[Puppet Users] Puppet client is not applying changes
Hello all, Been at this problem I have for nearly a week now and it's driving crazy!!! I hope it's simply a case of someone with some fresh eyes taking a look and showing me the error of my ways. Before I continue with the Puppet deployment, for testing purposes, I just want to create a single user namely djc72uk on a single server. The server hostname is lhcadvdeveye05 and you can see below that it has successfully generated a certificate: # puppetserver ca list --all Signed Certificates: lhcadvdeveye05.x.com (SHA256) F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D puppet.xx.com (SHA256) 7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81 alt names: ["DNS:puppet", "DNS:puppet.xx.com"] I'm seeing the following output from the server when I run the agent: # puppet agent --no-daemonize --verbose --onetime Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Caching catalog for lhcadvdeveye05.xx.com Info: Applying configuration version '1569503223' Notice: Applied catalog in 0.24 seconds Looks all good here other than it's not applying the module I created namely accounts (see below within the puppet environment). *Puppet Server Environment:* # puppet config print confdir /etc/puppetlabs/puppet # ll /etc/puppetlabs/puppet total 48 drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./ drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../ -rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf -rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml -rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf # more /etc/puppetlabs/puppet/puppet.conf [master] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code environmentpath = $codedir/environments autosign = true # puppet config print codedir /etc/puppetlabs/code # puppet config print environmentpath /etc/puppetlabs/code/environments # puppet config print modulepath /etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules # puppet module list --tree /etc/puppetlabs/code/environments/production/modules └── accounts (???) /etc/puppetlabs/code/modules (no modules installed) /opt/puppetlabs/puppet/modules (no modules installed) # puppet config print manifest /etc/puppetlabs/code/environments/production/manifests # ls -lR /etc/puppetlabs/code /etc/puppetlabs/code: total 8 drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules /etc/puppetlabs/code/environments: total 4 drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production /etc/puppetlabs/code/environments/production: total 20 -rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf -rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules /etc/puppetlabs/code/environments/production/manifests: total 4 -rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp /etc/puppetlabs/code/environments/production/modules: total 4 drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts /etc/puppetlabs/code/environments/production/modules/accounts: total 12 drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests /etc/puppetlabs/code/environments/production/modules/accounts/manifests: total 8 -rw-r-. 1 root root 77 Sep 24 20:38 groups.pp -rw-r-. 1 root root 224 Sep 24 20:01 init.pp /etc/puppetlabs/code/modules: total 0 # more /etc/puppetlabs/code/environments/production/manifests/site.pp node 'default' { include accounts } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp class accounts { include accounts::groups user { 'djc72uk': ensure => present, home=> '/home/djc72uk', shell => '/bin/bash', managehome => true, gid => 'djc72uk', } } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp class accounts::groups { group { 'djc72uk': ensure => present, } } Nothing complaining here: # puppet parser validate /etc/puppetlabs/code/environments/production/manifests/site.pp # puppet parser validate /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp # puppet parser validate /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp My gut feel is that the site.pp file is in the wrong place and therefore not being read however, based on the above environment details, I'm struggling to see how that's possible. Any help will be appreciated here. Many Thanks, Dan. -- You received this message because you are subscribed to the Google Groups
[Puppet Users] Puppet client is not applying changes
Hello all, Been at this problem I have for nearly a week now and it's driving crazy!!! I hope it's simply a case of someone with some fresh eyes taking a look and showing me the error of my ways. Before I continue with the Puppet deployment, for testing purposes, I just want to create a single user namely djc72uk on a single server. The server hostname is lhcadvdeveye05 and you can see below that it has successfully generated a certificate: # puppetserver ca list --all Signed Certificates: lhcadvdeveye05.x.com (SHA256) F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D puppet.xx.com (SHA256) 7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81 alt names: ["DNS:puppet", "DNS:puppet.xx.com"] I'm seeing the following output from the servers when I run the agent: # puppet agent --no-daemonize --verbose --onetime Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Caching catalog for lhcadvdeveye05.xx.com Info: Applying configuration version '1569503223' Notice: Applied catalog in 0.24 seconds Looks all good here other than it's not applying the module I created namely accounts (see below within the puppet environment). Puppet Server Environment: # puppet config print confdir /etc/puppetlabs/puppet # ll /etc/puppetlabs/puppet total 48 drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./ drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../ -rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf -rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml -rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf # more /etc/puppetlabs/puppet/puppet.conf [master] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code environmentpath = $codedir/environments autosign = true # puppet config print codedir /etc/puppetlabs/code # puppet config print environmentpath /etc/puppetlabs/code/environments # puppet config print modulepath /etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules # puppet module list --tree /etc/puppetlabs/code/environments/production/modules └── accounts (???) /etc/puppetlabs/code/modules (no modules installed) /opt/puppetlabs/puppet/modules (no modules installed) # puppet config print manifest /etc/puppetlabs/code/environments/production/manifests # ls -lR /etc/puppetlabs/code /etc/puppetlabs/code: total 8 drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules /etc/puppetlabs/code/environments: total 4 drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production /etc/puppetlabs/code/environments/production: total 20 -rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf -rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules /etc/puppetlabs/code/environments/production/manifests: total 4 -rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp /etc/puppetlabs/code/environments/production/modules: total 4 drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts /etc/puppetlabs/code/environments/production/modules/accounts: total 12 drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests /etc/puppetlabs/code/environments/production/modules/accounts/manifests: total 8 -rw-r-. 1 root root 77 Sep 24 20:38 groups.pp -rw-r-. 1 root root 224 Sep 24 20:01 init.pp /etc/puppetlabs/code/modules: total 0 # more /etc/puppetlabs/code/environments/production/manifests/site.pp node 'default' { include accounts } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp class accounts { include accounts::groups user { 'djc72uk': ensure => present, home=> '/home/djc72uk', shell => '/bin/bash', managehome => true, gid => 'djc72uk', } } # more /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp class accounts::groups { group { 'djc72uk': ensure => present, } } Nothing complaining here: # puppet parser validate /etc/puppetlabs/code/environments/production/manifests/site.pp # puppet parser validate /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp # puppet parser validate /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp My gut feel is that the site.pp file is in the wrong place and therefore not being read however, based on the above environment details, I'm struggling to see how that's possible. Any help will be appreciated here. Many Thanks, Dan.Hello all, Been at this problem I have for nearly a week now and it's driving
[Puppet Users] puppet client certificates being revoked without human intervention
Hi, I've googled this and found a couple of people asking questions about what seems to be a similar issue a few years ago but no solutions. The problem: Some puppet clients will check in with the master and get: "SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked" No human being as explicitly revoked the cert as far as we know. Bash history doesn't show any revocation. The cert is not expired. Private key modulus of and certificate modulus match. This started happening a couple of weeks ago and only to some clients. Context: We have a janky dual-master setup and are running puppet version 3.4.3 on the masters. It's janky because what's being done is that one master runs haproxy to redirect 60% of requests to another machine. That machine rsyncs /var/lib/puppet (and uses the same certificate as the other). The clients that are apparently revoked are running version 3.7.2, but we have other clients running 3.7.2 that haven't had this issue. "puppet cert list --all" shows the certs as revoked (with the correct fingerprint) but those certs serial numbers do not appear in the certificate revocation list on the masters. I'd appreciate any ideas or help in getting to the bottom of this. The problem is easy enough to fix by regenerating the certs but that doesn't tell us why this is happening in the first place and won't prevent it from happening in the future. Happy to give more detail as needed. Thanks in advance! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b8163293-303b-4dc8-8353-1fb4383373e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet Client on German Windows, Service fail and manual run OK
Hello, i search very long for a solution and now i have a solution for this problem. The installed puppet agent not run on german Windows systems as Windows service. I found a solution for the timezone value. If i fix this, i can call puppet manualy and it is successful. The service fail. After many tests i found the problem and i write this here if other user have the same problem and search for a solution. OS: Windows 7/8/2003/2008/2012 GERMAN Puppet-Client 3.7.1 / 3.7.2 / 3.7.3 / 3.7.4 / 3.7.5 Puppet-Server: 3.7.5 with Foreman 1.5/1.6/1.7 Here is the errormessage from the Puppet-Server and Puppet-Client: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node r1000-pc: Failed to find DOMAIN\PC-NAME via exec: Execution of '/etc/puppet/node.rb DOMAIN\PC-NAME' returned 1: The Solution: remove all umlauts from Puppet Facts 1. problematic fact: C:\Program Files\Puppet Labs\Puppet\facter\lib\facter\Timezone.rb Value=Mitteleurop*ä*ische Zeit NEW Code: Facter.add(timezone) do setcode do Mitteleuropaeische Zeit end 2. problematic fact: C:\Program Files\Puppet Labs\Puppet\facter\lib\facter\id.rb Value=nt-autorit*ä*t\system (if you run the Service as SYSTEM-User) You can run the service as a other User without umlauts in the name or rename the variable in the rb-file or delete the file if you not use the fact. Check the facts from the SYSTEM-USER: Download the PsExec-Tolls from systernals Open CMD and navigate to the PSEXEC file. Start a CMD as SYSTEM-USER with this command: PSEXEC -i -s -d CMD in this SYSTEM-CMD window you can enter facter and look at the values. If you see a value with umlauts you must do something with this. end -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ff9c4b75-7928-496a-aba3-a47b6e191220%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet client server - couldnt able to verify certificate
We tried to setup puppet client-server architecture setup by installing puppet-server (through Yum repository) in puppet master and puppet (through Yum repository) in another server (client) machine. During this client is trying to receive the signed certificate from puppet-master server it failed with following error: Puppet master: [root@puppet-master ~]# puppetca --list puppet-client1 (BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD) [root@puppet-master ~]# puppetca --sign puppet-client1 notice: Signed certificate request for puppet-client1 notice: Removing file Puppet::SSL::CertificateRequest puppet-client1 at '/var/lib/puppet/ssl/ca/requests/puppet-client1.pem' Puppet Client: [root@puppet-client1 ~]# puppet agent --verbose --logdest console --no-daemonize --server=puppet-master info: Creating a new SSL key for puppet-client1 info: Caching certificate for ca info: Creating a new SSL certificate request for puppet-client1 info: Certificate Request fingerprint (md5): BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD notice: Did not receive certificate info: Caching certificate for puppet-client1 notice: Starting Puppet client version 2.7.23 err: Could not retrieve catalog from remote server: SSL*connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppet-master] * *notice: Using cached catalog * *err: Could not retrieve catalog; skipping run err: Could not send report: SSL*connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppet-master] Rgrds, Ram. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/726017a6-1cda-4cd8-ac4a-d06a16cb60f2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet client server - couldnt able to verify certificate
I think there is some misunderstood here. First launch the agent, it will generate a certificate for it. Then you should sign it in the master. It seems that you did generate one in the master and sign it, and expected to be received by the client, but the certificate should be generated in the client and be signed by then master. Regards, El 05/05/2014 14:59, Ramkumar Nagaraj ram2va...@gmail.com escribió: We tried to setup puppet client-server architecture setup by installing puppet-server (through Yum repository) in puppet master and puppet (through Yum repository) in another server (client) machine. During this client is trying to receive the signed certificate from puppet-master server it failed with following error: Puppet master: [root@puppet-master ~]# puppetca --list puppet-client1 (BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD) [root@puppet-master ~]# puppetca --sign puppet-client1 notice: Signed certificate request for puppet-client1 notice: Removing file Puppet::SSL::CertificateRequest puppet-client1 at '/var/lib/puppet/ssl/ca/requests/puppet-client1.pem' Puppet Client: [root@puppet-client1 ~]# puppet agent --verbose --logdest console --no-daemonize --server=puppet-master info: Creating a new SSL key for puppet-client1 info: Caching certificate for ca info: Creating a new SSL certificate request for puppet-client1 info: Certificate Request fingerprint (md5): BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD notice: Did not receive certificate info: Caching certificate for puppet-client1 notice: Starting Puppet client version 2.7.23 err: Could not retrieve catalog from remote server: SSL*connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppet-master] * *notice: Using cached catalog * *err: Could not retrieve catalog; skipping run err: Could not send report: SSL*connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppet-master] Rgrds, Ram. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/726017a6-1cda-4cd8-ac4a-d06a16cb60f2%40googlegroups.comhttps://groups.google.com/d/msgid/puppet-users/726017a6-1cda-4cd8-ac4a-d06a16cb60f2%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3df%2BP6wZFZVt8wyDz8t0oYAevJzx_OccAEqsGfjQ87Se0w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet Client Reports file not found on Server
Ive had a series of issues with a specfic node. Node is running puppet 3.0.2. During a puppet run the client reports: Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: No such file or directory - /var/lib/puppet/yaml/node/{nodename}.yaml20140501-4910-10zh5o0.lock I check the server and this servers node.pp went missing so I recreated it. client still shows that this lock file is missing. I confirmed that the lock file is indeed missing. Unsure why the configuration for this node went AWOL from server. How should I fix this? Need to get node back under management. Rance -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0f9e6833-54f8-4bdd-a812-6ebf97470fe6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet client removing yum / rpm cache?
