Re: [Puppet Users] 'puppet agent -t'
Hi Matthias, On Mar 26 2019, at 5:40 pm, Matthias Steffens wrote: > Hi! > > I'm trying to get a new certificate for my puppet agent and therefore I tried > to do an 'puppet agent -t' an I got the following: > > root@puppet-node:/etc/puppetlabs/puppet/ssl/certs# puppet agent -t > Exiting; no certificate found and waitforcert is disabled > > > This message indicates, that the agent has created a certificate, has sent the CSR to the master and is now waiting for the master to sign the certificate. Log in to your puppetmaster. Check puppet and puppetserver version. puppetserver --version puppet --version If you are running puppetserver 6: puppetserver ca list This should show you an waiting singing request. sign with puppetserver ca sign Usualy the certname is the fqdn of the agent. If you run puppet 5: please upgrade. I added a comment below covering your puppet.conf regarding reports configuration: > > I didn't understand this, because I thought I'm doing an signing request with > my 'puppet agent -t' !? > > My Configuration looks like this: > > Puppet-Master: > > - Installed PuppetDB: > ---> Configuration-File for puppetdb: /etc/puppetlabs/puppet/puppetdb.conf: > > [main] > server_urls = https://puppet-master.local:8081 > > > - Installed Puppetserver / Puppet: > ---> Configuration-File for puppetdb: /etc/puppetlabs/puppet/puppet.conf: > > [main] > server = puppet-master.local > # This file can be used to override the default puppet settings. > # See the following links for more details on what settings are available: > # - https://puppet.com/docs/puppet/latest/config_important_settings.html > # - https://puppet.com/docs/puppet/latest/config_about_settings.html > # - https://puppet.com/docs/puppet/latest/config_file_main.html > # - https://puppet.com/docs/puppet/latest/configuration.html > [master] > vardir = /opt/puppetlabs/server/data/puppetserver > logdir = /var/log/puppetlabs/puppetserver > rundir = /var/run/puppetlabs/puppetserver > pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid > codedir = /etc/puppetlabs/code > storeconfigs = true > storeconfigs_backend = puppetdb > reports = store,puppetdb > > > please don't use two locations to store reports. puppetdb is the modern place where to store them. Use a webfrontend to visualize the reports (Puppet Enterprise, The Foreman, Puppet Board). store places reports into file system. Usually this is only growing and never cleaned up! [...] > Matthias > > > hth, Martin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/79AE5801-83A2-48BF-9E6C-0521D4720E5B%40getmailspring.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] 'puppet agent -t'
Hi there, On 2019-03-26 12:40 p.m., Matthias Steffens wrote: > I'm trying to get a new certificate for my puppet agent and therefore I > tried to do an '*puppet agent -t*' an I got the following: > > > *root@puppet-node:/etc/puppetlabs/puppet/ssl/certs# puppet agent -tExiting; > no certificate found and waitforcert is disabled* When your agent didn't create a cert yet, you need to specify an additional option that'll create the cert and wait for the master to sign the certificate signing request: puppet agent -t --waitforcert 10 the integer value to the argument is the number of seconds to wait for each iteration (I think the number of iterations made before exiting is limited). for me 10s is usually a good value, but you can play with this to find something that gives you the appropriate time to sign certs on the master (e.g. you probably do want to verify that the client's certificate fingerprint is what the puppetmaster knows). -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3d003378-818e-6465-f18a-5573f3d38daa%40lelutin.ca. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[Puppet Users] 'puppet agent -t'
Hi! I'm trying to get a new certificate for my puppet agent and therefore I tried to do an '*puppet agent -t*' an I got the following: *root@puppet-node:/etc/puppetlabs/puppet/ssl/certs# puppet agent -tExiting; no certificate found and waitforcert is disabled* I didn't understand this, because I thought I'm doing an signing request with my '*puppet agent -t*' !? My Configuration looks like this: *Puppet-Master:* - Installed PuppetDB: ---> Configuration-File for puppetdb: /etc/puppetlabs/puppet/puppetdb.conf: *[main]server_urls = https://puppet-master.local:8081* - Installed Puppetserver / Puppet: ---> Configuration-File for puppetdb: /etc/puppetlabs/puppet/puppet.conf: [main] server = puppet-master.local # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html [master] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code storeconfigs = true storeconfigs_backend = puppetdb reports = store,puppetdb [user] http_proxy="http://proxy..de:8080" HTTP_PROXY="http://proxy..de:8080" https_proxy="http://proxy..de:8080" - Configuration-File 'routes.yaml': --- master: facts: terminus: puppetdb cache: yaml When I do an 'netstat -tulpn' I got the following: root@puppet-master:/etc/puppetlabs/puppet# netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 740/sshd tcp0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 4282/postgres tcp6 0 0 :::8140 :::* LISTEN 3653/java tcp6 0 0 127.0.0.1:8080 :::* LISTEN 3866/java tcp6 0 0 :::8081 :::* LISTEN 3866/java tcp6 0 0 :::22 :::* LISTEN 740/sshd tcp6 0 0 ::1:5432:::* LISTEN 4282/postgres root@puppet-master:/etc/puppetlabs/puppet# Can somone explain me why I've doent't get an Certificate on my Node? Thanks for your help and reply, Matthias -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53df7774-c9de-48a5-ae54-eceb7f55a5d4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet.el.. where did it go?
After updating my Ubuntu laptop I noticed the Xenial package for Puppet no longer included the puppet-el package. Where did it go? I relied on it to keep my Puppet coding more or less compliant with standards... except for that two space indentation thing... -- Peter L. Berghold salty.cowd...@gmail.com http://devops.berghold.net -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAArvnv1h7xR%3Dcs0nktkSJjrL5ruHEzJXw2Tcb0Tw6%3DrLFT9jLg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Need help! Stuck on installing Azure client to agent
Hi! I've been trying to install Azure client to agent by using puppet following this https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum?view=azure-cli-latest Already installed on Master but stuck on installing to agent. from the guideline above it has 3 parts 1. import Microsoft repository key by using command sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc 2. Create local azure-cli repository information. Since Azure installed on master so I copy the local repo and move to specific path which is in */modules/os_preparation/files/repolist/azure-cli.repo* 3. Install with Yum command sudo yum install azure-cli And here're my code class os_preparation::azure_install { #Import the Microsoft repository key. yumrepo { 'azurerepo': baseurl => 'https://packages.microsoft.com/keys/microsoft.asc', gpgcheck=> 0 } file { 'azure-cli.repo in /etc/yum.repos.d/': ensure => 'file', path=> '/etc/yum.repos.d/azure-cli.repo', owner => 'root', group => 'root', mode=> '644', source => "puppet:///modules/os_preparation/files/repolist/azure-cli.repo", require => Package['azurerepo'] } exec { 'yumrepolist': command => 'yum -y repolist', path => '/etc/yum.repos.d/azure-cli.repo' } #install azure client exec { 'install-azure': command => 'yum -y install azure-cli', path => '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:', unless => 'az --help', require => File['/etc/yum.repos.d/azure-cli.repo'] } } ps. In part 1 not sure for azurerepo, It might be package or yumrepo ? and errors from some puppet agent [root@mtg8-dt-02 ~]# puppet agent -t 2019-03-26 16:26:58.215715 WARN puppetlabs.facter - locale environment variables were bad; continuing with LANG=C LC_ALL=C Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Could not find resource 'Package[azurerepo]' in parameter 'require' (file: /etc/puppetlabs/code/environments/production/modules/ os_preparation/manifests/azure_install.pp, line: 17) on node mtg8-dt-02.tap. true.th Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Any suggestions would be great, I really appreciate Thanks -- *Important* *Confidentiality:* This Information is intended for the above-named person and may contain confidential and/or legally privileged material. Any opinions expressed in this information are not necessarily those of the company. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately. *Monitoring/Viruses* True Digital Group and subsidiaries reserves the right to monitor all incoming and outgoing emails via True Digital Group and subsidiaries's systems. Although we have security program to monitor and eliminate virus, we also advise that in keeping with good computing practice the recipient should ensure they are actually virus free. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b78a1fdd-695e-4790-b666-812afb49ba43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.