Re: [Puppet Users] 'puppet agent -t'

[Martin Alfke]

Hi Matthias,

On Mar 26 2019, at 5:40 pm, Matthias Steffens  wrote:
> Hi!
>
> I'm trying to get a new certificate for my puppet agent and therefore I tried 
> to do an 'puppet agent -t' an I got the following:
>
> root@puppet-node:/etc/puppetlabs/puppet/ssl/certs# puppet agent -t
> Exiting; no certificate found and waitforcert is disabled
>
>
>

This message indicates, that the agent has created a certificate, has sent the 
CSR to the master and is now waiting for the master to sign the certificate.
Log in to your puppetmaster.
Check puppet and puppetserver version.
puppetserver --version
puppet --version

If you are running puppetserver 6:
puppetserver ca list
This should show you an waiting singing request.
sign with
puppetserver ca sign 
Usualy the certname is the fqdn of the agent.
If you run puppet 5: please upgrade.
I added a comment below covering your puppet.conf regarding reports 
configuration:
>
> I didn't understand this, because I thought I'm doing an signing request with 
> my 'puppet agent -t' !?
>
> My Configuration looks like this:
>
> Puppet-Master:
>
> - Installed PuppetDB:
> ---> Configuration-File for puppetdb: /etc/puppetlabs/puppet/puppetdb.conf:
>
> [main]
> server_urls = https://puppet-master.local:8081
>
>
> - Installed Puppetserver / Puppet:
> ---> Configuration-File for puppetdb: /etc/puppetlabs/puppet/puppet.conf:
>
> [main]
> server = puppet-master.local
> # This file can be used to override the default puppet settings.
> # See the following links for more details on what settings are available:
> # - https://puppet.com/docs/puppet/latest/config_important_settings.html
> # - https://puppet.com/docs/puppet/latest/config_about_settings.html
> # - https://puppet.com/docs/puppet/latest/config_file_main.html
> # - https://puppet.com/docs/puppet/latest/configuration.html
> [master]
> vardir = /opt/puppetlabs/server/data/puppetserver
> logdir = /var/log/puppetlabs/puppetserver
> rundir = /var/run/puppetlabs/puppetserver
> pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
> codedir = /etc/puppetlabs/code
> storeconfigs = true
> storeconfigs_backend = puppetdb
> reports = store,puppetdb
>
>
>

please don't use two locations to store reports.
puppetdb is the modern place where to store them.
Use a webfrontend to visualize the reports (Puppet Enterprise, The Foreman, 
Puppet Board).
store places reports into file system. Usually this is only growing and never 
cleaned up!
[...]
> Matthias
>
>
>

hth,
Martin

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/79AE5801-83A2-48BF-9E6C-0521D4720E5B%40getmailspring.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] 'puppet agent -t'

[Gabriel Filion]

Hi there,

On 2019-03-26 12:40 p.m., Matthias Steffens wrote:
> I'm trying to get a new certificate for my puppet agent and therefore I 
> tried to do an '*puppet agent -t*' an I got the following:
> 
> 
> *root@puppet-node:/etc/puppetlabs/puppet/ssl/certs# puppet agent -tExiting; 
> no certificate found and waitforcert is disabled*

When your agent didn't create a cert yet, you need to specify an
additional option that'll create the cert and wait for the master to
sign the certificate signing request:

puppet agent -t --waitforcert 10

the integer value to the argument is the number of seconds to wait for
each iteration (I think the number of iterations made before exiting is
limited).

for me 10s is usually a good value, but you can play with this to find
something that gives you the appropriate time to sign certs on the
master (e.g. you probably do want to verify that the client's
certificate fingerprint is what the puppetmaster knows).

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3d003378-818e-6465-f18a-5573f3d38daa%40lelutin.ca.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[Puppet Users] 'puppet agent -t'

[Matthias Steffens]

Hi! 

I'm trying to get a new certificate for my puppet agent and therefore I 
tried to do an '*puppet agent -t*' an I got the following:


*root@puppet-node:/etc/puppetlabs/puppet/ssl/certs# puppet agent -tExiting; 
no certificate found and waitforcert is disabled*

I didn't understand this, because I thought I'm doing an signing request 
with my '*puppet agent -t*' !?

