Re: [Puppet Users] Getting started - yikes

2022-07-29 Thread Martin Alfke 
Hi Chris,

Please check the time synchronisation prior running the installer.
Also check the system requirements page: 
https://puppet.com/docs/pe/2019.8/system_requirements.html 

Especially 
https://puppet.com/docs/pe/2019.8/supported_operating_systems.html#supported_operating_systems
 

 which will list also required packages.

Hth,
Martin


> On 29. Jul 2022, at 06:00, ch...@freeranger.com  wrote:
> 
> I've been tasked to install puppet enterprise 2019.8.11 on centos 7.  We have 
> some licenses that I figure I can apply once puppet is installed.
> 
> I figured I could just fire up a centos 7 instance on AWS (derived from a 
> self hardened AMI) and install a puppet enterprise master.  What could go 
> wrong...  ;)
> 
> I proceeded to get things lined up and ran a wget of a centos 7 tar of 
> Enterprise - 2019.8.11 LTS.  Upzipped it, and in the folder which was created 
> ran:
> 
> ./puppet-enterprise-installer
> 
> Things seemed to go fine for a bit, then...
> in red:::
> Error: Failed to initialize SSL: The CRL issued by 'CN=Puppet Enterprise CA' 
> has expired, verify time is synchronized
> Error: Run `puppet agent -t`
> Error: 
> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/ssl_provider.rb:278:in 
> `raise_cert_verify_error'
> 
> The above errors seemed to crop up, in red, periodically during the install
> 
> More red:
> [Error]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[generate ca 
> cert]/returns: change from 'notrun' to ['0'] failed: 
> '/opt/puppetlabs/bin/puppetserver ca setup --certname tm.sys-f.ecm --ca-name 
> 'Puppet Enterprise CA generated at +2022-07-28 23:56:46 +' 
> --subject-alt-names 'puppet'' returned 1 instead of one of [0]
> 
> Then lots of yellow warnings:
> [Warning]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[generate node 
> cert]: Skipping because of failed dependencies
> [Warning]: /Stage[main]/Pe_install::Install::Ssldir/Exec[Set user/group of 
> /etc/puppetlabs/puppet/ssl contents to pe-puppet:pe-puppet]: Skipping because 
> of failed dependencies
> [Warning]:/Stage[main]/Puppet_enterprise::Profile::Database/File[/opt/puppetlabs/server/data/postgresql/11/data/certs/_local.cert.pem]:
>  Skipping because of failed dependencies
> [Warning]:/Stage[main]/Puppet_enterprise::Profile::Orchestrator/Pe_hocon_setting[orchestration-services.authorization.version]:
>  Skipping because of failed dependencies
> 
> The tons of warnings with references to "Skipping because of failed 
> dependencies"
> 
> I've obviously got some gaping hole in the dependencies.
> 
> Can anyone point me to what I missed in the instructions to provide the 
> config that provisions the dependencies.
> 
> Also, I've looked for prerequisites of applications that should be loaded 
> prior to install, like wget, or postgresql but haven't seen much of that 
> except in random sites.
> 
> Thanks in advance for any tips,
> Chris.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/e567b5e8-1395-4929-becb-4e38a24bf372n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/B4C3EF7C-F588-47E3-ADEB-860E8AAE06DF%40gmail.com.

Re: [Puppet Users] Getting started - yikes

2022-07-29 Thread ch...@freeranger.com 
Thank you, Martin,

I installed the specific package requirements
I checked NTP services; all good
I re-ran the install - still the same issues
I uninstalled with: /opt/puppetlabs/bin/puppet-enterprise-uninstaller
Reinstalled with: ./puppet-enterprise-installer

## Puppet Enterprise configuration complete!  - hooray!

Our hardened AMI had a pre-existing puppet agent so I think that might have 
been the source of some mismatch indicating an expired CA/time-sync issue.  
The uninstall might have removed the agent so the reinstall started more or 
less from a cleaner slate.

Now to get it set up and configured...

Again,  Thank you.
Chris.
On Friday, July 29, 2022 at 12:22:47 AM UTC-7 Martin Alfke wrote:

> Hi Chris,
>
> Please check the time synchronisation prior running the installer.
> Also check the system requirements page: 
> https://puppet.com/docs/pe/2019.8/system_requirements.html
> Especially 
> https://puppet.com/docs/pe/2019.8/supported_operating_systems.html#supported_operating_systems
>  which 
> will list also required packages.
>
> Hth,
> Martin
>
>
> On 29. Jul 2022, at 06:00, ch...@freeranger.com  
> wrote:
>
> I've been tasked to install puppet enterprise 2019.8.11 on centos 7.  We 
> have some licenses that I figure I can apply once puppet is installed.
>
> I figured I could just fire up a centos 7 instance on AWS (derived from a 
> self hardened AMI) and install a puppet enterprise master.  What could go 
> wrong...  ;)
>
> I proceeded to get things lined up and ran a wget of a centos 7 tar of 
> Enterprise - 2019.8.11 LTS.  Upzipped it, and in the folder which was 
> created ran:
>
> ./puppet-enterprise-installer
>
> Things seemed to go fine for a bit, then...
> in red:::
> Error: Failed to initialize SSL: The CRL issued by 'CN=Puppet Enterprise 
> CA' has expired, verify time is synchronized
> Error: Run `puppet agent -t`
> Error: 
> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/ssl_provider.rb:278:in 
> `raise_cert_verify_error'
>
> The above errors seemed to crop up, in red, periodically during the install
>
> More red:
> [Error]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[generate ca 
> cert]/returns: change from 'notrun' to ['0'] failed: 
> '/opt/puppetlabs/bin/puppetserver ca setup --certname tm.sys-f.ecm 
> --ca-name 'Puppet Enterprise CA generated at +2022-07-28 23:56:46 +' 
> --subject-alt-names 'puppet'' returned 1 instead of one of [0]
>
> Then lots of yellow warnings:
> [Warning]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[generate 
> node cert]: Skipping because of failed dependencies
> [Warning]: /Stage[main]/Pe_install::Install::Ssldir/Exec[Set user/group of 
> /etc/puppetlabs/puppet/ssl contents to pe-puppet:pe-puppet]: Skipping 
> because of failed dependencies
> [Warning]:/Stage[main]/Puppet_enterprise::Profile::Database/File[/opt/puppetlabs/server/data/postgresql/11/data/certs/_local.cert.pem]:
>  
> Skipping because of failed dependencies
> [Warning]:/Stage[main]/Puppet_enterprise::Profile::Orchestrator/Pe_hocon_setting[orchestration-services.authorization.version]:
>  
> Skipping because of failed dependencies
>
> The tons of warnings with references to "Skipping because of failed 
> dependencies"
>
> I've obviously got some gaping hole in the dependencies.
>
> Can anyone point me to what I missed in the instructions to provide the 
> config that provisions the dependencies.
>
> Also, I've looked for prerequisites of applications that should be loaded 
> prior to install, like wget, or postgresql but haven't seen much of that 
> except in random sites.
>
> Thanks in advance for any tips,
> Chris.
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/e567b5e8-1395-4929-becb-4e38a24bf372n%40googlegroups.com
>  
> 
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/09b4f8c8-20c7-481c-a27e-375911b1d609n%40googlegroups.com.