Wouldn't it be bidirectional if the agent's firewall was off because GCE doesn't block outgoing traffic with its firewall?
From: [email protected] [mailto:[email protected]] On Behalf Of José Luis Ledesma Sent: 04 March 2014 13:11 To: [email protected] Subject: Re: [Puppet Users] GCE based puppet agent connection to master fails Hi, I think that 8140 should be bidirectional. Regards, El 04/03/2014 12:55, <[email protected]<mailto:[email protected]>> escribió: I know this is someone fairly obvious that I'm missing but I'm having trouble getting a puppet agent running on a google compute instance to talk to my puppet master Networking I have added a firewall rule to GCE to allow 8140 tcp from my puppet master to instances connected to the network where my agent resides. I have disabled firewalls on master and agent for testing. I can ping the master from agent by IP, FQDN and "puppet" I can ping the agent from master by IP & FQDN On master puppet cert list shows no certs outstanding running wireshark on master shows only icmp traffic from agent at the time of cert request On agent: [root@server]# puppet agent --server MYFQDNMASTER --waitforcert 60 --test Error: Could not request certificate: Connection timed out - connect(2) I installed puppet (agent) from puppetlabs RHEL repo and puppet --version reports 3.4.3 Puppet master is from foreman 1.4.1 and reports version as 2.7.23 for both master and agent service puppet status reports its running on the agent I edited /etc/puppet/puppet.conf on the agent to be [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server = FQDN of my puppet master report = true pluginsync = true certname = FQDN of agent -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:puppet-users%[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/85f85794-eb0e-407f-99ed-c17080ef2d69%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to a topic in the Google Groups "Puppet Users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/GaX5OZD8XTE/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3dfFw3YBzoQtqSinPQJcy1MoSufeGkqtPCPrz%3De5xEeM1A%40mail.gmail.com<https://groups.google.com/d/msgid/puppet-users/CAF_B3dfFw3YBzoQtqSinPQJcy1MoSufeGkqtPCPrz%3De5xEeM1A%40mail.gmail.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/36667CDCAAF70140AE7738BB93CA8C9605915F%40ExMbx1.ul.campus. For more options, visit https://groups.google.com/groups/opt_out.
