Re: [Puppet Users] puppetserver error "Service ':CaService' not found" when following puppet install guide
On Friday, September 9, 2016 at 7:25:48 AM UTC-7, Daniel Creed wrote: > > I have the same error, but even with the ca.cfg file. > > Assuming you are using Puppet Server 2.5.0 or 2.6.0, you might check to see that the "BOOTSTRAP_CONFIG" variable in your "/etc/sysconfig/puppetserver" or "/etc/default/puppetserver" file is set, as would be the default for a new package install, to: BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/services.d" The "/etc/puppetlabs/puppetserver/services.d/" directory will only be inspected for ".cfg" files if included in the value for the "BOOTSTRAP_CONFIG" variable. If this doesn't help you overcome the error, you might respond back with the contents of the "ca.cfg" file and confirm which version of Puppet Server you are using. > > On Sunday, August 28, 2016 at 7:36:45 PM UTC-5, Alex Xu wrote: >> >> Hey Matthaus, >> >> Thanks for the help. The problem is indeed missing ca.cfg. After I add a >> ca.cfg file in the link you provided, the issue is gone. Really appreciated! >> >> Thanks, >> AX >> >> >> On Saturday, August 27, 2016 at 12:45:33 AM UTC+8, Matthaus Litteken >> wrote: >>> >>> AX, >>> >>> In puppetserver 2.5.0 some changes went in with respect our >>> bootstrap.cfg config file. This change shouldn't affect fresh installs. It >>> looks as though you are >>> missing /etc/puppetlabs/puppetserver/services.d/ca.cfg, which adds the >>> CaService. ca.cfg should look like the following for a puppet-server >>> install that will also be a CA: >>> https://github.com/puppetlabs/puppetserver/blob/2.5.0/ezbake/config/services.d/ca.cfg >>> >>> Also, for more details with respect to the bootstrap.cfg changes in >>> 2.5.0, here are the docs: >>> - >>> https://docs.puppet.com/puppetserver/2.5/release_notes.html#potential-breaking-issues-when-upgrading-with-a-modified-bootstrapcfg >>> - https://docs.puppet.com/puppetserver/2.5/bootstrap_upgrade_notes.html >>> >>> Hope that helps, >>> Matthaus >>> >>> On Fri, Aug 26, 2016 at 5:45 AM, Alex Xuwrote: >>> Hi all, I was following puppet install guide for puppet 4.6 puppetserver 2.5. After I installed puppetserver and puppet-agent from puppetlabs-release-pc1-trusty.deb in a new Ubuntu 14.04 box. When I try running "puppet resource service puppetserver ensure=running", I got following error in /var/log/puppetlabs/puppetserver/puppetserver-daemon.log. Searched on google and there is nothing about CaService. Really appreciate any thoughts on this. Thanks, AX 20:20:10.470 [main] DEBUG puppetlabs.trapperkeeper.bootstrap - Loading bootstrap configs: /opt/puppetlabs/server/apps/puppetserver/config/services.d/bootstrap.cfg 20:20:12.653 [main] DEBUG org.eclipse.jetty.util.log - Logging to Logger[org.eclipse.jetty.util.log] via org.eclipse.jetty.util.log.Slf4jLog 20:20:12.658 [main] INFO org.eclipse.jetty.util.log - Logging initialized @14082ms 20:20:12.942 [main] INFO p.t.services.webserver.jetty9-core - Removing buggy security provider SunPKCS11-NSS version 1.7 20:20:17.010 [main] DEBUG puppetlabs.trapperkeeper.internal - Initializing lifecycle worker loop. 20:20:17.096 [main] ERROR puppetlabs.trapperkeeper.internal - Error during app buildup! java.lang.RuntimeException: Service ':CaService' not found at puppetlabs.trapperkeeper.internal$handle_prismatic_exception_BANG_.invoke(internal.clj:98) ~[na:na] at puppetlabs.trapperkeeper.internal$instantiate$fn__13793.invoke(internal.clj:139) ~[na:na] at puppetlabs.trapperkeeper.internal$instantiate.invoke(internal.clj:136) ~[na:na] at puppetlabs.trapperkeeper.internal$eval14328$build_app_STAR___14337$fn__14338.invoke(internal.clj:542) ~[na:na] at puppetlabs.trapperkeeper.internal$eval14328$build_app_STAR___14337.invoke(internal.clj:510) ~[na:na] at puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439$fn__14440$fn__14441.invoke(internal.clj:610) ~[na:na] at puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439$fn__14440.invoke(internal.clj:609) [na:na] at puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439.invoke(internal.clj:604) [na:na] at puppetlabs.trapperkeeper.core$eval15252$boot_with_cli_data__15259$fn__15260.invoke(core.clj:130) [na:na] at puppetlabs.trapperkeeper.core$eval15252$boot_with_cli_data__15259.invoke(core.clj:95) [na:na] at puppetlabs.trapperkeeper.core$eval15281$run__15286$fn__15287.invoke(core.clj:151) [na:na] at puppetlabs.trapperkeeper.core$eval15281$run__15286.invoke(core.clj:145) [na:na] at