Howdy folks, I've got some weird behavior from one of my puppet clients (actually the client running on the puppet master), where running the agent somehow destroys either the yum cache or the rpm db. Directly after running the agent I get the following message from yum (without modifying yum.conf or any of the .repo files in /etc/yum.repos.d/): # yum list installed YumRepo Error: All mirror URLs are not using ftp, http[s] or file. Eg. $releasever is not a valid release or hasnt been released yet/ removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/$releasever/base/mirrorlist.txt Error: Cannot find a valid baseurl for repo: base Prior to running the puppet agent, yum was working perfectly. I was able to fix the above problem by reinstalling the centos-release package, but even after doing so a 'yum list installed' and 'rpm -qa' listed the centos-release package as *the only package installed* (clearly others were installed but the db probably got corrupted). Restart the puppet agent, and the error with $releasever resumed, and centos-release was shown as not installed by both yum and rpm. Looking through the puppet agent log (/var/log/puppet/puppet.log), I only found this in the startup procedure: Thu Feb 20 14:26:50 -0800 2014 Puppet (notice): Caught TERM; calling stop Thu Feb 20 14:26:51 -0800 2014 Puppet (notice): Reopening log files Thu Feb 20 14:26:51 -0800 2014 Puppet (notice): Starting Puppet client version 3.4.2 Thu Feb 20 14:26:52 -0800 2014 /File[/var/lib/rpm]/ensure (notice): removed Thu Feb 20 14:26:52 -0800 2014 /File[/var/lib/yum]/ensure (notice): removed Thu Feb 20 14:26:55 -0800 2014 Puppet (err): Could not prefetch package provider 'yum': Execution of '/usr/bin/python /usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py' returned 1: Loaded plugins: fastestmirror So it looks like directly after the client starts, it removes(?) /var/lib/rpm and /var/lib/yum and then yum stops working again (with the same $releasever) error. The odd thing is that we have several other nodes that are having the exact same modules applied and experiencing zero issues, so something odd is going on with this particular node (which is also the master). Anyone experience anything like this or have any ideas what could be causing the puppet runs to basically destroy the yumdb? TIA, Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bf8612f3-7c80-4587-b5dc-d4321a3f9840%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
On Wednesday, January 29, 2014 12:41:06 AM UTC-7, Rob Reynolds wrote: Josh, I'm glad we were able to get you going. However it is slightly troubling to see that the service flips to automatic after running puppet agent. Also are you overriding the user the agent installed as to a non-administrative user? No, we left the default settings when installing (local system account). We were going to attempt setting the username as a last resort, but couldn't find any documentation on how to change the password post installation. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/69339996-a428-41cb-bbfd-ebb1360fd680%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
Post installation you would change it like with other services on windows (services.msc, find the service, open properties and change user/password). On Wed, Jan 29, 2014 at 11:21 AM, Josh D joshuadavid...@gmail.com wrote: On Wednesday, January 29, 2014 12:41:06 AM UTC-7, Rob Reynolds wrote: Josh, I'm glad we were able to get you going. However it is slightly troubling to see that the service flips to automatic after running puppet agent. Also are you overriding the user the agent installed as to a non-administrative user? No, we left the default settings when installing (local system account). We were going to attempt setting the username as a last resort, but couldn't find any documentation on how to change the password post installation. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/69339996-a428-41cb-bbfd-ebb1360fd680%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco - http://bit.ly/pupconf14 Register now and save 40%! Offer expires January 31st. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK4RYP3qKuWtTnmku7H2dkpYE2iqBVJ31Vb-Jgkk-FSkUA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
On Monday, January 27, 2014 4:15:12 PM UTC-7, Rob Reynolds wrote: You should be able to take ownership of the directory you cannot delete as an administrator. Once you have done that you should be able to move forward with deleting those. I think the prior install attempts might have botched something and that directory is not removed. Ok, have some good news to report. First, uninstalling and blowing away C:\ProgramData\PuppetLabs resulted in the original error when performing a clean uninstall. However, we did find one combination that worked. #1. Uninstall and ensure C:\ProgramData is absent #2. Install with PUPPET_AGENT_STARTUP_MODE=Manual #3. Following installation and *BEFORE* attempting to run puppet agent service, run puppet agent as admin. By running puppet agent not only did it run to completion unlike past attempts following a failed start of the service, it also mysteriously changed the puppet agent startup mode to automatic and now the puppet service works. In the past when we followed steps #1 and #2 and attempted to start the service following installation, the service failed to start and broke the client due to permissions. By running the client before the service, everything is fine and dandy. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bafcdc5d-68b3-4bd1-9236-3d51398fda94%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
Josh, I'm glad we were able to get you going. However it is slightly troubling to see that the service flips to automatic after running puppet agent. Also are you overriding the user the agent installed as to a non-administrative user? On Tue, Jan 28, 2014 at 3:24 PM, Josh D joshuadavid...@gmail.com wrote: On Monday, January 27, 2014 4:15:12 PM UTC-7, Rob Reynolds wrote: You should be able to take ownership of the directory you cannot delete as an administrator. Once you have done that you should be able to move forward with deleting those. I think the prior install attempts might have botched something and that directory is not removed. Ok, have some good news to report. First, uninstalling and blowing away C:\ProgramData\PuppetLabs resulted in the original error when performing a clean uninstall. However, we did find one combination that worked. #1. Uninstall and ensure C:\ProgramData is absent #2. Install with PUPPET_AGENT_STARTUP_MODE=Manual #3. Following installation and *BEFORE* attempting to run puppet agent service, run puppet agent as admin. By running puppet agent not only did it run to completion unlike past attempts following a failed start of the service, it also mysteriously changed the puppet agent startup mode to automatic and now the puppet service works. In the past when we followed steps #1 and #2 and attempted to start the service following installation, the service failed to start and broke the client due to permissions. By running the client before the service, everything is fine and dandy. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bafcdc5d-68b3-4bd1-9236-3d51398fda94%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco - http://bit.ly/pupconf14 Register now and save 40%! Offer expires January 31st. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK4g-%2BdWbtYk9j%2BPDZWyDvhb%3DYxKLk8cgi%3DQwLaGyCnUTA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
On Friday, January 24, 2014 1:02:59 PM UTC-7, Rob Reynolds wrote: The supported way of making it work is to update to at least 3.3.1. Just tried installing the 3.4.2 client and had the same problem; service fails to start and the installation is rolled back. The log is *slightly* different. StartServices: Service: Puppet Agent Error 1920. Service 'Puppet Agent' (puppet) failed to start. Verify that you have sufficient privileges to start system services. MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37672 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37536 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 29532 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37384 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 38872 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 34136 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33292 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 1136 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33376 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 32688 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 31448 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 31128 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33536 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 30684 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 27924 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 11324 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37092 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 30248 could not be cancelled. Error: 1168 MSI (s) (94:D8) [09:41:44:708]: Product: Puppet -- Error 1920. Service 'Puppet Agent' (puppet) failed to start. Verify that you have sufficient privileges to start system services. Are you sure you want to cancel? Action ended 9:41:50: InstallFinalize. Return value 3. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/17b9a371-7aa5-4894-bf23-0e1fc5be7b9c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
Josh, Can you try something for me? With the install, can you add the following to it? msiexec /qn /i themsilocation.msi PUPPET_AGENT_STARTUP_MODE=Manual And tell me if it installs okay? Then we'll move onto trying to start the service and see what errors crop up. On Mon, Jan 27, 2014 at 10:57 AM, Josh D joshuadavid...@gmail.com wrote: On Friday, January 24, 2014 1:02:59 PM UTC-7, Rob Reynolds wrote: The supported way of making it work is to update to at least 3.3.1. Just tried installing the 3.4.2 client and had the same problem; service fails to start and the installation is rolled back. The log is *slightly* different. StartServices: Service: Puppet Agent Error 1920. Service 'Puppet Agent' (puppet) failed to start. Verify that you have sufficient privileges to start system services. MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37672 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37536 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 29532 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37384 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 38872 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 34136 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33292 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 1136 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33376 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 32688 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 31448 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 31128 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33536 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 30684 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 27924 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 11324 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37092 could not be cancelled. Error: 1168 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 30248 could not be cancelled. Error: 1168 MSI (s) (94:D8) [09:41:44:708]: Product: Puppet -- Error 1920. Service 'Puppet Agent' (puppet) failed to start. Verify that you have sufficient privileges to start system services. Are you sure you want to cancel? Action ended 9:41:50: InstallFinalize. Return value 3. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/17b9a371-7aa5-4894-bf23-0e1fc5be7b9c%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco - http://bit.ly/pupconf14 Register now and save 40%! Offer expires January 31st. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK4sm3Kuc8TjdF3kTKBiLB7o7NvS2CdxnULfz4fcx_cvww%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
On Monday, January 27, 2014 10:34:36 AM UTC-7, Rob Reynolds wrote: Josh, Can you try something for me? With the install, can you add the following to it? msiexec /qn /i themsilocation.msi PUPPET_AGENT_STARTUP_MODE=Manual And tell me if it installs okay? Yep, one step ahead of you. We were able to install by changing the startup mode to manual. Attempting to start the service post install, resulted in: Error 1053: The service did not respond to the start or control request in a timely fashion. There wasn't anything helpful in event viewer so we moved on to starting the agent manually. The pertinent portion of the output from puppet agent --test --debug --verbose is below: Error: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/P uppetLabs/puppet/var/state/graphs Error: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/P uppetLabs/puppet/var/state/graphs Wrapped exception: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs Error: /File[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]/ensure: change f rom absent to directory failed: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs [0;36mDebug: /File [C:/ProgramData/PuppetLabs/puppet/var/state/graphs]: Nothing to manage: no ensure and the resource doesn't exist [0m [0;36mDebug: Finishing transaction 38297820 [0m Error: Could not prepare for execution: Got 3 failure(s) while initializing: Cou ld not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/ puppet/var/state/graphs; Could not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs Wrapped exception: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs; change fr om absent to directory failed: Could not set 'directory' on ensure: Permission d enied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs So I hopped into the PuppetLabs directory and started looking at permissions. Everything is good up to C:/ProgramData/PuppetLabs/puppet/var. Meaning the Administrators group has full control and can make modifications. That is required for running puppet agent manually outside of the service. Every directory under C:/ProgramData/PuppetLabs/puppet/var is good *except* for C:/ProgramData/PuppetLabs/puppet/var/state. That directory appears to have been created by the service (system account) and does not have any permissions for Administrators set. I attempted to alter the permissions, but I just get access denied even with an admin account. So in summary, the service times out for reasons unknown. Running puppet agent manually fails because Administrators cannot modify anything under C:/ProgramData/PuppetLabs/puppet/var/state -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/73b52441-e66d-4661-bf1b-fc3737ec4912%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
Can you blow away the C:/ProgramData/PuppetLabs directory and try the install again? On Mon, Jan 27, 2014 at 12:01 PM, Josh D joshuadavid...@gmail.com wrote: On Monday, January 27, 2014 10:34:36 AM UTC-7, Rob Reynolds wrote: Josh, Can you try something for me? With the install, can you add the following to it? msiexec /qn /i themsilocation.msi PUPPET_AGENT_STARTUP_MODE=Manual And tell me if it installs okay? Yep, one step ahead of you. We were able to install by changing the startup mode to manual. Attempting to start the service post install, resulted in: Error 1053: The service did not respond to the start or control request in a timely fashion. There wasn't anything helpful in event viewer so we moved on to starting the agent manually. The pertinent portion of the output from puppet agent --test --debug --verbose is below: Error: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/P uppetLabs/puppet/var/state/graphs Error: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/P uppetLabs/puppet/var/state/graphs Wrapped exception: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs Error: /File[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]/ensure: change f rom absent to directory failed: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs [0;36mDebug: /File [C:/ProgramData/PuppetLabs/puppet/var/state/graphs]: Nothing to manage: no ensure and the resource doesn't exist [0m [0;36mDebug: Finishing transaction 38297820 [0m Error: Could not prepare for execution: Got 3 failure(s) while initializing: Cou ld not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/ puppet/var/state/graphs; Could not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs Wrapped exception: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs; change fr om absent to directory failed: Could not set 'directory' on ensure: Permission d enied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs So I hopped into the PuppetLabs directory and started looking at permissions. Everything is good up to C:/ProgramData/PuppetLabs/puppet/var. Meaning the Administrators group has full control and can make modifications. That is required for running puppet agent manually outside of the service. Every directory under C:/ProgramData/PuppetLabs/puppet/var is good *except* for C:/ProgramData/PuppetLabs/puppet/var/state. That directory appears to have been created by the service (system account) and does not have any permissions for Administrators set. I attempted to alter the permissions, but I just get access denied even with an admin account. So in summary, the service times out for reasons unknown. Running puppet agent manually fails because Administrators cannot modify anything under C:/ProgramData/PuppetLabs/puppet/var/state -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/73b52441-e66d-4661-bf1b-fc3737ec4912%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco - http://bit.ly/pupconf14 Register now and save 40%! Offer expires January 31st. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK74a%3DxTm384UDrTRFHamnFCg%2B3qThKEjM5Bm4K_PBBH-A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
