Ok guys, this was a tough nut to crack, but I think I figured it out. This problem only occurred on clients that lived within a certain security zone behind my firewall. When a client was on the same vlan as the puppetmaster, everything worked fine. As soon as I moved it into any one of a particular set of vlans (all within the same security zone on my firewall), I got this slowness problem. I spent most of my time trying to figure out why/how my firewall could be causing things to be slow rather than just denying the connections altogether. But I digress...
The root cause was that I did not have reverse dns records set up for any of these vlans. Using tcpdump, I was able to see that every time a client connects, the puppetmaster attempts a reverse dns lookup on the client's ip. I'm not exactly sure why yet, but dns lookups against nonexistent in-addr.arpa domains take *for-freaking-ever* on my network. Once I set up the reverse lookup zone and added the necessary ptr records, catalog runs were completing in a few seconds again. I hope someone out there benefits from this thread, because I was pulling my hair out over this problem! -- Michael Conigliaro Computer Analyst Fuss & O'Neill Technologies www.fandotech.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Paul Lathrop Sent: Monday, May 04, 2009 3:41 PM To: [email protected] Subject: [Puppet Users] Re: long catalog run times and random connection timeouts On Mon, May 4, 2009 at 7:55 AM, Michael Conigliaro <[email protected]> wrote: > > I'm actually not sure. How do I determine that? I just use the redhat > rpms from the epel repository, and I don't remember seeing an option for > that anywhere. If you aren't sure what you are using, you are using webrick. The problem you're running into is probably the scalability wall. How many clients are you running? Take a look at the http://reductivelabs.com/trac/puppet/wiki/PuppetScalability page. I have had great success with Mongrel+Nginx, but Passenger also looks promising. --Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