Re: [Puppet Users] puppetserver error "Service ':CaService' not found" when following puppet install guide
I have the same error, but even with the ca.cfg file. On Sunday, August 28, 2016 at 7:36:45 PM UTC-5, Alex Xu wrote: > > Hey Matthaus, > > Thanks for the help. The problem is indeed missing ca.cfg. After I add a > ca.cfg file in the link you provided, the issue is gone. Really appreciated! > > Thanks, > AX > > > On Saturday, August 27, 2016 at 12:45:33 AM UTC+8, Matthaus Litteken wrote: >> >> AX, >> >> In puppetserver 2.5.0 some changes went in with respect our bootstrap.cfg >> config file. This change shouldn't affect fresh installs. It looks as >> though you are missing /etc/puppetlabs/puppetserver/services.d/ca.cfg, >> which adds the CaService. ca.cfg should look like the following for a >> puppet-server install that will also be a CA: >> https://github.com/puppetlabs/puppetserver/blob/2.5.0/ezbake/config/services.d/ca.cfg >> >> Also, for more details with respect to the bootstrap.cfg changes in >> 2.5.0, here are the docs: >> - >> https://docs.puppet.com/puppetserver/2.5/release_notes.html#potential-breaking-issues-when-upgrading-with-a-modified-bootstrapcfg >> - https://docs.puppet.com/puppetserver/2.5/bootstrap_upgrade_notes.html >> >> Hope that helps, >> Matthaus >> >> On Fri, Aug 26, 2016 at 5:45 AM, Alex Xuwrote: >> >>> Hi all, >>> >>> I was following puppet install guide for puppet 4.6 puppetserver 2.5. >>> After I installed puppetserver and puppet-agent >>> from puppetlabs-release-pc1-trusty.deb in a new Ubuntu 14.04 box. >>> >>> When I try running "puppet resource service puppetserver >>> ensure=running", I got following error >>> in /var/log/puppetlabs/puppetserver/puppetserver-daemon.log. >>> >>> Searched on google and there is nothing about CaService. Really >>> appreciate any thoughts on this. >>> >>> Thanks, >>> AX >>> >>> >>> 20:20:10.470 [main] DEBUG puppetlabs.trapperkeeper.bootstrap - Loading >>> bootstrap configs: >>> /opt/puppetlabs/server/apps/puppetserver/config/services.d/bootstrap.cfg >>> 20:20:12.653 [main] DEBUG org.eclipse.jetty.util.log - Logging to >>> Logger[org.eclipse.jetty.util.log] via org.eclipse.jetty.util.log.Slf4jLog >>> 20:20:12.658 [main] INFO org.eclipse.jetty.util.log - Logging >>> initialized @14082ms >>> 20:20:12.942 [main] INFO p.t.services.webserver.jetty9-core - Removing >>> buggy security provider SunPKCS11-NSS version 1.7 >>> 20:20:17.010 [main] DEBUG puppetlabs.trapperkeeper.internal - >>> Initializing lifecycle worker loop. >>> 20:20:17.096 [main] ERROR puppetlabs.trapperkeeper.internal - Error >>> during app buildup! >>> java.lang.RuntimeException: Service ':CaService' not found >>> at >>> puppetlabs.trapperkeeper.internal$handle_prismatic_exception_BANG_.invoke(internal.clj:98) >>> >>> ~[na:na] >>> at >>> puppetlabs.trapperkeeper.internal$instantiate$fn__13793.invoke(internal.clj:139) >>> >>> ~[na:na] >>> at >>> puppetlabs.trapperkeeper.internal$instantiate.invoke(internal.clj:136) >>> ~[na:na] >>> at >>> puppetlabs.trapperkeeper.internal$eval14328$build_app_STAR___14337$fn__14338.invoke(internal.clj:542) >>> >>> ~[na:na] >>> at >>> puppetlabs.trapperkeeper.internal$eval14328$build_app_STAR___14337.invoke(internal.clj:510) >>> >>> ~[na:na] >>> at >>> puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439$fn__14440$fn__14441.invoke(internal.clj:610) >>> >>> ~[na:na] >>> at >>> puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439$fn__14440.invoke(internal.clj:609) >>> >>> [na:na] >>> at >>> puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439.invoke(internal.clj:604) >>> >>> [na:na] >>> at >>> puppetlabs.trapperkeeper.core$eval15252$boot_with_cli_data__15259$fn__15260.invoke(core.clj:130) >>> >>> [na:na] >>> at >>> puppetlabs.trapperkeeper.core$eval15252$boot_with_cli_data__15259.invoke(core.clj:95) >>> >>> [na:na] >>> at >>> puppetlabs.trapperkeeper.core$eval15281$run__15286$fn__15287.invoke(core.clj:151) >>> >>> [na:na] >>> at >>> puppetlabs.trapperkeeper.core$eval15281$run__15286.invoke(core.clj:145) >>> [na:na] >>> at