You should be able to take ownership of the directory you cannot delete as an administrator. Once you have done that you should be able to move forward with deleting those. I think the prior install attempts might have botched something and that directory is not removed. On Mon, Jan 27, 2014 at 5:13 PM, Rob Reynolds r...@puppetlabs.com wrote: Can you blow away the C:/ProgramData/PuppetLabs directory and try the install again? On Mon, Jan 27, 2014 at 12:01 PM, Josh D joshuadavid...@gmail.com wrote: On Monday, January 27, 2014 10:34:36 AM UTC-7, Rob Reynolds wrote: Josh, Can you try something for me? With the install, can you add the following to it? msiexec /qn /i themsilocation.msi PUPPET_AGENT_STARTUP_MODE=Manual And tell me if it installs okay? Yep, one step ahead of you. We were able to install by changing the startup mode to manual. Attempting to start the service post install, resulted in: Error 1053: The service did not respond to the start or control request in a timely fashion. There wasn't anything helpful in event viewer so we moved on to starting the agent manually. The pertinent portion of the output from puppet agent --test --debug --verbose is below: Error: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/P uppetLabs/puppet/var/state/graphs Error: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/P uppetLabs/puppet/var/state/graphs Wrapped exception: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs Error: /File[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]/ensure: change f rom absent to directory failed: Could not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs [0;36mDebug: /File [C:/ProgramData/PuppetLabs/puppet/var/state/graphs]: Nothing to manage: no ensure and the resource doesn't exist [0m [0;36mDebug: Finishing transaction 38297820 [0m Error: Could not prepare for execution: Got 3 failure(s) while initializing: Cou ld not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/ puppet/var/state/graphs; Could not set 'directory' on ensure: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs Wrapped exception: Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs; change fr om absent to directory failed: Could not set 'directory' on ensure: Permission d enied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs So I hopped into the PuppetLabs directory and started looking at permissions. Everything is good up to C:/ProgramData/PuppetLabs/puppet/var. Meaning the Administrators group has full control and can make modifications. That is required for running puppet agent manually outside of the service. Every directory under C:/ProgramData/PuppetLabs/puppet/var is good *except* for C:/ProgramData/PuppetLabs/puppet/var/state. That directory appears to have been created by the service (system account) and does not have any permissions for Administrators set. I attempted to alter the permissions, but I just get access denied even with an admin account. So in summary, the service times out for reasons unknown. Running puppet agent manually fails because Administrators cannot modify anything under C:/ProgramData/PuppetLabs/puppet/var/state -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/73b52441-e66d-4661-bf1b-fc3737ec4912%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco - http://bit.ly/pupconf14 Register now and save 40%! Offer expires January 31st. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco - http://bit.ly/pupconf14 Register now and save 40%! Offer expires January 31st. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK7qeRGug2DYoDvTZ%2Bi_K6mnVHryj0Z_2eRTn2bRc2Ra_A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
Some of my users are having difficulty installing the Puppet client on their 64-bit Widows machines. The installation will get get to the point where everything is installed and it attempts to start the service. The service fails (see relevant information from install log from /l*v below) and then the installer rolls back. I've tried various ways of launching the installer, had different users attempt to install on the problem machines, etc but always wind up with the same error. The accounts in question have permission to start/stop services. Any ideas? StartServices: Service: Puppet Agent MSI (s) (88:6C) [09:29:47:321]: Note: 1: 2205 2: 3: Error MSI (s) (88:6C) [09:29:47:321]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1920 Error 1920. Service 'Puppet Agent' (puppet) failed to start. Verify that you have sufficient privileges to start system services. MSI (s) (88:20) [09:29:57:739]: I/O on thread 7856 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8588 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 7504 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 9268 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 6048 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 4460 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 7356 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8800 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8316 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8436 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 4716 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 6840 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 10224 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 8248 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 4944 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 2860 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 9484 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 8116 could not be cancelled. Error: 1168 MSI (s) (88:6C) [09:29:57:740]: Note: 1: 2205 2: 3: Error MSI (s) (88:6C) [09:29:57:740]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709 MSI (s) (88:6C) [09:29:57:740]: Product: Puppet -- Error 1920. Service 'Puppet Agent' (puppet) failed to start. Verify that you have sufficient privileges to start system services. MSI (s) (88:6C) [09:29:57:742]: Note: 1: 2205 2: 3: Error MSI (s) (88:6C) [09:29:57:742]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1602 Are you sure you want to cancel? Action ended 9:29:59: InstallFinalize. Return value 3. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/90b581a2-53f0-4c98-a463-dbe296345161%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64
On Fri, Jan 24, 2014 at 11:11 AM, Josh D joshuadavid...@gmail.com wrote: Some of my users are having difficulty installing the Puppet client on their 64-bit Widows machines. The installation will get get to the point where everything is installed and it attempts to start the service. The service fails (see relevant information from install log from /l*v below) and then the installer rolls back. I've tried various ways of launching the installer, had different users attempt to install on the problem machines, etc but always wind up with the same error. The accounts in question have permission to start/stop services. Any ideas? StartServices: Service: Puppet Agent MSI (s) (88:6C) [09:29:47:321]: Note: 1: 2205 2: 3: Error MSI (s) (88:6C) [09:29:47:321]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1920 Error 1920. Service 'Puppet Agent' (puppet) failed to start. Verify that you have sufficient privileges to start system services. MSI (s) (88:20) [09:29:57:739]: I/O on thread 7856 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8588 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 7504 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 9268 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 6048 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 4460 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 7356 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8800 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8316 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8436 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:739]: I/O on thread 4716 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 6840 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 10224 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 8248 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 4944 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 2860 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 9484 could not be cancelled. Error: 1168 MSI (s) (88:20) [09:29:57:740]: I/O on thread 8116 could not be cancelled. Error: 1168 MSI (s) (88:6C) [09:29:57:740]: Note: 1: 2205 2: 3: Error MSI (s) (88:6C) [09:29:57:740]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709 MSI (s) (88:6C) [09:29:57:740]: Product: Puppet -- Error 1920. Service 'Puppet Agent' (puppet) failed to start. Verify that you have sufficient privileges to start system services. This error is a lie. :) The true issue [1][2][3] had to an encoding bug in a gem that Puppet depends on that was fixed in 3.3.1. We didn't add the PUPPET_AGENT_STARTUP_MODE [4] until 3.4.0 so there isn't a way to tell it not to try to start the service. The supported way of making it work is to update to at least 3.3.1. 1: http://projects.puppetlabs.com/issues/22493 2: http://projects.puppetlabs.com/issues/22613 3: https://tickets.puppetlabs.com/browse/PUP-316 with a nice video showing repro and fix. 4: http://docs.puppetlabs.com/windows/installing.html#automated-installation MSI (s) (88:6C) [09:29:57:742]: Note: 1: 2205 2: 3: Error MSI (s) (88:6C) [09:29:57:742]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1602 Are you sure you want to cancel? Action ended 9:29:59: InstallFinalize. Return value 3. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/90b581a2-53f0-4c98-a463-dbe296345161%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco - http://bit.ly/pupconf14 Register now and save 40%! Offer expires January 31st. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK7reQ_JJRvmg7Y9i6gK-FokpVHMH6a0bd3f-DzkmVWM2g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet client automatic self enrollment to puppet enterprise
Hi I'm developing templates for vm cloud provisioning and would like to include puppet client in the template has anybody have knowledge or experience to assist with my objective of puppet client automatic self enrollment to puppet enterprise e.g. as a new vm is built Any help appreciated Regards Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a22ee4b3-375a-44fc-b891-731501057d33%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet client automatic self enrollment to puppet enterprise
There's nothing special. The only thing you'll need is either auto sign or automation on your side to pre-sign certs and deliver them to the VM. On Nov 27, 2013, at 6:30 AM, Martin Knott mkn...@novemgroup.co.uk wrote: I'm developing templates for vm cloud provisioning and would like to include puppet client in the template has anybody have knowledge or experience to assist with my objective of puppet client automatic self enrollment to puppet enterprise e.g. as a new vm is built Any help appreciated Regards Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a22ee4b3-375a-44fc-b891-731501057d33%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. Author of Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8545EBD4-FDD4-45E2-823C-9556EB227732%40netconsonance.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet client
I have a box with this uname -a output: Linux myhost 2.6.32-300.11.1.el5uek #1 SMP Wed Mar 7 09:55:50 EST 2012 x86_64 x86_64 x86_64 GNU/Linux For various reasons, I cannot use Yum to download. Anyone know the specific URL's/rpm's I can download to get puppet client up for the above to work with a Puppet 3.2.1 master? Stuart -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ad707d21-7c8d-4e5e-a9c6-bd871a74e8ac%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet client
Took care of this. Messy. Made a company repo. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2A778359-C514-433A-A5A0-183440B0F342%40me.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet client connection refused when I use puppet kick form puppet master
Hi *puppetmaster#vim /etc/puppet/puppet.conf* [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY puppetmaster#vim /etc/puppet/auth.conf [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY *puppetmaster#vim /etc/puppet/auth.conf* # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # - # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # - # This one is differenciated from the path one by a '~' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their own reports path ~ ^/report/([^/]+)$ method save allow $1 # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file Thanks, Dilip allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else #path / path /run auth any These are my puppet.conf and auth.conf of puppet master... Please find the solution.. On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma dilippand...@gmail.comwrote: Hi, I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e class toolbox { file { '/usr/local/sbin/puppetsimple.sh': owner = root,group = root,mode = 0755,content = #!/bin/bash apt-get install zip\n } } node 'admin.local' { include toolbox } Here admin.local is my PUPPET AGENT.. my job is to kick this job to puppet agent from puppet master.for this i have ran *r...@puppetmaster.example.org#puppet kick admin.local* *Triggering admin.local Host admin.local failed: Connection refused - connect(2) admin.local finished with exit code 2 Failed: admin.local* i got this error. *Additional Info*:puppet master and agent are in the same network,pinging each other and configured password less logins also.. Please find the attachment regarding the puppet error mentioned above. Thanks in advance Dilip -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/OMJFUxP4XgM/unsubscribe. To unsubscribe from this
Re: [Puppet Users] puppet client connection refused when I use puppet kick form puppet master
Have you try adding server parameter as i said in earlier post. On Thu, Sep 26, 2013 at 2:44 PM, Dilip Varma dilippand...@gmail.com wrote: Hi *puppetmaster#vim /etc/puppet/puppet.conf* [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY puppetmaster#vim /etc/puppet/auth.conf [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY *puppetmaster#vim /etc/puppet/auth.conf* # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # - # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # - # This one is differenciated from the path one by a '~' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their own reports path ~ ^/report/([^/]+)$ method save allow $1 # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file Thanks, Dilip allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else #path / path /run auth any These are my puppet.conf and auth.conf of puppet master... Please find the solution.. On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma dilippand...@gmail.comwrote: Hi, I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e class toolbox { file { '/usr/local/sbin/puppetsimple.sh': owner = root,group = root,mode = 0755,content = #!/bin/bash apt-get install zip\n } } node 'admin.local' { include toolbox } Here admin.local is my PUPPET AGENT.. my job is to kick this job to puppet agent from puppet master.for this i have ran *r...@puppetmaster.example.org#puppet kick admin.local* *Triggering admin.local Host admin.local failed: Connection refused - connect(2) admin.local finished with exit code 2 Failed: admin.local* i got this error. *Additional Info*:puppet master and agent are in the same network,pinging each other and configured password less logins also.. Please find the attachment regarding the puppet error mentioned above.
