Completed and master/agent restarted. On Jul 31, 2012, at 11:41 AM, Shabir Ahmed <ahmed.sha...@gmail.com> wrote:
> ### edit auth.conf ### > > ##### > # Allow puppet kick access > path /run > method save > auth any > allow * > > ######## > > > ### edit puppet.conf on agent under agent section: > > listen = true > > > > > > > > > On Mon, Jul 30, 2012 at 9:19 PM, Stuart Cracraft <smcracr...@me.com> wrote: > > Here is the log from the puppet master after /etc/init.d/pe-puppet restart: > > # puppet kick --trace --host rhel.oc.cox.net --debug > Jul 30 21:03:25 rhel01 puppet-master[4266]: Starting Puppet master version > 2.7.12 (Puppet Enterprise 2.5.2) > Jul 30 21:03:25 rhel01 puppet-master[4266]: Denying access: Forbidden > request: rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net > [save] authenticated at line 53 > Jul 30 21:03:25 rhel01 puppet-master[4266]: Forbidden request: > rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net [save] > authenticated at line 53 > Jul 30 21:03:25 rhel01 puppet-master[4212]: Error 403 on SERVER: Forbidden > request: rhel01.oc.cox.net(10.0.1.6) access to /facts/rhel03.oc.cox.net > [save] authenticated at line 53 > Jul 30 21:03:25 rhel01 puppet-master[4266]: Report processor failed: > Connection refused - connect(2) > > On Jul 30, 2012, at 8:42 PM, Stuart Cracraft <smcracr...@me.com> wrote: > >> Unknown. >> >> And a "kick" from the master to the agent returns with "connection refused - >> connect(2)" >> despite the ports being set (8140, 61613) open on the puppet master firewall >> / iptables, >> and ssh/ping both operational bi-directionally. >> >> Any ideas puppeteers? >> >> --Stuart >> >> On Jul 30, 2012, at 3:17 PM, Gary Larizza <g...@puppetlabs.com> wrote: >> >>> >>> >>> On Mon, Jul 30, 2012 at 3:10 PM, Stuart Cracraft <smcracr...@me.com> wrote: >>> >>> On Jul 30, 2012, at 12:53 PM, Gary Larizza <g...@puppetlabs.com> wrote: >>> >>>> Hey Stuart, >>>> >>>> You might want to check out the pe-users list for Enterprise-specific >>>> questions (people here can/will answer too, but you might bet better >>>> results from the PE users on that list --> >>>> http://puppetlabs.com/services/customer-support/ and see the section on >>>> Joining the Puppet Enterprise Users list). >>>> >>> ++ Thanks - I've applied for membership. >>> >>>> Are you sure you're targeting the PE Master and not the original Open >>>> Source master? >>>> Does the output of `puppet agent --configprint server` match your Puppet >>>> Enterprise server address? >>> >>> It doesn't. >>> >>> ++ The master is reporting one fully qualified name, its own, but not its >>> alias puppet. >>> ++ The agent is reporting a different name, puppet. >>> ++ There is a skew. What is the best fix? >>> >>> Ahh, great. So, check out /etc/puppetlabs/puppet/puppet.conf and edit the >>> 'server' parameter to point to your Enterprise Master server's address. By >>> default the value set is 'puppet', but you can pass a different value to >>> the installer to change this value - I believe the 'q_puppetagent_server=' >>> question (if you generate an installer answers file). Does this help? >>> >>> >>> >>>> Did you make any changes to /etc/puppetlabs/puppet/auth.conf on the PE >>>> Master? >>> >>> >>> ++ No. It is unchanged. >>> >>>> >>>> >>>> >>>> On Sun, Jul 29, 2012 at 11:04 PM, Stuart Cracraft <smcracr...@me.com> >>>> wrote: >>>> No problem installing open puppet and using it. patterns run aok. >>>> >>>> when trying to use the installer for pe, on the puppetmaster, installs ok. >>>> >>>> when trying to use the installer for pe, on the puppet agent, installs ok >>>> but no cert sent as shown by puppet cert list on puppetmaster. >>>> >>>> also >>>> >>>> puppet agent --test >>>> >>>> on puppet agent shows >>>> >>>> err: could not retrieve catalog from remote server: >>>> error 400 on SERVER: Error 403 on SERVER: >>>> forbidden request puppemasters-fully-qualified-name.com access to /facts/ >>>> agent [save] authenticated at line 53 >>>> warning: not using cache on failed catalog >>>> error: could not retrieve catalog: skipping run >>>> >>>> Anyone knows what causes the above or how to proceed? >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Puppet Users" group. >>>> To post to this group, send email to puppet-users@googlegroups.com. >>>> To unsubscribe from this group, send email to >>>> puppet-users+unsubscr...@googlegroups.com. >>>> For more options, visit this group at >>>> http://groups.google.com/group/puppet-users?hl=en. >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Gary Larizza >>>> Professional Services Engineer >>>> Puppet Labs >>>> >>>> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San >>>> Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Puppet Users" group. >>>> To post to this group, send email to puppet-users@googlegroups.com. >>>> To unsubscribe from this group, send email to >>>> puppet-users+unsubscr...@googlegroups.com. >>>> For more options, visit this group at >>>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> >>> -- >>> >>> Gary Larizza >>> Professional Services Engineer >>> Puppet Labs >>> >>> Join us for PuppetConf 2012 at the Mission Bay Convention Center in San >>> Francisco, California on September 27th and 28th --> http://bit.ly/pcsig12 >>> >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