puppetlabs.trapperkeeper.core$main.doInvoke(core.clj:173) [na:na] >>> at clojure.lang.RestFn.invoke(RestFn.java:457) >>> [puppet-server-release.jar:na] >>> at clojure.lang.Var.invoke(Var.java:394) [puppet-server-release.jar:na] >>> at clojure.lang.AFn.applyToHelper(AFn.java:165) >>> [puppet-server-release.jar:na] >>> at clojure.lang.Var.applyTo(Var.java:700) [puppet-server-release.jar:na] >>> at clojure.core$apply.invoke(core.clj:630) >>> [puppet-server-release.jar:na] >>> at puppetlabs.trapperkeeper.main$_main.doInvoke(main.clj:7) >>> [puppet-server-release.jar:na] >>> at clojure.lang.RestFn.invoke(RestFn.java:457) >>> [puppet-server-release.jar:na] >>> at clojure.lang.Var.invoke(Var.java:394) [puppet-server-release.jar:na] >>> at clojure.lang.AFn.applyToHelper(AFn.java:165) >>> [puppet-server-release.jar:na] >>> at clojure.lang.Var.applyTo(Var.java:700)
Re: [Puppet Users] puppetserver error "Service ':CaService' not found" when following puppet install guide
Hey Matthaus, Thanks for the help. The problem is indeed missing ca.cfg. After I add a ca.cfg file in the link you provided, the issue is gone. Really appreciated! Thanks, AX On Saturday, August 27, 2016 at 12:45:33 AM UTC+8, Matthaus Litteken wrote: > > AX, > > In puppetserver 2.5.0 some changes went in with respect our bootstrap.cfg > config file. This change shouldn't affect fresh installs. It looks as > though you are missing /etc/puppetlabs/puppetserver/services.d/ca.cfg, > which adds the CaService. ca.cfg should look like the following for a > puppet-server install that will also be a CA: > https://github.com/puppetlabs/puppetserver/blob/2.5.0/ezbake/config/services.d/ca.cfg > > Also, for more details with respect to the bootstrap.cfg changes in 2.5.0, > here are the docs: > - > https://docs.puppet.com/puppetserver/2.5/release_notes.html#potential-breaking-issues-when-upgrading-with-a-modified-bootstrapcfg > - https://docs.puppet.com/puppetserver/2.5/bootstrap_upgrade_notes.html > > Hope that helps, > Matthaus > > On Fri, Aug 26, 2016 at 5:45 AM, Alex Xu> wrote: > >> Hi all, >> >> I was following puppet install guide for puppet 4.6 puppetserver 2.5. >> After I installed puppetserver and puppet-agent >> from puppetlabs-release-pc1-trusty.deb in a new Ubuntu 14.04 box. >> >> When I try running "puppet resource service puppetserver ensure=running", >> I got following error >> in /var/log/puppetlabs/puppetserver/puppetserver-daemon.log. >> >> Searched on google and there is nothing about CaService. Really >> appreciate any thoughts on this. >> >> Thanks, >> AX >> >> >> 20:20:10.470 [main] DEBUG puppetlabs.trapperkeeper.bootstrap - Loading >> bootstrap configs: >> /opt/puppetlabs/server/apps/puppetserver/config/services.d/bootstrap.cfg >> 20:20:12.653 [main] DEBUG org.eclipse.jetty.util.log - Logging to >> Logger[org.eclipse.jetty.util.log] via org.eclipse.jetty.util.log.Slf4jLog >> 20:20:12.658 [main] INFO org.eclipse.jetty.util.log - Logging >> initialized @14082ms >> 20:20:12.942 [main] INFO p.t.services.webserver.jetty9-core - Removing >> buggy security provider SunPKCS11-NSS version 1.7 >> 20:20:17.010 [main] DEBUG puppetlabs.trapperkeeper.internal - >> Initializing lifecycle worker loop. >> 20:20:17.096 [main] ERROR puppetlabs.trapperkeeper.internal - Error >> during app buildup! >> java.lang.RuntimeException: Service ':CaService' not found >> at >> puppetlabs.trapperkeeper.internal$handle_prismatic_exception_BANG_.invoke(internal.clj:98) >> >> ~[na:na] >> at >> puppetlabs.trapperkeeper.internal$instantiate$fn__13793.invoke(internal.clj:139) >> >> ~[na:na] >> at >> puppetlabs.trapperkeeper.internal$instantiate.invoke(internal.clj:136) >> ~[na:na] >> at >> puppetlabs.trapperkeeper.internal$eval14328$build_app_STAR___14337$fn__14338.invoke(internal.clj:542) >> >> ~[na:na] >> at >> puppetlabs.trapperkeeper.internal$eval14328$build_app_STAR___14337.invoke(internal.clj:510) >> >> ~[na:na] >> at >> puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439$fn__14440$fn__14441.invoke(internal.clj:610) >> >> ~[na:na] >> at >> puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439$fn__14440.invoke(internal.clj:609) >> >> [na:na] >> at >> puppetlabs.trapperkeeper.internal$eval14430$boot_services_STAR___14439.invoke(internal.clj:604) >> >> [na:na] >> at >> puppetlabs.trapperkeeper.core$eval15252$boot_with_cli_data__15259$fn__15260.invoke(core.clj:130) >> >> [na:na] >> at >> puppetlabs.trapperkeeper.core$eval15252$boot_with_cli_data__15259.invoke(core.clj:95) >> >> [na:na] >> at >> puppetlabs.trapperkeeper.core$eval15281$run__15286$fn__15287.invoke(core.clj:151) >> >> [na:na] >> at >> puppetlabs.trapperkeeper.core$eval15281$run__15286.invoke(core.clj:145) >> [na:na] >> at puppetlabs.trapperkeeper.core$main.doInvoke(core.clj:173) [na:na] >> at clojure.lang.RestFn.invoke(RestFn.java:457) >> [puppet-server-release.jar:na] >> at clojure.lang.Var.invoke(Var.java:394) [puppet-server-release.jar:na] >> at clojure.lang.AFn.applyToHelper(AFn.java:165) >> [puppet-server-release.jar:na] >> at clojure.lang.Var.applyTo(Var.java:700) [puppet-server-release.jar:na] >> at clojure.core$apply.invoke(core.clj:630) [puppet-server-release.jar:na] >> at puppetlabs.trapperkeeper.main$_main.doInvoke(main.clj:7) >> [puppet-server-release.jar:na] >> at clojure.lang.RestFn.invoke(RestFn.java:457) >> [puppet-server-release.jar:na] >> at clojure.lang.Var.invoke(Var.java:394) [puppet-server-release.jar:na] >> at clojure.lang.AFn.applyToHelper(AFn.java:165) >> [puppet-server-release.jar:na] >> at clojure.lang.Var.applyTo(Var.java:700) [puppet-server-release.jar:na] >> at clojure.core$apply.invoke(core.clj:630) [puppet-server-release.jar:na] >> at clojure.main$main_opt.invoke(main.clj:316) >> [puppet-server-release.jar:na] >> at clojure.main$main.doInvoke(main.clj:421) >>
Re: [Puppet Users] puppetserver error "Service ':CaService' not found" when following puppet install guide
AX, In puppetserver 2.5.0 some changes went in with respect our bootstrap.cfg config file. This change shouldn't affect fresh installs. It looks as though you are missing /etc/puppetlabs/puppetserver/services.d/ca.cfg, which adds the CaService. ca.cfg should look like the following for a puppet-server install that will also be a CA: https://github.com/puppetlabs/puppetserver/blob/2.5.0/ezbake/config/services.d/ca.cfg Also, for more details with respect to the bootstrap.cfg changes in 2.5.0, here are the docs: - https://docs.puppet.com/puppetserver/2.5/release_notes.html#potential-breaking-issues-when-upgrading-with-a-modified-bootstrapcfg - https://docs.puppet.com/puppetserver/2.5/bootstrap_upgrade_notes.html Hope that helps, Matthaus On Fri, Aug 26, 2016 at 5:45 AM, Alex Xuwrote: > Hi all, > > I was following puppet install guide for puppet 4.6 puppetserver 2.5. > After I installed puppetserver and puppet-agent from > puppetlabs-release-pc1-trusty.deb > in a new Ubuntu 14.04 box. > > When I try running "puppet resource service puppetserver ensure=running", > I got following error in /var/log/puppetlabs/puppetserver/puppetserver- > daemon.log. > > Searched on google and there is nothing about CaService. Really appreciate > any thoughts on this. > > Thanks, > AX > > > 20:20:10.470 [main] DEBUG puppetlabs.trapperkeeper.bootstrap - Loading > bootstrap configs: > /opt/puppetlabs/server/apps/puppetserver/config/services.d/bootstrap.cfg > 20:20:12.653 [main] DEBUG org.eclipse.jetty.util.log - Logging to > Logger[org.eclipse.jetty.util.log] via org.eclipse.jetty.util.log.Slf4jLog > 20:20:12.658 [main] INFO org.eclipse.jetty.util.log - Logging initialized > @14082ms > 20:20:12.942 [main] INFO p.t.services.webserver.jetty9-core - Removing > buggy security provider SunPKCS11-NSS version 1.7 > 20:20:17.010 [main] DEBUG puppetlabs.trapperkeeper.internal - > Initializing lifecycle worker loop. > 20:20:17.096 [main] ERROR puppetlabs.trapperkeeper.internal - Error > during app buildup! > java.lang.RuntimeException: Service ':CaService' not found > at puppetlabs.trapperkeeper.internal$handle_prismatic_ > exception_BANG_.invoke(internal.clj:98) ~[na:na] > at > puppetlabs.trapperkeeper.internal$instantiate$fn__13793.invoke(internal.clj:139) > ~[na:na] > at puppetlabs.trapperkeeper.internal$instantiate.invoke(internal.clj:136) > ~[na:na] > at puppetlabs.trapperkeeper.internal$eval14328$build_app_ > STAR___14337$fn__14338.invoke(internal.clj:542) ~[na:na] > at puppetlabs.trapperkeeper.internal$eval14328$build_app_ > STAR___14337.invoke(internal.clj:510) ~[na:na] > at puppetlabs.trapperkeeper.internal$eval14430$boot_ > services_STAR___14439$fn__14440$fn__14441.invoke(internal.clj:610) > ~[na:na] > at