Re: [Puppet Users] puppet client connection refused when I use puppet kick form puppet master
Hi, it is working fine,Thank you.. Thanks, Dilip On Thu, Sep 26, 2013 at 3:08 PM, Rahul Khengare rahulk1...@gmail.comwrote: Have you try adding server parameter as i said in earlier post. On Thu, Sep 26, 2013 at 2:44 PM, Dilip Varma dilippand...@gmail.comwrote: Hi *puppetmaster#vim /etc/puppet/puppet.conf* [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY puppetmaster#vim /etc/puppet/auth.conf [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY *puppetmaster#vim /etc/puppet/auth.conf* # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # - # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # - # This one is differenciated from the path one by a '~' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their own reports path ~ ^/report/([^/]+)$ method save allow $1 # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file Thanks, Dilip allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else #path / path /run auth any These are my puppet.conf and auth.conf of puppet master... Please find the solution.. On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma dilippand...@gmail.comwrote: Hi, I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e class toolbox { file { '/usr/local/sbin/puppetsimple.sh': owner = root,group = root,mode = 0755,content = #!/bin/bash apt-get install zip\n } } node 'admin.local' { include toolbox } Here admin.local is my PUPPET AGENT.. my job is to kick this job to puppet agent from puppet master.for this i have ran *r...@puppetmaster.example.org#puppet kick admin.local* *Triggering admin.local Host admin.local failed: Connection refused - connect(2) admin.local finished with exit code 2 Failed: admin.local* i got this error. *Additional Info*:puppet master and agent are in the same network,pinging
Re: [Puppet Users] puppet client connection refused when I use puppet kick form puppet master
I've created auth.conf file in puppet agent and in auth.conf file i've written path / method find, search, save auth yes allow puppetmaster.example.org path /run auth any allow * finally i've restarted the puppet and puppet master then it's working well.. Thank you for supporting me.. Thanks, Dilip On Thu, Sep 26, 2013 at 4:54 PM, Dilip Varma dilippand...@gmail.com wrote: Hi, it is working fine,Thank you.. Thanks, Dilip On Thu, Sep 26, 2013 at 3:08 PM, Rahul Khengare rahulk1...@gmail.comwrote: Have you try adding server parameter as i said in earlier post. On Thu, Sep 26, 2013 at 2:44 PM, Dilip Varma dilippand...@gmail.comwrote: Hi *puppetmaster#vim /etc/puppet/puppet.conf* [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY puppetmaster#vim /etc/puppet/auth.conf [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY *puppetmaster#vim /etc/puppet/auth.conf* # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # - # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # - # This one is differenciated from the path one by a '~' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their own reports path ~ ^/report/([^/]+)$ method save allow $1 # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file Thanks, Dilip allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else #path / path /run auth any These are my puppet.conf and auth.conf of puppet master... Please find the solution.. On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma dilippand...@gmail.comwrote: Hi, I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e class toolbox { file { '/usr/local/sbin/puppetsimple.sh': owner = root,group = root,mode = 0755,content = #!/bin/bash apt-get install zip\n } } node 'admin.local' { include toolbox } Here admin.local is my
Re: [Puppet Users] puppet client
Good morning! What are the relevant client rpms and URL for puppet client install to Oracle UEK Linux? I'm sitting at, in a browser: http://yum.puppetlabs.com/el/5Client/products/x86_64 Also, can you speak more to: Some modules need to get slightly modified to recognize Oracle EL Thankyou. On Aug 28, 2013, at 11:29 AM, Steven Nemetz snem...@hotmail.com wrote: Just use the RedHat packages We use the same packages for RedHat, CentOS, and Oracle EL Some modules need to get slightly modified to recognize Oracle EL Steven Subject: [Puppet Users] puppet client From: smcracr...@me.com Date: Wed, 28 Aug 2013 10:02:48 -0700 To: puppet-users@googlegroups.com Hi, Looked but couldn't find information on Puppet client for Oracle Unbreakable Enterprise Kernel Linux. Could you point me to the methodology for the above on Open Source Puppet which we have running (well) on and for regular Red Hat Linux which we used Puppet Labs Yum repositories to install server and client effortlessly. We use Oracle Unbreakable Enterprise Kernel on our vms which we want all controlled by Puppet. I was told by someone at Puppet Labs that it existed in some fashion... --Stuart RHCE/RHCSA/Oracle DBA/Sun/Mensa -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet client
I assume it is just the version of puppet client which matches the master's own client and server which is 3.2.1. I.e. puppet-3.2.1-1.el5.noarch.rpm facter as well Any others for an Oracle UEK client? --Stuart RHCE/RHCSA/Oracle DBA/Sun/Mensa On Aug 29, 2013, at 9:17 AM, Stuart Cracraft smcracr...@me.com wrote: Good morning! What are the relevant client rpms and URL for puppet client install to Oracle UEK Linux? I'm sitting at, in a browser: http://yum.puppetlabs.com/el/5Client/products/x86_64 Also, can you speak more to: Some modules need to get slightly modified to recognize Oracle EL Thankyou. On Aug 28, 2013, at 11:29 AM, Steven Nemetz snem...@hotmail.com wrote: Just use the RedHat packages We use the same packages for RedHat, CentOS, and Oracle EL Some modules need to get slightly modified to recognize Oracle EL Steven Subject: [Puppet Users] puppet client From: smcracr...@me.com Date: Wed, 28 Aug 2013 10:02:48 -0700 To: puppet-users@googlegroups.com Hi, Looked but couldn't find information on Puppet client for Oracle Unbreakable Enterprise Kernel Linux. Could you point me to the methodology for the above on Open Source Puppet which we have running (well) on and for regular Red Hat Linux which we used Puppet Labs Yum repositories to install server and client effortlessly. We use Oracle Unbreakable Enterprise Kernel on our vms which we want all controlled by Puppet. I was told by someone at Puppet Labs that it existed in some fashion... --Stuart RHCE/RHCSA/Oracle DBA/Sun/Mensa -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet client
Hi, Looked but couldn't find information on Puppet client for Oracle Unbreakable Enterprise Kernel Linux. Could you point me to the methodology for the above on Open Source Puppet which we have running (well) on and for regular Red Hat Linux which we used Puppet Labs Yum repositories to install server and client effortlessly. We use Oracle Unbreakable Enterprise Kernel on our vms which we want all controlled by Puppet. I was told by someone at Puppet Labs that it existed in some fashion... --Stuart RHCE/RHCSA/Oracle DBA/Sun/Mensa -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] puppet client
Just use the RedHat packages We use the same packages for RedHat, CentOS, and Oracle EL Some modules need to get slightly modified to recognize Oracle EL Steven Subject: [Puppet Users] puppet client From: smcracr...@me.com Date: Wed, 28 Aug 2013 10:02:48 -0700 To: puppet-users@googlegroups.com Hi, Looked but couldn't find information on Puppet client for Oracle Unbreakable Enterprise Kernel Linux. Could you point me to the methodology for the above on Open Source Puppet which we have running (well) on and for regular Red Hat Linux which we used Puppet Labs Yum repositories to install server and client effortlessly. We use Oracle Unbreakable Enterprise Kernel on our vms which we want all controlled by Puppet. I was told by someone at Puppet Labs that it existed in some fashion... --Stuart RHCE/RHCSA/Oracle DBA/Sun/Mensa -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet client not auto updating
Hi, there are agent options in puppet.conf that control how often the agent runs etc. Check whether the agent puts any messages into your syslog. Find the agent process in the system's list of running processes. You could try and run the agent in debug mode to see if anything goes wrong. Stop the service, then run puppet agent --no-daemonize --verbose --debug HTH, Felix On 04/06/2013 12:38 AM, Sy Doveton wrote: I am new to puppet and am experimenting with some basic commands. I have a puppetmaster server and a couple or servers with puppet client. All servers are running ubuntu. I have set up the link between the master and the clients and their certs have been signed etc. The clients have had puppet started via 'service puppet start' and can confirm they are running with 'service puppet status'. When I make any changes on the master nothing happens on the servers. I have waited a couple of hours and e.g. the required package has not been installed on the client. As soon as I run on the client:- puppetd --test It will immediately install the package so I know my manifests / modules are correct as it does what I request when I manually ask it. I just need it to run periodically automatically and get the latest info from the master. Any ideas of things I can check? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet client not auto updating
I am new to puppet and am experimenting with some basic commands. I have a puppetmaster server and a couple or servers with puppet client. All servers are running ubuntu. I have set up the link between the master and the clients and their certs have been signed etc. The clients have had puppet started via 'service puppet start' and can confirm they are running with 'service puppet status'. When I make any changes on the master nothing happens on the servers. I have waited a couple of hours and e.g. the required package has not been installed on the client. As soon as I run on the client:- puppetd --test It will immediately install the package so I know my manifests / modules are correct as it does what I request when I manually ask it. I just need it to run periodically automatically and get the latest info from the master. Any ideas of things I can check? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet client not auto updating
Hi, I am new to puppet and am experimenting with some basic commands. I have a puppetmaster server and a couple or servers with puppet client. All servers are running ubuntu. I have set up the link between the master and the clients and their certs have been signed etc. The clients have had puppet started via 'service puppet start' and can confirm they are running with 'service puppet status'. When I make any changes on the master nothing happens on the servers. I have waited a couple of hours and e.g. the required package has not been installed on the client. As soon as I run on the client:- puppetd --test It will immediately install the package so I know my manifests / modules are correct as it does what I request when I manually ask it. I just need it to run periodically automatically and get the latest info from the master. Any ideas of things I can check? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet client 0.22.1-1 unable to communicate with master on 3.0.2-1
Hi, I have a client that I cannot upgrade from ubuntu 6.06 (due to application dependency issues) ... I have been able to get puppet/facter installed on it, but it seems unable to make certificate requests .. #/usr/sbin/puppetd -d -t -v err: No certificate; running with reduced functionality. info: Creating a new certificate request for cofkedit.bodleian.ox.ac.uk info: Requesting certificate warning: peer certificate won't be verified in this SSL session err: Could not call puppetca.getcert: #RuntimeError: HTTP-Error: 400 Bad Request err: Could not request certificate: Certificate retrieval failed: HTTP-Error: 400 Bad Request == I have seem a few admonitions against using clients that are old, but I have no choice in this one if I hope to deploy puppet on it .. or are there work arounds I can attempt ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet client unable to sign puppet master certificate..
