [1] ? From >>>>>> the commands you have listed, it seems you have deleted the certs in >>>>>> agent >>>>>> side only. >>>>>> [2] too provides some tips related to a similar issue. >>>>>> Also, if you are testing in an IaaS, please make sure all the >>>>>> necessary ports in puppet master instance are accessible from puppet >>>>>> agent >>>>>> instance. >>>>>> >>>>>> >>>>>> [1] >>>>>> http://serverfault.com/questions/515296/puppet-agent-certificate-verify-failure >>>>>> [2] >>>>>> http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat >>>>>> >>>>>> Thanks, >>>>>> Sajith >>>>>> >>>>>> On Tue, Feb 23, 2016 at 12:02 AM, Bhathiya Jayasekara < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Thanks for the prompt response Pubudu. I already tried that and got >>>>>>> below. >>>>>>> >>>>>>> root@apim-2:/opt# find /var/lib/puppet/ssl -name '*.pem' -exec rm >>>>>>> {} \; >>>>>>> root@apim-2:/opt# puppet agent -t >>>>>>> Info: Creating a new SSL key for apim-2.openstacklocal >>>>>>> Info: Caching certificate for ca >>>>>>> Info: csr_attributes file loading from >>>>>>> /etc/puppet/csr_attributes.yaml >>>>>>> Info: Creating a new SSL certificate request for >>>>>>> apim-2.openstacklocal >>>>>>> Info: Certificate Request fingerprint (SHA256): >>>>>>> 74:F4:B5:D3:39:02:0F:D7:6D:88:0C:06:4B:55:1C:08:7C:B8:C9:3E:91:0F:B1:C9:1B:07:DE:27:BB:D1:D5:55 >>>>>>> Info: Caching certificate for apim-2.openstacklocal >>>>>>> Info: Caching certificate_revocation_list for ca >>>>>>> Error: Could not request certificate: SSL_connect returned=1 errno=0 >>>>>>> state=SSLv3 read server certificate B: certificate verify failed: >>>>>>> [certificate revoked for /CN=apim-2.openstacklocal] >>>>>>> >>>>>>> Thanks, >>>>>>> Bhathiya >>>>>>> >>>>>>> On Mon, Feb 22, 2016 at 11:52 PM, Pubudu Gunatilaka < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Bhathiya, >>>>>>>> >>>>>>>> Could you please check with this [1] ? I think you are having Error >>>>>>>> 4. >>>>>>>> >>>>>>>> [1] - >>>>>>>> http://suhan-opensource.blogspot.com/2014/10/puppet-master-agent-communication-errors.html >>>>>>>> >>>>>>>> Thank you! >>>>>>>> >>>>>>>> On Mon, Feb 22, 2016 at 11:47 PM, Bhathiya Jayasekara < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> I followed all the steps in [1]. But at the end I'm getting below >>>>>>>>> cert error. Can someone please help me to understand what's wrong? >>>>>>>>> >>>>>>>>> root@apim-2:/opt# ./setup.sh >>>>>>>>> ##################################################### >>>>>>>>> Starting cleanup >>>>>>>>> ##################################################### >>>>>>>>> ##################################################### >>>>>>>>> Setting up environment >>>>>>>>> ##################################################### >>>>>>>>> ##################################################### >>>>>>>>> Installing >>>>>>>>> ##################################################### >>>>>>>>> Warning: Unable to fetch my node definition, but the agent run >>>>>>>>> will continue: >>>>>>>>> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >>>>>>>>> certificate B: certificate verify failed: [certificate revoked for >>>>>>>>> /CN=apim-2.openstacklocal] >>>>>>>>> Info: Retrieving plugin >>>>>>>>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >>>>>>>>> resources using 'eval_generate': SSL_connect returned=1 errno=0 >>>>>>>>> state=SSLv3 >>>>>>>>> read server certificate B: certificate verify failed: [certificate >>>>>>>>> revoked >>>>>>>>> for /CN=apim-2.openstacklocal] >>>>>>>>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >>>>>>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>>>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>>>>>>> Could >>>>>>>>> not retrieve file metadata for puppet://puppet/plugins: SSL_connect >>>>>>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>>>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>>>>>>> Error: Could not retrieve catalog from remote server: SSL_connect >>>>>>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>>>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>>>>>>> Warning: Not using cache on failed catalog >>>>>>>>> Error: Could not retrieve catalog; skipping run >>>>>>>>> Error: Could not send report: SSL_connect returned=1 errno=0 >>>>>>>>> state=SSLv3 read server certificate B: certificate verify failed: >>>>>>>>> [certificate revoked for /CN=apim-2.openstacklocal] >>>>>>>>> >>>>>>>>> [1] >>>>>>>>> https://github.com/wso2/puppet-modules/wiki/Use-WSO2-Puppet-Modules-in-puppet-master-agent-Environment >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Bhathiya Jayasekara* >>>>>>>>> *Senior Software Engineer,* >>>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>>>> >>>>>>>>> *Phone: +94715478185 <%2B94715478185>* >>>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>>>> <https://twitter.com/bhathiyax>* >>>>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Pubudu Gunatilaka* >>>>>>>> Committer and PMC Member - Apache Stratos >>>>>>>> Software Engineer >>>>>>>> WSO2, Inc.: http://wso2.com >>>>>>>> mobile : +94774079049 <%2B94772207163> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Bhathiya Jayasekara* >>>>>>> *Senior Software Engineer,* >>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>> >>>>>>> *Phone: +94715478185 <%2B94715478185>* >>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>> <https://twitter.com/bhathiyax>* >>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sajith Kariyawasam >>>>>> *Committer and PMC member, Apache Stratos, * >>>>>> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >>>>>> *Mobile: 0772269575 <0772269575>* >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> -- >>>>> Lahiru Sandaruwan >>>>> Committer and PMC member, Apache Stratos, >>>>> Senior Software Engineer, >>>>> WSO2 Inc., http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> phone: +94773325954 >>>>> email: [email protected] blog: http://lahiruwrites.blogspot.com/ >>>>> linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Akila Ravihansa Perera >>>> WSO2 Inc.; http://wso2.com/ >>>> >>>> Blog: http://ravihansa3000.blogspot.com >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Bhathiya Jayasekara* >>> *Senior Software Engineer,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <%2B94715478185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >> >> >> >> -- >> *Bhathiya Jayasekara* >> *Senior Software Engineer,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185 <%2B94715478185>* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> > > > > -- > Akila Ravihansa Perera > WSO2 Inc.; http://wso2.com/ > > Blog: http://ravihansa3000.blogspot.com > -- *Bhathiya Jayasekara* *Senior Software Engineer,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