puppetlabs.trapperkeeper.internal$eval14430$boot_ > services_STAR___14439$fn__14440.invoke(internal.clj:609) [na:na] > at puppetlabs.trapperkeeper.internal$eval14430$boot_ > services_STAR___14439.invoke(internal.clj:604) [na:na] > at puppetlabs.trapperkeeper.core$eval15252$boot_with_cli_data__ > 15259$fn__15260.invoke(core.clj:130) [na:na] > at > puppetlabs.trapperkeeper.core$eval15252$boot_with_cli_data__15259.invoke(core.clj:95) > [na:na] > at > puppetlabs.trapperkeeper.core$eval15281$run__15286$fn__15287.invoke(core.clj:151) > [na:na] > at puppetlabs.trapperkeeper.core$eval15281$run__15286.invoke(core.clj:145) > [na:na] > at puppetlabs.trapperkeeper.core$main.doInvoke(core.clj:173) [na:na] > at clojure.lang.RestFn.invoke(RestFn.java:457) > [puppet-server-release.jar:na] > at clojure.lang.Var.invoke(Var.java:394) [puppet-server-release.jar:na] > at clojure.lang.AFn.applyToHelper(AFn.java:165) > [puppet-server-release.jar:na] > at clojure.lang.Var.applyTo(Var.java:700) [puppet-server-release.jar:na] > at clojure.core$apply.invoke(core.clj:630) [puppet-server-release.jar:na] > at puppetlabs.trapperkeeper.main$_main.doInvoke(main.clj:7) > [puppet-server-release.jar:na] > at clojure.lang.RestFn.invoke(RestFn.java:457) > [puppet-server-release.jar:na] > at clojure.lang.Var.invoke(Var.java:394) [puppet-server-release.jar:na] > at clojure.lang.AFn.applyToHelper(AFn.java:165) > [puppet-server-release.jar:na] > at clojure.lang.Var.applyTo(Var.java:700) [puppet-server-release.jar:na] > at clojure.core$apply.invoke(core.clj:630) [puppet-server-release.jar:na] > at clojure.main$main_opt.invoke(main.clj:316) > [puppet-server-release.jar:na] > at clojure.main$main.doInvoke(main.clj:421) > [puppet-server-release.jar:na] > at clojure.lang.RestFn.invoke(RestFn.java:512) > [puppet-server-release.jar:na] > at clojure.lang.Var.invoke(Var.java:409) [puppet-server-release.jar:na] > at clojure.lang.AFn.applyToHelper(AFn.java:178) > [puppet-server-release.jar:na] > at clojure.lang.Var.applyTo(Var.java:700) [puppet-server-release.jar:na] > at clojure.main.main(main.java:37) [puppet-server-release.jar:na] > 20:20:17.098 [main] DEBUG puppetlabs.trapperkeeper.core - Finished TK main >
Re: [Puppet Users] puppetserver error: no such file to load -- pg on node puppetmaster1
On 20 Sep 2015, at 18:00, Martin Alfkewrote: > > On 19 Sep 2015, at 21:14, rhpuppetu...@gmail.com wrote: > >> Thanks Martin for replying. By the way, i'm following your seminars on >> youtube and they are very helpful. The error still persists. >> >> I've tried this earlier but command failed with the following error. >> # puppetserver gem install pg --no-ri --no-rdoc >> Building native extensions. This could take a while... >> ERROR: Error installing pg: >>ERROR: Failed to build gem native extension. >> >> java -jar /usr/share/puppetserver/puppet-server-release.jar -r >> ./siteconf20150919-17955-hjabmk.rb extconf.rb >> >> Error(s) occured while parsing command-line arguments: Unknown option: "-r" >> >> <--- some options > >> >> extconf failed, uncaught signal 1 >> >> <--- some output 2 lines —> > > Seems to be a bug. > I can reproduce this error on Debian 7 with puppetserver 2.1.1 > > I have opened a ticket at PuppetLabs: > https://tickets.puppetlabs.com/browse/SERVER-905 I love PuppetLabs guys for their fast feedback and detailed descriptions: Quoting Chris: "I think this is probably expected behavior; Puppet Server runs JRuby, and JRuby doesn't support gems with native extensions. For most of the common gems that fall into this category, there is a suitable alternative that does work with JRuby. You can find general docs on this subject on the JRuby wiki, here: https://github.com/jruby/jruby/wiki/C-Extension-Alternatives It looks like, for pg, they're recommending the activerecord-jdbcpostgresql-adapter instead. Maybe that will be sufficient for your use case?" In your case: puppetserver works as expected. I will close the ticket with PL. > >> >> = >> >> >> On Friday, September 18, 2015 at 1:51:44 AM UTC-5, Martin Alfke wrote: >> >> On 18 Sep 2015, at 04:08, rhpupp...