Hi , Need this help desperately 1) Cleaned certificates from master 2) Cleaned ssl dir in agent 3) On agent - I run - puppet agent -t --waitforcert 60 4) On master - I sign the agent. 5) Again - I run puppet agent -t I get the following error: /opt/puppet/lib/ruby/site_ruby/1.8/puppet/defaults.rb:72: warning: Insecure world writable dir /opt/perf in PATH, mode 040777 info: Retrieving plugin err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class hosts for puppet.agent.com on node puppet.agent.com warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Can someone help!!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client runs outside of office hours
We use this cron { puppet: ensure = present, command = $ppt_cmd, user= 'root', hour= fqdn_rand(6), minute = fqdn_rand(60) } so puppet runs happen 'randomly between midnight and 05:59 Regards, Stefan - Zipkid - Goethals. On Wed, Dec 12, 2012 at 6:23 AM, DenMat Gone tu2bg...@gmail.com wrote: Cron would be your best bet. You can manage cron jobs via puppet. kdo k...@hampels.com.au wrote: anyone have any smart ideas around scheduling puppet client runs during specific times ? such as outside of office hours ? any options that can be set in the puppet.conf for example ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/BbplaHlxFcQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client runs outside of office hours
anyone have any smart ideas around scheduling puppet client runs during specific times ? such as outside of office hours ? any options that can be set in the puppet.conf for example ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/BbplaHlxFcQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client runs outside of office hours
Cron would be your best bet. You can manage cron jobs via puppet. kdo k...@hampels.com.au wrote: anyone have any smart ideas around scheduling puppet client runs during specific times ? such as outside of office hours ? any options that can be set in the puppet.conf for example ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/BbplaHlxFcQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
Just to finish this one up, I had the service name wrong. # puppet resource service puppetagent enable=yes ensure=running Works just fine. Bret -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6GhA7riGZH4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
On 11/13/2012 03:46 PM, Darin Perusich wrote: This is systemd weirdness. I've run into this error before on SuSE with other init scripts and the fix was to reboot the machine. Then you won't get the Loaded: error (Reason: No such file or directory) anymore. :-/ A little offtopic but I'm not looking forward to RHEL v7 and derivatives because of things like systemd... Don't fix it if ain't broken, and standard init served us well for quite some time... -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client won't autostart
I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true Error: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: Error: /Service[puppet]/ensure: change from stopped to running failed: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: service { 'puppet': ensure = 'stopped', enable = 'false', } # ps aux | grep 'puppet agent' | grep -v grep # puppet agent # ps aux | grep 'puppet agent' | grep -v grep root 55055 12.4 0.1 383924 45928 ? Ssl 07:150:01 /usr/bin/ruby /bin/puppet agent # Where should I look first? I'm not sure why this will start for me interactively but not from the agent (this also fails if the agent is already running in exactly the same fashion). Thanks! Bret Wortman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
Hi Bret, On 13.11.2012, at 13:18, Bret Wortman wrote: I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true does the service script has a status option and does the status deliver proper results? service puppet status Some service scripts do not check properly for the status or they deliver wrong exit codes. If this is the case you can set hasstatus = false hth, Martin Error: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: Error: /Service[puppet]/ensure: change from stopped to running failed: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: service { 'puppet': ensure = 'stopped', enable = 'false', } # ps aux | grep 'puppet agent' | grep -v grep # puppet agent # ps aux | grep 'puppet agent' | grep -v grep root 55055 12.4 0.1 383924 45928 ? Ssl 07:150:01 /usr/bin/ruby /bin/puppet agent # Where should I look first? I'm not sure why this will start for me interactively but not from the agent (this also fails if the agent is already running in exactly the same fashion). Thanks! Bret Wortman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
It does not (and this is odd since I'm using F17): # service puppet status Redirecting to /bin/systemctl status puppet.service puppet.service Loaded: error (Reason: No such file or directory) Active: inactive (dead) and yet ps still shows it running. But with your help, this at least starts it now, but I can't get the ensure bit working, and that's the really critical piece for us. Looks like Puppet is expecting to chkconfig this and that's not working. I also have no file in /etc/init.d at all, so there's apparently no start script on my system at all. I installed from the Puppetlabs repos. # puppet resource service puppet hasstatus=false ensure=running enable=true Error: Could not enable puppet: Execution of '/sbin/chkconfig puppet on' returned 1: error reading information on service puppet: No such file or directory : : service { 'puppet': ensure = running, enable = false, } # On Tuesday, November 13, 2012 8:40:08 AM UTC-5, Martin Alfke wrote: Hi Bret, On 13.11.2012, at 13:18, Bret Wortman wrote: I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true does the service script has a status option and does the status deliver proper results? service puppet status Some service scripts do not check properly for the status or they deliver wrong exit codes. If this is the case you can set hasstatus = false hth, Martin Error: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: Error: /Service[puppet]/ensure: change from stopped to running failed: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: service { 'puppet': ensure = 'stopped', enable = 'false', } # ps aux | grep 'puppet agent' | grep -v grep # puppet agent # ps aux | grep 'puppet agent' | grep -v grep root 55055 12.4 0.1 383924 45928 ? Ssl 07:150:01 /usr/bin/ruby /bin/puppet agent # Where should I look first? I'm not sure why this will start for me interactively but not from the agent (this also fails if the agent is already running in exactly the same fashion). Thanks! Bret Wortman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/62Ns4IuyUJgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
This is systemd weirdness. I've run into this error before on SuSE with other init scripts and the fix was to reboot the machine. Then you won't get the Loaded: error (Reason: No such file or directory) anymore. -- Later, Darin On Tue, Nov 13, 2012 at 9:29 AM, Bret Wortman b...@thewortmans.org wrote: It does not (and this is odd since I'm using F17): # service puppet status Redirecting to /bin/systemctl status puppet.service puppet.service Loaded: error (Reason: No such file or directory) Active: inactive (dead) and yet ps still shows it running. But with your help, this at least starts it now, but I can't get the ensure bit working, and that's the really critical piece for us. Looks like Puppet is expecting to chkconfig this and that's not working. I also have no file in /etc/init.d at all, so there's apparently no start script on my system at all. I installed from the Puppetlabs repos. # puppet resource service puppet hasstatus=false ensure=running enable=true Error: Could not enable puppet: Execution of '/sbin/chkconfig puppet on' returned 1: error reading information on service puppet: No such file or directory : : service { 'puppet': ensure = running, enable = false, } # On Tuesday, November 13, 2012 8:40:08 AM UTC-5, Martin Alfke wrote: Hi Bret, On 13.11.2012, at 13:18, Bret Wortman wrote: I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true does the service script has a status option and does the status deliver proper results? service puppet status Some service scripts do not check properly for the status or they deliver wrong exit codes. If this is the case you can set hasstatus = false hth, Martin Error: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: Error: /Service[puppet]/ensure: change from stopped to running failed: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: service { 'puppet': ensure = 'stopped', enable = 'false', } # ps aux | grep 'puppet agent' | grep -v grep # puppet agent # ps aux | grep 'puppet agent' | grep -v grep root 55055 12.4 0.1 383924 45928 ? Ssl 07:150:01 /usr/bin/ruby /bin/puppet agent # Where should I look first? I'm not sure why this will start for me interactively but not from the agent (this also fails if the agent is already running in exactly the same fashion). Thanks! Bret Wortman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/62Ns4IuyUJgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
On Tuesday, November 13, 2012 7:40:08 AM UTC-6, Martin Alfke wrote: Hi Bret, On 13.11.2012, at 13:18, Bret Wortman wrote: I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true does the service script has a status option and does the status deliver proper results? service puppet status Some service scripts do not check properly for the status or they deliver wrong exit codes. If this is the case you can set hasstatus = false Or, better, fix the service script. Note that Puppet cares only about the exit code; it ignores the output and error streams. Be sure to check / fix the exit codes of *all* initscript actions, but especially start, stop, status, and restart actions. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/s3DERbSNhD4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
This problem has continued through multiple reboots across multiple systems. On Tuesday, November 13, 2012 9:47:03 AM UTC-5, Darin Perusich wrote: This is systemd weirdness. I've run into this error before on SuSE with other init scripts and the fix was to reboot the machine. Then you won't get the Loaded: error (Reason: No such file or directory) anymore. -- Later, Darin On Tue, Nov 13, 2012 at 9:29 AM, Bret Wortman br...@thewortmans.orgjavascript: wrote: It does not (and this is odd since I'm using F17): # service puppet status Redirecting to /bin/systemctl status puppet.service puppet.service Loaded: error (Reason: No such file or directory) Active: inactive (dead) and yet ps still shows it running. But with your help, this at least starts it now, but I can't get the ensure bit working, and that's the really critical piece for us. Looks like Puppet is expecting to chkconfig this and that's not working. I also have no file in /etc/init.d at all, so there's apparently no start script on my system at all. I installed from the Puppetlabs repos. # puppet resource service puppet hasstatus=false ensure=running enable=true Error: Could not enable puppet: Execution of '/sbin/chkconfig puppet on' returned 1: error reading information on service puppet: No such file or directory : : service { 'puppet': ensure = running, enable = false, } # On Tuesday, November 13, 2012 8:40:08 AM UTC-5, Martin Alfke wrote: Hi Bret, On 13.11.2012, at 13:18, Bret Wortman wrote: I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true does the service script has a status option and does the status deliver proper results? service puppet status Some service scripts do not check properly for the status or they deliver wrong exit codes. If this is the case you can set hasstatus = false hth, Martin Error: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: Error: /Service[puppet]/ensure: change from stopped to running failed: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 1: service { 'puppet': ensure = 'stopped', enable = 'false', } # ps aux | grep 'puppet agent' | grep -v grep # puppet agent # ps aux | grep 'puppet agent' | grep -v grep root 55055 12.4 0.1 383924 45928 ? Ssl 07:150:01 /usr/bin/ruby /bin/puppet agent # Where should I look first? I'm not sure why this will start for me interactively but not from the agent (this also fails if the agent is already running in exactly the same fashion). Thanks! Bret Wortman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/62Ns4IuyUJgJ. To post to this group, send email to puppet...@googlegroups.comjavascript:. To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/OXgaS9wEIQ0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
It is kind of funny that we're talking about using puppet's tricks for working around bad start scripts for puppet's own software On Tuesday, November 13, 2012 9:58:57 AM UTC-5, jcbollinger wrote: On Tuesday, November 13, 2012 7:40:08 AM UTC-6, Martin Alfke wrote: Hi Bret, On 13.11.2012, at 13:18, Bret Wortman wrote: I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true does the service script has a status option and does the status deliver proper results? service puppet status Some service scripts do not check properly for the status or they deliver wrong exit codes. If this is the case you can set hasstatus = false Or, better, fix the service script. Note that Puppet cares only about the exit code; it ignores the output and error streams. Be sure to check / fix the exit codes of *all* initscript actions, but especially start, stop, status, and restart actions. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4vZduFoHCrYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
On Tue, Nov 13, 2012 at 8:31 AM, Bret Wortman b...@thewortmans.org wrote: It is kind of funny that we're talking about using puppet's tricks for working around bad start scripts for puppet's own software On Tuesday, November 13, 2012 9:58:57 AM UTC-5, jcbollinger wrote: On Tuesday, November 13, 2012 7:40:08 AM UTC-6, Martin Alfke wrote: Hi Bret, On 13.11.2012, at 13:18, Bret Wortman wrote: I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true does the service script has a status option and does the status deliver proper results? service puppet status Some service scripts do not check properly for the status or they deliver wrong exit codes. If this is the case you can set hasstatus = false Or, better, fix the service script. Note that Puppet cares only about the exit code; it ignores the output and error streams. Be sure to check / fix the exit codes of all initscript actions, but especially start, stop, status, and restart actions. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4vZduFoHCrYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Please try not to top post. It makes following the conversation very difficult. This is probably something to do with either 1. Puppet init script with systemd 2. Puppet's interaction with systemd. Both are really new and honestly, I'm certain they're not bug free yet. If you could file a bug we'll look into this. I've noticed the issue too on one of my home systems and just haven't looked into it yet. http://projects.puppetlabs.com/projects/puppet-community-pkg-repo/issues/new -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client won't autostart
