Indeed, I missed a firewall. Thanks for helping me. All sorted now On Tuesday, March 4, 2014 3:04:35 PM UTC, Jose Luis Ledesma wrote: > > So it means there is a firewall dropping the connection somewhere > El 04/03/2014 14:45, <[email protected] <javascript:>> escribió: > >> From agent to master I get "connection timed out" for port 8140 but for >> port 443 and 80 I get Escape character is '^]' >> >> From master to agent I get "connection refused" >> >> On Tuesday, March 4, 2014 1:24:37 PM UTC, Jose Luis Ledesma wrote: >>> >>> Good question >>> >>> Try a >>> Telnet puppet-master 8140 >>> >>> From the "agent" >>> El 04/03/2014 14:20, "Michael.OBrien" <[email protected]> escribió: >>> >>>> Wouldn’t it be bidirectional if the agent’s firewall was off because >>>> GCE doesn’t block outgoing traffic with its firewall? >>>> >>>> >>>> >>>> *From:* [email protected] [mailto:[email protected]] *On >>>> Behalf Of *José Luis Ledesma >>>> *Sent:* 04 March 2014 13:11 >>>> *To:* [email protected] >>>> *Subject:* Re: [Puppet Users] GCE based puppet agent connection to >>>> master fails >>>> >>>> >>>> >>>> Hi, >>>> >>>> I think that 8140 should be bidirectional. >>>> >>>> Regards, >>>> >>>> El 04/03/2014 12:55, <[email protected]> escribió: >>>> >>>> I know this is someone fairly obvious that I'm missing but I'm having >>>> trouble getting a puppet agent running on a google compute instance to >>>> talk >>>> to my puppet master >>>> >>>> *Networking* >>>> I have added a firewall rule to GCE to allow 8140 tcp from my puppet >>>> master to instances connected to the network where my agent resides. >>>> I have disabled firewalls on master and agent for testing. >>>> I can ping the master from agent by IP, FQDN and "puppet" >>>> I can ping the agent from master by IP & FQDN >>>> >>>> *On master * >>>> puppet cert list shows no certs outstanding >>>> running wireshark on master shows only icmp traffic from agent at the >>>> time of cert request >>>> >>>> *On agent:* >>>> [root@server]# puppet agent --server MYFQDNMASTER --waitforcert 60 >>>> --test >>>> Error: Could not request certificate: Connection timed out - connect(2) >>>> >>>> >>>> I installed puppet (agent) from puppetlabs RHEL repo and puppet >>>> --version reports 3.4.3 >>>> Puppet master is from foreman 1.4.1 and reports version as 2.7.23 for >>>> both master and agent >>>> service puppet status reports its running on the agent >>>> >>>> I edited /etc/puppet/puppet.conf on the agent to be >>>> >>>> [main] >>>> # The Puppet log directory. >>>> # The default value is '$vardir/log'. >>>> logdir = /var/log/puppet >>>> >>>> # Where Puppet PID files are kept. >>>> # The default value is '$vardir/run'. >>>> rundir = /var/run/puppet >>>> >>>> # Where SSL certificates are kept. >>>> # The default value is '$confdir/ssl'. >>>> ssldir = $vardir/ssl >>>> >>>> [agent] >>>> # The file in which puppetd stores a list of the classes >>>> # associated with the retrieved configuratiion. Can be loaded in >>>> # the separate ``puppet`` executable using the ``--loadclasses`` >>>> # option. >>>> # The default value is '$confdir/classes.txt'. >>>> classfile = $vardir/classes.txt >>>> >>>> # Where puppetd caches the local configuration. An >>>> # extension indicating the cache format is added automatically. >>>> # The default value is '$confdir/localconfig'. >>>> localconfig = $vardir/localconfig >>>> server = FQDN of my puppet master >>>> report = true >>>> pluginsync = true >>>> certname = FQDN of agent >>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/puppet-users/85f85794-eb0e-407f-99ed-c17080ef2d69% >>>> 40googlegroups.com. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Puppet Users" group. >>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>> topic/puppet-users/GaX5OZD8XTE/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/puppet-users/CAF_B3dfFw3YBzoQtqSinPQJcy1MoSufeG >>>> kqtPCPrz%3De5xEeM1A%40mail.gmail.com<https://groups.google.com/d/msgid/puppet-users/CAF_B3dfFw3YBzoQtqSinPQJcy1MoSufeGkqtPCPrz%3De5xEeM1A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/puppet-users/36667CDCAAF70140AE7738BB93CA8C >>>> 9605915F%40ExMbx1.ul.campus<https://groups.google.com/d/msgid/puppet-users/36667CDCAAF70140AE7738BB93CA8C9605915F%40ExMbx1.ul.campus?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/bcd0251f-2962-4d07-9a1e-e3f9f23dcf70%40googlegroups.com >> . >> For more options, visit https://groups.google.com/groups/opt_out. >> >
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c312970b-70e4-4d57-b4f9-c4a2901dcb72%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