@gmail.com wrote: >> >>> Our puppet master used to run using apache passenger stack. We've recently >>> migrated from passenger to puppetserver. When i run puppet agent -vt on my >>> client, its showing the following error. >>> >>> Error 400 on server : could not autoload >>> puppet/parser/functions/get_location: no such file to load -- pg on node >>> puppetmaster1 >>> >>> puppet master --version : 3.7.5 >>> ruby --version : 1.8.7 patch level 374-2 >>> - >>> #cat puppet/parser/functions/get_location.rb >>> require 'rubygems' >>> require 'pg' >>> require ‘resolv' >> >> It seems as if you are missing the pg ruby gem within puppet server: >> sudo puppetserver gem install pg --no-ri --no-rdoc >> see: >> https://github.com/puppetlabs/puppet-server/blob/master/documentation/gems.markdown >> >> >> Best, >> Martin >> >>> >>> module Puppet::Parser::Funtions >>> >>> xx >>> - >>> >>> I would appreciate if someone help me fixing this issue. >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to puppet-users...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/e86265cf-cf4b-4b92-9657-64d5137adf59%40googlegroups.com. >>> >>> For more options, visit https://groups.google.com/d/optout. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/bba04c2b-a309-4219-8a40-d381a7554be7%40googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5B0F9E3D-E75B-42D2-9963-C8D9F2A59EB9%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppetserver error: no such file to load -- pg on node puppetmaster1
On 19 Sep 2015, at 21:14, rhpuppetu...@gmail.com wrote: > Thanks Martin for replying. By the way, i'm following your seminars on > youtube and they are very helpful. The error still persists. > > I've tried this earlier but command failed with the following error. > # puppetserver gem install pg --no-ri --no-rdoc > Building native extensions. This could take a while... > ERROR: Error installing pg: > ERROR: Failed to build gem native extension. > > java -jar /usr/share/puppetserver/puppet-server-release.jar -r > ./siteconf20150919-17955-hjabmk.rb extconf.rb > > Error(s) occured while parsing command-line arguments: Unknown option: "-r" > > <--- some options > > > extconf failed, uncaught signal 1 > > <--- some output 2 lines —> Seems to be a bug. I can reproduce this error on Debian 7 with puppetserver 2.1.1 I have opened a ticket at PuppetLabs: https://tickets.puppetlabs.com/browse/SERVER-905 > > = > > > On Friday, September 18, 2015 at 1:51:44 AM UTC-5, Martin Alfke wrote: > > On 18 Sep 2015, at 04:08, rhpupp...@gmail.com wrote: > > > Our puppet master used to run using apache passenger stack. We've recently > > migrated from passenger to puppetserver. When i run puppet agent -vt on my > > client, its showing the following error. > > > > Error 400 on server : could not autoload > > puppet/parser/functions/get_location: no such file to load -- pg on node > > puppetmaster1 > > > > puppet master --version : 3.7.5 > > ruby --version : 1.8.7 patch level 374-2 > > - > > #cat puppet/parser/functions/get_location.rb > > require 'rubygems' > > require 'pg' > > require ‘resolv' > > It seems as if you are missing the pg ruby gem within puppet server: > sudo puppetserver gem install pg --no-ri --no-rdoc > see: > https://github.com/puppetlabs/puppet-server/blob/master/documentation/gems.markdown > > > Best, > Martin > > > > > module Puppet::Parser::Funtions > > > > xx > > - > > > > I would appreciate if someone help me fixing this issue. > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to puppet-users...@googlegroups.com. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/puppet-users/e86265cf-cf4b-4b92-9657-64d5137adf59%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/bba04c2b-a309-4219-8a40-d381a7554be7%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1E5042ED-BE05-4892-92BC-5DBF33B60BB4%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppetserver error: no such file to load -- pg on node puppetmaster1