On Tuesday, November 13, 2012 12:03:36 PM UTC-5, Michael Stanhke wrote: On Tue, Nov 13, 2012 at 8:31 AM, Bret Wortman br...@thewortmans.orgjavascript: wrote: It is kind of funny that we're talking about using puppet's tricks for working around bad start scripts for puppet's own software On Tuesday, November 13, 2012 9:58:57 AM UTC-5, jcbollinger wrote: On Tuesday, November 13, 2012 7:40:08 AM UTC-6, Martin Alfke wrote: Hi Bret, On 13.11.2012, at 13:18, Bret Wortman wrote: I'm getting this problem on all the puppet client's I've been setting up and it's got me both scratching my head (because I'm not seeing anything obvious in any system logs) and pausing in my rollout until I get it solved: # puppet resource service puppet ensure=running enable=true does the service script has a status option and does the status deliver proper results? service puppet status Some service scripts do not check properly for the status or they deliver wrong exit codes. If this is the case you can set hasstatus = false Or, better, fix the service script. Note that Puppet cares only about the exit code; it ignores the output and error streams. Be sure to check / fix the exit codes of all initscript actions, but especially start, stop, status, and restart actions. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4vZduFoHCrYJ. To post to this group, send email to puppet...@googlegroups.comjavascript:. To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Please try not to top post. It makes following the conversation very difficult. For you, maybe. For old school guys like me, it's quite natural. But I'll try to force Google Groups to comply. ;-) This is probably something to do with either 1. Puppet init script with systemd 2. Puppet's interaction with systemd. Both are really new and honestly, I'm certain they're not bug free yet. If you could file a bug we'll look into this. I've noticed the issue too on one of my home systems and just haven't looked into it yet. Will do, and I'm happy to help out in any way I can. I love the tool and appreciate your commitment to open source and community-supported versions. Thanks for your help! http://projects.puppetlabs.com/projects/puppet-community-pkg-repo/issues/new -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KP-SmJ1aW9MJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client not listening on port 8139
Hi, On Oct 10, 2012, at 6:58 PM, Pondy m.p...@griffith.edu.au wrote: Hi Gabrielle, Yes, I have listen = true and I cannot see that port open with netstat... I am truly confused, theres not much showing in the logs either. Thanks! On Thursday, 11 October 2012 09:46:31 UTC+10, Lelutin wrote: On 2012-10-10 18:37, Pondy wrote: Hi All, thanks for your input. So, I am talking about the puppet client. ah oops sorry, I'm not used to dealing with this option :\ my bad The puppet master server and all other clients seem to be working ok. I am also unable to telnet locally to port 8139 or 8140. hmm this is weird. in your original post you showed us that there were no iptables rules, and you do have listen = true in your puppet.conf. do you see the port as open and listening with netstat? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Try running with --debug. Note you'll need to provide an auth.conf on the client otherwise no one will be allowed to connect, and puppet will ignore the listen setting. Josh -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client not listening on port 8139
Hi everyone, Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139. iptables -L: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination /etc/puppet/puppet.conf: [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig listen = true server = mypuppet server.fqdn /etc/puppet/namespaceauth.conf: [puppetmaster] allow mypuppet server.fqdn /etc/puppet/auth.conf: # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # - # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # - # This one is differenciated from the path one by a '~' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # Puppetrun settings path /run allow mypuppet server fqdn # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate # allow access to the master CA path /certificate/ca auth no method find allow * path /certificate/ auth no method find allow * path /certificate_request auth no method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any It seems as though the puppet is running: 4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log But I cant even telnet to port 8139 on the localhost to test that the port is open. Can any one please help? Any suggestions welcome, I have copied the /etc/puppet/*.conf files from another working server. Please Help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7kFNpVNAyd4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client not listening on port 8139
On 2012-10-10 02:35, Pondy wrote: Hi everyone, Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139. By default, puppet listens on 8140, not 8139. And your configuration doesn't seem to be specifying an alternative port. maybe that's what you ought to looking for? tcp0 0 0.0.0.0:81400.0.0.0:* LISTEN 18794/ruby1.8 iptables -L: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination /etc/puppet/puppet.conf: [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig listen = true server = mypuppet server.fqdn /etc/puppet/namespaceauth.conf: [puppetmaster] allow mypuppet server.fqdn /etc/puppet/auth.conf: # This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # - # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # - # This one is differenciated from the path one by a '~' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # Puppetrun settings path /run allow mypuppet server fqdn # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate # allow access to the master CA path /certificate/ca auth no method find allow * path /certificate/ auth no method find allow * path /certificate_request auth no method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any It seems as though the puppet is running: 4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log But I cant even telnet to port 8139 on the localhost to test that the port is open. Can any one please help? Any suggestions welcome, I have copied the /etc/puppet/*.conf files from another working server. Please Help! -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Puppet client not listening on port 8139
On Oct 9, 2012, at 11:35 PM, Pondy wrote: Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139. ... It seems as though the puppet is running: 4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log That's the puppet client. You want to start the puppetmaster with service puppetmaster start to get the server. As per the other replier, default port is 8140 unless you've changed it in the config. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client not listening on port 8139
Hi All, thanks for your input. So, I am talking about the puppet client. The puppet master server and all other clients seem to be working ok. I am also unable to telnet locally to port 8139 or 8140. On Thursday, 11 October 2012 04:30:21 UTC+10, Jo wrote: On Oct 9, 2012, at 11:35 PM, Pondy wrote: Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139. ... It seems as though the puppet is running: 4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log That's the puppet client. You want to start the puppetmaster with service puppetmaster start to get the server. As per the other replier, default port is 8140 unless you've changed it in the config. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/skdRN9Ej2uwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client not listening on port 8139
On 2012-10-10 18:37, Pondy wrote: Hi All, thanks for your input. So, I am talking about the puppet client. ah oops sorry, I'm not used to dealing with this option :\ my bad The puppet master server and all other clients seem to be working ok. I am also unable to telnet locally to port 8139 or 8140. hmm this is weird. in your original post you showed us that there were no iptables rules, and you do have listen = true in your puppet.conf. do you see the port as open and listening with netstat? -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Puppet client not listening on port 8139
Hi Gabrielle, Yes, I have listen = true and I cannot see that port open with netstat... I am truly confused, theres not much showing in the logs either. Thanks! On Thursday, 11 October 2012 09:46:31 UTC+10, Lelutin wrote: On 2012-10-10 18:37, Pondy wrote: Hi All, thanks for your input. So, I am talking about the puppet client. ah oops sorry, I'm not used to dealing with this option :\ my bad The puppet master server and all other clients seem to be working ok. I am also unable to telnet locally to port 8139 or 8140. hmm this is weird. in your original post you showed us that there were no iptables rules, and you do have listen = true in your puppet.conf. do you see the port as open and listening with netstat? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client can't get certificate
Hi All, I apologize for what I'm sure is a very boneheaded question, but I'm stuck. I have a number of puppet agents all talking to the same master. Things worked great until at some point one of the agents stopped talking to the master - I'm not sure why that happened. I decided to wipe its key from the master and start fresh. Unfortunately I haven't had any luck getting them to play nicely. The agent is running 2.7.11. The master is running 2.7.1. They can ping, do hostname lookups, etc to each other. When I attempt a manual update from the agent I see: ubuntu@agent:~$ sudo puppet agent --onetime --no-daemonize --verbose warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled Doing a sudo puppet cert list on the master shows nothing pending. Running the server with debugging turned on shows the following: ubuntu@puppet:/var/lib$ sudo puppetmasterd --no-daemonize --debug --verbose ...startup... info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[^/node/([^/]+)$]: allowing 'method' find info: access[^/node/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: Inserting default '/status'(auth) ACL because none were found in '/etc/puppet/auth.conf' info: Could not find certificate for 'agent.foo.com' info: Could not find certificate for 'agent.foo.com' info: Could not find certificate for 'agent.foo.com' I tried generating a key on the server (even though it said there was no pending request) with: cert generate agent.foo.com However, the client then reported: ubuntu@agent:~$ sudo puppet agent --onetime --no-daemonize --verbose --waitforcert 120 err: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 51:E2:EC:3B:28:39:FB:24:95:38:AD:FE:D0:89:8C:93 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean agent.foo.com On the agent: rm -f /var/lib/puppet/ssl/certs/agent.foo.com.pem puppet agent -t I followed those instructions, but now am back at the beginning... If anybody has ideas on things I might try I'd really appreciate it! Sorry if I didn't include the right info. /var/log/syslog seemed pretty empty. Thanks, - mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4P4Iu7xlZIwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER
You should spend some time and determine how and why that is happening. I can assure you that it's not normal, so this is something specific to some custom code on your site. On Aug 19, 2012, at 10:56 AM, Stuart Cracraft wrote: I am seriously thinking of putting those recursive chown's in root crontab on puppet masters and puppet agents for /etc/puppet* and /var/lib/puppet* I shouldn't have to do this but have seen cases of ownership reversion. --Stuart Via Apple iPhone 4S on the ATT Wireless Network On Aug 13, 2012, at 3:04 AM, Frederik Vos inktvi...@gmail.com wrote: For the people still looking for an answer: chown -R puppet:puppet /var/lib/puppet/reports Op woensdag 30 maart 2011 21:02:43 UTC+2 schreef hyzhang het volgende: Thank. I am pasting the entire message here: Mar 30 14:01:04 puppetclient1 puppet-agent[28571]: Could not request certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html head meta http-equiv=Content-Type content=text/html; charset=UTF-8 meta name=generator content=Phusion Passenger titleRuby (Rack) application could not be started/ title style type=text/css body { font- family: Verdana, 'Bitstream Vera Sans', Arial, Sans-Serif; font-size: 10pt;background: white; color: #22; margin: 0; padding-top: 3em; padding- bottom: 3em;padding-left: 4.5em;padding-right: 4.5em; } h1 { font-size: 17pt;font-weight: medium;color: #533e72; border-bottom: 1px solid #533e72; } h1.title { margin-top: 0; } h1.error_title { color: red; border-bottom: 1px solid red; } a {text-decoration: none; } a:hover { text-decoration: underline; } dt { font-weight: bold; color: #280050; } dd { margin-top: 0.5em; margin-bottom: 1em; } .commands { border: 1px Somehow I am able to get the certificate for the client. Since above error message says Ruby (Rack) application could not be started, I did #rackup /usr/share/puppet/rack/puppetmasterd/config.ru Then I see the rack process on puppet server #ps -ef|grep rack puppet 27140 1 0 14:21 ?00:00:00 Rack: /usr/share/ puppet/rack/puppetmasterd From then on the server is able to receive the client certificate request and sign it. Do I have to start the rack manually in a manner like that? I thought if I start httpd service, it would start rack automatically. I am still not sure if I did everything right. Thanks, -Haiyan On Mar 30, 2:38 pm, Hugo Cisneiros (Eitch) hugo.cisnei...@gmail.com wrote: On Wed, Mar 30, 2011 at 3:00 PM, hyzhang hyzh...@jcvi.org wrote: Hi, I am new to puppet. I have puppet server set up with passenger. But when I start puppetd from client, I see following error in the syslog file: Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html head meta http-equiv=Content-Type content=text/html; charset=UTF-8 meta name=generator content=Phusion Passenger titleRuby (Rack) application could not be started/ title You didn't paste the most important part of the error. Thie page ruby/rack generates usually have some pretty useful information in an error field. Like a module missing on an import/require, permission problems, and so on. Please identify and post the error so we can be helpful :) -- []'s Hugowww.devin.com.br -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ltKL6JvCWQEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER
Have you confirmed that puppet master is running as user = puppet? On the master check: puppet --genconfig|grep user Mark From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Jo Rhett Sent: Monday, August 20, 2012 1:03 PM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER You should spend some time and determine how and why that is happening. I can assure you that it's not normal, so this is something specific to some custom code on your site. On Aug 19, 2012, at 10:56 AM, Stuart Cracraft wrote: I am seriously thinking of putting those recursive chown's in root crontab on puppet masters and puppet agents for /etc/puppet* and /var/lib/puppet* I shouldn't have to do this but have seen cases of ownership reversion. --Stuart Via Apple iPhone 4S on the ATT Wireless Network On Aug 13, 2012, at 3:04 AM, Frederik Vos inktvi...@gmail.com wrote: For the people still looking for an answer: chown -R puppet:puppet /var/lib/puppet/reports Op woensdag 30 maart 2011 21:02:43 UTC+2 schreef hyzhang het volgende: Thank. I am pasting the entire message here: Mar 30 14:01:04 puppetclient1 puppet-agent[28571]: Could not request certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html head meta http-equiv=Content-Type content=text/html; charset=UTF-8 meta name=generator content=Phusion Passenger titleRuby (Rack) application could not be started/ title style type=text/css body { font- family: Verdana, 'Bitstream Vera Sans', Arial, Sans-Serif; font-size: 10pt;background: white; color: #22; margin: 0; padding-top: 3em; padding- bottom: 3em;padding-left: 4.5em;padding-right: 4.5em; } h1 { font-size: 17pt;font-weight: medium;color: #533e72; border-bottom: 1px solid #533e72; } h1.title { margin-top: 0; } h1.error_title { color: red; border-bottom: 1px solid red; } a {text-decoration: none; } a:hover { text-decoration: underline; } dt { font-weight: bold; color: #280050; } dd { margin-top: 0.5em; margin-bottom: 1em; } .commands { border: 1px Somehow I am able to get the certificate for the client. Since above error message says Ruby (Rack) application could not be started, I did #rackup /usr/share/puppet/rack/puppetmasterd/config.ru Then I see the rack process on puppet server #ps -ef|grep rack puppet 27140 1 0 14:21 ?00:00:00 Rack: /usr/share/ puppet/rack/puppetmasterd From then on the server is able to receive the client certificate request and sign it. Do I have to start the rack manually in a manner like that? I thought if I start httpd service, it would start rack automatically. I am still not sure if I did everything right. Thanks, -Haiyan On Mar 30, 2:38 pm, Hugo Cisneiros (Eitch) hugo.cisnei...@gmail.com wrote: On Wed, Mar 30, 2011 at 3:00 PM, hyzhang hyzh...@jcvi.org wrote: Hi, I am new to puppet. I have puppet server set up with passenger. But when I start puppetd from client, I see following error in the syslog file: Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html head meta http-equiv=Content-Type content=text/html; charset=UTF-8 meta name=generator content=Phusion Passenger titleRuby (Rack) application could not be started/ title You didn't paste the most important part of the error. Thie page ruby/rack generates usually have some pretty useful information in an error field. Like a module missing on an import/require, permission problems, and so on. Please identify and post the error so we can be helpful :) -- []'s Hugowww.devin.com.br -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ltKL6JvCWQEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users
[Puppet Users] puppet client environment is being ignored from foreman settings
Hi experts . i am runnig foreman 1 puppetmaster 2.7.18 i have setup a test client machine . on foreman i have configured the new client to be part of the development environment . on the client i have setup that it will run the following from site.pp to debug information . notify { environment: message = $environment when i run on the client . puppet agent--test --debug --verbose i get Notify[environment]/message: defined 'message' as 'production' allthought on foreman this client is setup as development when i add the environment = development on the client /etc/puppet.puppet.conf the client get Notify[environment]/message: defined 'message' as 'development' which is ok . BTW in foreman = settings i have default_puppet_environment = testing which is beeing ignored via the client . is this normal that i need to override the foreman client setting . with a environment = development on the client /etc/puppet.puppet.conf thank you -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/JF3PZ63IdjAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet client environment is being ignored from foreman settings
Hi Yaniv, Do you have the environment defined in puppet.conf on the agent and use Foreman as an ENC? If so, you're probably seeing http://projects.puppetlabs.com/issues/3910. Some users are getting around this bug by adding functionality to the ENC script that validates the environment defined in Foreman against the one in the host's puppet.conf. Someone who has done this might be able to help you on the foreman-users list. -Sam On Thu, Aug 16, 2012 at 11:05 AM, Yaniv Fine yanivf...@gmail.com wrote: Hi experts . i am runnig foreman 1 puppetmaster 2.7.18 i have setup a test client machine . on foreman i have configured the new client to be part of the development environment . on the client i have setup that it will run the following from site.pp to debug information . notify { environment: message = $environment when i run on the client . puppet agent--test --debug --verbose i get Notify[environment]/message: defined 'message' as 'production' allthought on foreman this client is setup as development when i add the environment = development on the client /etc/puppet.puppet.conf the client get Notify[environment]/message: defined 'message' as 'development' which is ok . BTW in foreman = settings i have default_puppet_environment = testing which is beeing ignored via the client . is this normal that i need to override the foreman client setting . with a environment = development on the client /etc/puppet.puppet.conf thank you -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/JF3PZ63IdjAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet client environment is being ignored from foreman settings
Yaniv, I was asking if you happen to have an environment defined on your agent in puppet.conf. Anyhow, we can handle this over on foreman-users :) -Sam On Thu, Aug 16, 2012 at 1:01 PM, Yaniv Fine yanivf...@gmail.com wrote: Why do i have to define environment in puppet.conf on the agent . Isnt defining the host in a group on foreman good enugh ? .in general there could be a conflict . Btw when i configure env in puppet.conf it does work like expected but it ignored the setting related to env .in foreman On Aug 16, 2012 7:19 PM, Sam Kottler s...@kottlerdevelopment.com wrote: Hi Yaniv, Do you have the environment defined in puppet.conf on the agent and use Foreman as an ENC? If so, you're probably seeing http://projects.puppetlabs.com/issues/3910. Some users are getting around this bug by adding functionality to the ENC script that validates the environment defined in Foreman against the one in the host's puppet.conf. Someone who has done this might be able to help you on the foreman-users list. -Sam On Thu, Aug 16, 2012 at 11:05 AM, Yaniv Fine yanivf...@gmail.com wrote: Hi experts . i am runnig foreman 1 puppetmaster 2.7.18 i have setup a test client machine . on foreman i have configured the new client to be part of the development environment . on the client i have setup that it will run the following from site.pp to debug information . notify { environment: message = $environment when i run on the client . puppet agent--test --debug --verbose i get Notify[environment]/message: defined 'message' as 'production' allthought on foreman this client is setup as development when i add the environment = development on the client /etc/puppet.puppet.conf the client get Notify[environment]/message: defined 'message' as 'development' which is ok . BTW in foreman = settings i have default_puppet_environment = testing which is beeing ignored via the client . is this normal that i need to override the foreman client setting . with a environment = development on the client /etc/puppet.puppet.conf thank you -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/JF3PZ63IdjAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client only install on Gentoo
Hi, I'm using Gentoo and puppet-2.6.12. The puppet master and client are wrapped up in the same package, app-admin/puppet. Can someone suggest a simple way of installing only the puppet client (I'm new to Gentoo)? Thanks, P. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client server connection refused when I use puppet kick
I have very strange problem. I set up puppet client on serveral servers but have problem with one of them. When I invoke: root@www ~ # puppet agent --server puppetmaster.domain.ltd --test notice: Ignoring --listen on onetime run info: Caching catalog for puppetclient.domain.ltd info: Applying configuration version '132631' notice: Finished catalog run in 3.15 seconds everything works ok. New changes are applied to system. When I try to pull changes to client from server: root@www ~ # puppet kick puppetclient.domain.ltd I got errors on client's syslog: Jan 15 14:01:23 www puppet-agent[20903]: triggered run Jan 15 14:01:24 www puppet-agent[20903]: Could not retrieve catalog from remote server: Connection refused - connect(2) Jan 15 14:01:24 www puppet-agent[20903]: Using cached catalog Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Cronapt/ File[/etc/cron.daily/cronapt]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///cronapt/cronapt: Connection refused - connect(2) at /etc/puppet/modules/cronapt/ manifests/init.pp:7 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/usr/lib/nagios/plugins/]) Failed to generate additional resources using 'eval_generate: Connection refused - connect(2) Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/usr/lib/nagios/plugins/]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/usr/lib/nagios/plugins: Connection refused - connect(2) at /etc/puppet/modules/nagios/ manifests/init.pp:27 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/etc/nagios/nrpe.cfg]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/etc/nagios/nrpe.cfg: Connection refused - connect(2) at /etc/puppet/modules/nagios/ manifests/init.pp:18 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ Exec[/etc/init.d/nagios-nrpe-server reload]) Dependency File[/etc/ nagios/nrpe.cfg] has failures: true Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ Exec[/etc/init.d/nagios-nrpe-server reload]) Skipping because of failed dependencies Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ File[/etc/apache2/conf.d/deny.conf]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/etc/apache2/conf.d/deny.conf: Connection refused - connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:7 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ Service[apache2]) Dependency File[/etc/apache2/conf.d/deny.conf] has failures: true Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ Service[apache2]) Skipping because of failed dependencies Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/etc/nagios/cfg.d/]) Failed to generate additional resources using 'eval_generate: Connection refused - connect(2) Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/etc/nagios/cfg.d/]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/etc/nagios/cfg.d: Connection refused - connect(2) at /etc/puppet/modules/nagios/ manifests/init.pp:37 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ File[/etc/apache2/.htpasswd]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/etc/apache2/.htpasswd: Connection refused - connect(2) at /etc/puppet/modules/apache2/ manifests/init.pp:31 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ File[/usr/share/phpmyadmin/.htaccess]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/usr/share/phpmyadmin/.htaccess: Connection refused - connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:23 Jan 15 14:01:24 www puppet-agent[20903]: Finished catalog run in 0.33 seconds Jan 15 14:01:24 www puppet-agent[20903]: Could not send report: Connection refused - connect(2) Here are configuration files at puppetclient.domain.ltd puppet.conf [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true runinterval=1800 splay=true summarize = true auth.conf: path / method find, search, save auth yes allow puppetmaster.domain.ltd namespaceauth.conf [fileserver] allow * [puppetmaster] allow * [puppetrunner] allow * [puppetbucket] allow * [puppetreports] allow * [resource] allow * Puppet master version 2.7.9 Puppet client version 2.7.6
[Puppet Users] Puppet client port to be open
Hi, Just a quick question. In order for puppet run to execute successfully on puppet client (ubuntu 10.04), the port 8139 on puppet client should be open and listening correct? Do we also require that port 8140 be open and running on puppet client? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
AW: [Puppet Users] puppet client can not pull configuration from puppetmaster
Can you be a little bit more precise please? What are you doing exactly, which commands? What is not working? Any error messages in syslog? Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Javid Mehraban Gesendet: Mittwoch, 9. November 2011 15:21 An: Puppet Users Betreff: [Puppet Users] puppet client can not pull configuration from puppetmaster hello everybody, I am new to puppet world. I have a problem. I can push the configuration toward the puppet agent. but in returen the puppet agent can pull the configuration from the puppetmaster. If anybody wil help me I will be thankful in advance Best Regards, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet- users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client can not pull configuration from puppetmaster
hello everybody, I am new to puppet world. I have a problem. I can push the configuration toward the puppet agent. but in returen the puppet agent can pull the configuration from the puppetmaster. If anybody wil help me I will be thankful in advance Best Regards, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client starting problem !!
Hi, On 10/31/2011 07:47 AM, Swati Longia wrote: I don't even have normal linux commands like useradd or groupadd in this OS. is this a requirement? Because: /err: Could not create resources for managing Puppet's files and directories in sections [:main, :agent, :ssl]: Could not find a default provider for user/ Puppet doesn't seem to be able to work in this environment. Your basic installation should really comprise the most basic toolchain, including useradd. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client starting problem !!