My Configuration looks like this:

*Puppet-Master:*

- Installed PuppetDB: 
---> Configuration-File for puppetdb: /etc/puppetlabs/puppet/puppetdb.conf:


*[main]server_urls = https://puppet-master.local:8081*

- Installed Puppetserver / Puppet:
---> Configuration-File for puppetdb: /etc/puppetlabs/puppet/puppet.conf:

[main]
server = puppet-master.local
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
storeconfigs = true
storeconfigs_backend = puppetdb
reports = store,puppetdb

[user]
http_proxy="http://proxy..de:8080"
HTTP_PROXY="http://proxy..de:8080"
https_proxy="http://proxy..de:8080"


- Configuration-File 'routes.yaml':
---
master:
  facts:
terminus: puppetdb
cache: yaml

When I do an 'netstat -tulpn' I got the following:

root@puppet-master:/etc/puppetlabs/puppet# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address   Foreign Address 
State   PID/Program name
tcp0  0 0.0.0.0:22  0.0.0.0:*   
LISTEN  740/sshd
tcp0  0 127.0.0.1:5432  0.0.0.0:*   
LISTEN  4282/postgres
tcp6   0  0 :::8140 :::*
LISTEN  3653/java
tcp6   0  0 127.0.0.1:8080  :::*
LISTEN  3866/java
tcp6   0  0 :::8081 :::*
LISTEN  3866/java
tcp6   0  0 :::22   :::*
LISTEN  740/sshd
tcp6   0  0 ::1:5432:::*
LISTEN  4282/postgres
root@puppet-master:/etc/puppetlabs/puppet#


Can somone explain me why I've doent't get an Certificate on my Node?

Thanks for your help and reply,

Matthias

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53df7774-c9de-48a5-ae54-eceb7f55a5d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet.el.. where did it go?

[Peter Berghold]

After updating my Ubuntu laptop I noticed the Xenial package for Puppet no
longer included the puppet-el package.  Where did it go?  I relied on it to
keep my Puppet coding more or less compliant with standards... except for
that two space indentation thing...

-- 

Peter L. Berghold   salty.cowd...@gmail.com

http://devops.berghold.net

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAArvnv1h7xR%3Dcs0nktkSJjrL5ruHEzJXw2Tcb0Tw6%3DrLFT9jLg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Need help! Stuck on installing Azure client to agent

[banthita.lim via Puppet Users]

Hi! I've been trying to install Azure client to agent by using puppet 
following this 
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum?view=azure-cli-latest

Already installed on Master but stuck on installing to agent.

from the guideline above it has 3 parts
1. import Microsoft repository key by using command 
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

2. Create local azure-cli repository information.
Since Azure installed on master so I copy the local repo and move to 
specific path which is in 
*/modules/os_preparation/files/repolist/azure-cli.repo*


3. Install with Yum command
sudo yum install azure-cli

And here're my code

class os_preparation::azure_install {
 
 #Import the Microsoft repository key.
 yumrepo { 'azurerepo':
baseurl => 
'https://packages.microsoft.com/keys/microsoft.asc',
gpgcheck=>  0
 }

 file { 'azure-cli.repo in /etc/yum.repos.d/':
ensure  => 'file',
path=> '/etc/yum.repos.d/azure-cli.repo',
owner   => 'root',
group   => 'root',
mode=> '644',
source  => 
"puppet:///modules/os_preparation/files/repolist/azure-cli.repo",
require => Package['azurerepo']
}


exec { 'yumrepolist':
command => 'yum -y repolist',
path => '/etc/yum.repos.d/azure-cli.repo'
}


 #install azure client
 exec { 'install-azure':
 command => 'yum -y install azure-cli',
 path => '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:',
unless => 'az --help',
require => File['/etc/yum.repos.d/azure-cli.repo']
 }
}

ps. In part 1 not sure for azurerepo, It might be package or yumrepo ?

and errors from some puppet agent

[root@mtg8-dt-02 ~]# puppet agent -t
2019-03-26 16:26:58.215715 WARN puppetlabs.facter - locale environment 
variables were bad; continuing with LANG=C LC_ALL=C
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: 
Server Error: Could not find resource 'Package[azurerepo]' in parameter 
'require' (file: /etc/puppetlabs/code/environments/production/modules/
os_preparation/manifests/azure_install.pp, line: 17) on node mtg8-dt-02.tap.
true.th
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Any suggestions would be great, I really appreciate 
Thanks

-- 



*Important*
*Confidentiality:* This Information is intended for the 
above-named person and may contain confidential and/or legally privileged 
material. Any opinions expressed in this information are not necessarily 
those of the company. If it has come to you in error you must take no 
action based on it, nor must you copy or show it to anyone; please 
delete/destroy and inform the sender immediately.

*Monitoring/Viruses*

True Digital Group and subsidiaries reserves the right to monitor all 
incoming and outgoing emails via True Digital Group and subsidiaries's 
systems. Although we have security program to monitor and eliminate virus, 
we also advise that in keeping with good computing practice the recipient 
should ensure they are actually virus free.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b78a1fdd-695e-4790-b666-812afb49ba43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.