Thanks Martin for replying. By the way, i'm following your seminars on youtube and they are very helpful. The error still persists. I've tried this earlier but command failed with the following error. # puppetserver gem install pg --no-ri --no-rdoc Building native extensions. This could take a while... ERROR: Error installing pg: ERROR: Failed to build gem native extension. java -jar /usr/share/puppetserver/puppet-server-release.jar -r ./siteconf20150919-17955-hjabmk.rb extconf.rb Error(s) occured while parsing command-line arguments: Unknown option: "-r" <--- some options > extconf failed, uncaught signal 1 <--- some output 2 lines ---> = On Friday, September 18, 2015 at 1:51:44 AM UTC-5, Martin Alfke wrote: > > > On 18 Sep 2015, at 04:08, rhpupp...@gmail.com wrote: > > > Our puppet master used to run using apache passenger stack. We've > recently migrated from passenger to puppetserver. When i run puppet agent > -vt on my client, its showing the following error. > > > > Error 400 on server : could not autoload > puppet/parser/functions/get_location: no such file to load -- pg on node > puppetmaster1 > > > > puppet master --version : 3.7.5 > > ruby --version : 1.8.7 patch level 374-2 > > - > > #cat puppet/parser/functions/get_location.rb > > require 'rubygems' > > require 'pg' > > require ‘resolv' > > It seems as if you are missing the pg ruby gem within puppet server: > sudo puppetserver gem install pg --no-ri --no-rdoc > see: > https://github.com/puppetlabs/puppet-server/blob/master/documentation/gems.markdown > > > Best, > Martin > > > > > module Puppet::Parser::Funtions > > > > xx > > - > > > > I would appreciate if someone help me fixing this issue. > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users...@googlegroups.com . > > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/e86265cf-cf4b-4b92-9657-64d5137adf59%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bba04c2b-a309-4219-8a40-d381a7554be7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppetserver error: no such file to load -- pg on node puppetmaster1
On 18 Sep 2015, at 04:08, rhpuppetu...@gmail.com wrote: > Our puppet master used to run using apache passenger stack. We've recently > migrated from passenger to puppetserver. When i run puppet agent -vt on my > client, its showing the following error. > > Error 400 on server : could not autoload > puppet/parser/functions/get_location: no such file to load -- pg on node > puppetmaster1 > > puppet master --version : 3.7.5 > ruby --version : 1.8.7 patch level 374-2 > - > #cat puppet/parser/functions/get_location.rb > require 'rubygems' > require 'pg' > require ‘resolv' It seems as if you are missing the pg ruby gem within puppet server: sudo puppetserver gem install pg --no-ri --no-rdoc see: https://github.com/puppetlabs/puppet-server/blob/master/documentation/gems.markdown Best, Martin > > module Puppet::Parser::Funtions > > xx > - > > I would appreciate if someone help me fixing this issue. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/e86265cf-cf4b-4b92-9657-64d5137adf59%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ED4DBBFB-AC4E-4845-9032-4334A50CB318%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppetserver error
I have checked the time it is fine on both client and server, but still the error is occurring. On Fri, Dec 30, 2011 at 3:56 PM, Florian Koch florian.koch1...@googlemail.com wrote: Hi, Maybe a Time related Problem? Check the Time on both, Client and Server Am 30.12.2011 um 18:55 schrieb Mohammad Khan makhan...@gmail.com: I have done this already; however, client certificate verify failed is occurring now where I am stuck. On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell aaron.grew...@gmail.comwrote: You'll have to re-sign your node's cert using puppetca --sign hostname On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan makhan...@gmail.com wrote: I removed ssldir from clients and ran the puppetca --clean from the server. It ran fine finally. Now I am stuck on where client complains that 'certificate verify failed I dont know what to do now? On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell aaron.grew...@gmail.com wrote: Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan makhan...@gmail.com wrote: Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process.
Re: [Puppet Users] Puppetserver error
I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ puppet/manifests/site.pp:3 on node client1 Dec 27 14:25:46 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4 Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server Any Help will be greatly appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet- users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Mohammad -- Regards, Mohammad -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To
Re: [Puppet Users] Puppetserver error
I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.comwrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ puppet/manifests/site.pp:3 on node client1 Dec 27 14:25:46 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4 Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server Any Help will be greatly appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet- users+unsubscr...@googlegroups.com. For more options, visit this group at
Re: [Puppet Users] Puppetserver error
I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.comwrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.comwrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ puppet/manifests/site.pp:3 on node client1 Dec 27 14:25:46 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4 Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not
Re: [Puppet Users] Puppetserver error
Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.comwrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.comwrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.comwrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ puppet/manifests/site.pp:3 on node client1 Dec 27 14:25:46 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission
Re: [Puppet Users] Puppetserver error
Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan makhan...@gmail.com wrote: Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root 12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/
Re: [Puppet Users] Puppetserver error
I removed ssldir from clients and ran the puppetca --clean from the server. It ran fine finally. Now I am stuck on where client complains that 'certificate verify failed I dont know what to do now? On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell aaron.grew...@gmail.comwrote: Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan makhan...@gmail.com wrote: Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf
Re: [Puppet Users] Puppetserver error
You'll have to re-sign your node's cert using puppetca --sign hostname On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan makhan...@gmail.com wrote: I removed ssldir from clients and ran the puppetca --clean from the server. It ran fine finally. Now I am stuck on where client complains that 'certificate verify failed I dont know what to do now? On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell aaron.grew...@gmail.com wrote: Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan makhan...@gmail.com wrote: Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root 12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder
Re: [Puppet Users] Puppetserver error
I have done this already; however, client certificate verify failed is occurring now where I am stuck. On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell aaron.grew...@gmail.comwrote: You'll have to re-sign your node's cert using puppetca --sign hostname On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan makhan...@gmail.com wrote: I removed ssldir from clients and ran the puppetca --clean from the server. It ran fine finally. Now I am stuck on where client complains that 'certificate verify failed I dont know what to do now? On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell aaron.grew...@gmail.com wrote: Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan makhan...@gmail.com wrote: Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on
Re: [Puppet Users] Puppetserver error
Hi, Maybe a Time related Problem? Check the Time on both, Client and Server Am 30.12.2011 um 18:55 schrieb Mohammad Khan makhan...@gmail.com: I have done this already; however, client certificate verify failed is occurring now where I am stuck. On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell aaron.grew...@gmail.com wrote: You'll have to re-sign your node's cert using puppetca --sign hostname On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan makhan...@gmail.com wrote: I removed ssldir from clients and ran the puppetca --clean from the server. It ran fine finally. Now I am stuck on where client complains that 'certificate verify failed I dont know what to do now? On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell aaron.grew...@gmail.com wrote: Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan makhan...@gmail.com wrote: Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011