Hi, I have installed puppet 2.7.5 from tar on open suse 10.1. My ruby version is 1.8.5 and facter version is 1.6.2. The opensuse OS is pretty minimalistic. I don't even have normal linux commands like useradd or groupadd in this OS. When I run the master it runs completely fine. *puppetmasterd --server puppetmaster.mydomain.com --verbose --no-daemon* *notice: Starting Puppet master version 2.7.5* But when I try running the puppet client, the hostname for that client is * Proc_m0_s2*, it gives me error. *puppetd --server puppetmaster.mydomain.com --verbose --no-daemon* *warning: iconv doesn't seem to support UTF-8/UTF-16 conversions* *err: Could not create resources for managing Puppet's files and directories in sections [:main, :agent, :ssl]: Could not find a default provider for user* *err: Could not create resources for managing Puppet's files and directories in sections [:main, :ssl]: Could not find a default provider for user* *info: Creating a new SSL key for proc_m0_s2.tspinternal* *err: Could not request certificate: Could not write /etc/puppet/ssl/private_keys/proc_m0_s2.tspinternal.pem to privatekeydir: Could not find a default provider for user* *info: Creating a new SSL key for proc_m0_s2.tspinternal* *err: Could not request certificate: Could not write /etc/puppet/ssl/private_keys/proc_m0_s2.tspinternal.pem to privatekeydir: Could not find a default provider for user* I tried googling for this error but without any result. Please someone help !! I have a deadline before which I need to get the master and client configuration done correctly. Thanks !! Regards, Swati Nothing is too small to know, and nothing too big to attempt. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client dying without errors
From the debug mode logs, ruby was having trouble with LDAP. Debug Error message: ruby: ../../../libraries/libldap/error.c:273: ldap_parse_result: Assertion `r != ((void *)0)' failed Is there way I can exclude puppet not to look up LDAP to avoid this situation? I did try adding following entry in /etc/ldap.conf but didn't help. nss_initgroups_ignoreusers root -Basil On Fri, Sep 2, 2011 at 11:41 AM, Christopher Wood christopher_w...@pobox.com wrote: On Thu, Sep 01, 2011 at 08:31:55PM -0400, Basil Baby wrote: Few of my puppet clients (puppet 0.24.8,� ruby 1.8.5, facter 1.5.2) are dying with out any error messages on on syslog.� I cannot see much system resource usage on these nodes. What is the best way to troubleshoot the root cause of the problem? Without having huge scads of puppet knowledge, if they die frequently enough perhaps running one of these in the foreground with debug/tee to see if they spit out any interesting messages? See puppet agent -h for your exact command line parameters, but something like: puppet agent --no-daemonize --debug 21 | tee /var/tmp/p1.log -Basil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client dying without errors
This looks much like the error we had, which was: ruby: ../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld != ((void *)0)' failed. Under CentOS/RHEL, you need to upgrade the version of nss_ldap to 253-37.el5_6.1 (or later) Bug details: https://bugzilla.redhat.com/show_bug.cgi?id=684889 and https://bugzilla.redhat.com/show_bug.cgi?id=703831 Bug fix advisory: http://rhn.redhat.com/errata/RHBA-2011-0514.html Note that things other than puppet will be affected by this problem, such as ssh connections! BTW, your nss_initgroups_ignoreusers addition looks correct. On 23 September 2011 07:53, Basil Baby basilb...@gmail.com wrote: From the debug mode logs, ruby was having trouble with LDAP. Debug Error message: ruby: ../../../libraries/libldap/error.c:273: ldap_parse_result: Assertion `r != ((void *)0)' failed Is there way I can exclude puppet not to look up LDAP to avoid this situation? I did try adding following entry in /etc/ldap.conf but didn't help. nss_initgroups_ignoreusers root -Basil On Fri, Sep 2, 2011 at 11:41 AM, Christopher Wood christopher_w...@pobox.com wrote: On Thu, Sep 01, 2011 at 08:31:55PM -0400, Basil Baby wrote: Few of my puppet clients (puppet 0.24.8,� ruby 1.8.5, facter 1.5.2) are dying with out any error messages on on syslog.� I cannot see much system resource usage on these nodes. What is the best way to troubleshoot the root cause of the problem? Without having huge scads of puppet knowledge, if they die frequently enough perhaps running one of these in the foreground with debug/tee to see if they spit out any interesting messages? See puppet agent -h for your exact command line parameters, but something like: puppet agent --no-daemonize --debug 21 | tee /var/tmp/p1.log -Basil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client dying without errors
Thanks for the help! As per RedHat release note, the updates on the package is promising. Updated nss_ldap on couple hosts to see whether it fixes the problem or not. -Basil On Thu, Sep 22, 2011 at 7:08 PM, Iain Sutton iainsut...@gmail.com wrote: This looks much like the error we had, which was: ruby: ../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld != ((void *)0)' failed. Under CentOS/RHEL, you need to upgrade the version of nss_ldap to 253-37.el5_6.1 (or later) Bug details: https://bugzilla.redhat.com/show_bug.cgi?id=684889 and https://bugzilla.redhat.com/show_bug.cgi?id=703831 Bug fix advisory: http://rhn.redhat.com/errata/RHBA-2011-0514.html Note that things other than puppet will be affected by this problem, such as ssh connections! BTW, your nss_initgroups_ignoreusers addition looks correct. On 23 September 2011 07:53, Basil Baby basilb...@gmail.com wrote: From the debug mode logs, ruby was having trouble with LDAP. Debug Error message: ruby: ../../../libraries/libldap/error.c:273: ldap_parse_result: Assertion `r != ((void *)0)' failed Is there way I can exclude puppet not to look up LDAP to avoid this situation? I did try adding following entry in /etc/ldap.conf but didn't help. nss_initgroups_ignoreusers root -Basil On Fri, Sep 2, 2011 at 11:41 AM, Christopher Wood christopher_w...@pobox.com wrote: On Thu, Sep 01, 2011 at 08:31:55PM -0400, Basil Baby wrote: Few of my puppet clients (puppet 0.24.8,� ruby 1.8.5, facter 1.5.2) are dying with out any error messages on on syslog.� I cannot see much system resource usage on these nodes. What is the best way to troubleshoot the root cause of the problem? Without having huge scads of puppet knowledge, if they die frequently enough perhaps running one of these in the foreground with debug/tee to see if they spit out any interesting messages? See puppet agent -h for your exact command line parameters, but something like: puppet agent --no-daemonize --debug 21 | tee /var/tmp/p1.log -Basil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client dying without errors
Few of my puppet clients (puppet 0.24.8, ruby 1.8.5, facter 1.5.2) are dying with out any error messages on on syslog. I cannot see much system resource usage on these nodes. What is the best way to troubleshoot the root cause of the problem? -Basil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client dying without errors
On Thu, Sep 01, 2011 at 08:31:55PM -0400, Basil Baby wrote: Few of my puppet clients (puppet 0.24.8,� ruby 1.8.5, facter 1.5.2) are dying with out any error messages on on syslog.� I cannot see much system resource usage on these nodes. What is the best way to troubleshoot the root cause of the problem? Without having huge scads of puppet knowledge, if they die frequently enough perhaps running one of these in the foreground with debug/tee to see if they spit out any interesting messages? See puppet agent -h for your exact command line parameters, but something like: puppet agent --no-daemonize --debug 21 | tee /var/tmp/p1.log -Basil -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client do-overs
On Jun 30, 2011, at 8:21 PM, Nathan Clemons wrote: What problem do you have with puppetstoreconfigclean.rb? The problem I usually have is that I forget it has to be run as root on the puppetmaster, I keep thinking I need to run it on the client machine. The other issue I fixed... PEBKAC naturally # ruby puppetstoredconfigclean.rb ubuntu.ttinet puppetstoredconfigclean.rb:54:in `require': no such file to load -- puppet/rails (LoadError) from puppetstoredconfigclean.rb:54 root@ubuntu:/etc/puppet# which ruby /usr/local/bin/ruby root@ubuntu:/etc/puppet# gem list --local *** LOCAL GEMS *** abstract (1.0.0) actionmailer (3.0.4) actionpack (3.0.4) activeldap (1.2.4) activemodel (3.0.4) activerecord (3.0.4, 2.3.12) activeresource (3.0.4) activesupport (3.0.4, 2.3.12) arel (2.0.8) builder (2.1.2) bundler (1.0.10) daemon_controller (0.2.6) erubis (2.6.6) facter (1.5.9) fast_gettext (0.5.8) fastthread (1.0.7) file-tail (1.0.5) gettext_i18n_rails (0.2.2) i18n (0.5.0) json (1.5.2) locale (2.0.5) mail (2.2.15) mime-types (1.16) mysql (2.8.1) passenger (3.0.7) polyglot (0.3.1) puppet (2.6.8) rack (1.2.1) rack-mount (0.6.13) rack-test (0.5.7) rails (3.0.4) railties (3.0.4) rake (0.8.7) ruby-ldap (0.9.11) spruz (0.2.5) thor (0.14.6) treetop (1.4.9) tzinfo (0.3.24) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client do-overs
I am pulling in the 'client' intended version of puppet.conf on my puppetmaster system - probably because I had a package that required a class it shouldn't have and I have fixed that (I think - hard to test) but even after killing off all puppetd processes, clearing out /var/lib/puppet/client_yaml/* and /var/lib/puppet/state/* and restarting puppetd they just seem to reload the specific mod_puppet classes that it shouldn't. Perhaps it is a stored config and I've tried running puppetstoredconfigclean.rb without any success (user stupidity for not knowing what this host file is supposed to look like). How can I get a fresh start with a client so it operates only on the classes it is configured to use? Craig -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client do-overs
What problem do you have with puppetstoreconfigclean.rb? The problem I usually have is that I forget it has to be run as root on the puppetmaster, I keep thinking I need to run it on the client machine. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Thu, Jun 30, 2011 at 9:59 AM, Craig White craig.wh...@ttiltd.com wrote: I am pulling in the 'client' intended version of puppet.conf on my puppetmaster system - probably because I had a package that required a class it shouldn't have and I have fixed that (I think - hard to test) but even after killing off all puppetd processes, clearing out /var/lib/puppet/client_yaml/* and /var/lib/puppet/state/* and restarting puppetd they just seem to reload the specific mod_puppet classes that it shouldn't. Perhaps it is a stored config and I've tried running puppetstoredconfigclean.rb without any success (user stupidity for not knowing what this host file is supposed to look like). How can I get a fresh start with a client so it operates only on the classes it is configured to use? Craig -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client not receiving cert
hello list!! I'm having an issue where a client is not receiving it's cert [root@ec2-50-16-98-245 ~]# puppetd -t --waitforcert 15 --server puppet.example.net info: Creating a new SSL key for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com info: Certificate Request fingerprint (md5): 93:17:4C:99:18:B9:8C:68:4E:2A:89:76:A4:28:04:81 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate although the server is running and listening on 8140 [root@puppet ~]# lsof -i :8140 COMMANDPID USER FD TYPE DEVICE SIZE NODE NAME puppetmas 1694 puppet7u IPv4 7222 TCP *:8140 (LISTEN) and nmap confirms port is open Starting Nmap 5.21 ( http://nmap.org ) at 2011-05-12 14:50 EDT Nmap scan report for puppet.example.net (xx.xx.xxx.xxx) Host is up (0.014s latency). rDNS record for xx.xx.xxx.xxx: ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com PORT STATE SERVICE 8140/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds http is running [root@puppet puppet]# service httpd status httpd (pid 3606) is running... but the only errors I see are 404's the only logs in the /var/log/masterhttp.log [2011-05-12 15:35:54] - - /production/certificate/portero-fs.ec2.internal [2011-05-12 15:35:55] ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com - - [12/May/2011:15:35:55 EDT] GET /production/certificate/ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com HTTP/1.1 404 but the puppet client runs well on the puppet server itself... [root@puppet puppet]# puppetd -t info: Loading facts in mysql info: Loading facts in configured_ntp_servers info: Loading facts in mysql info: Loading facts in configured_ntp_servers info: Caching catalog for puppet.acadaca.net info: /Stage[main]/Centos/Tidy[/var/lib/amanda]: File does not exist info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/c5-media.repo]: File does not exist info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/CentOS.repo]: File does not exist info: /Stage[main]/Apache/Tidy[/etc/httpd/conf.d/ssl.conf]: File does not exist info: Applying configuration version '1305227995' notice: /Stage[main]/Centos/Exec[import dag key]/returns: executed successfully notice: /Stage[main]/Centos/Exec[import webtatic key]/returns: executed successfully notice: /Stage[main]/Centos/Exec[import remi key]/returns: executed successfully notice: Finished catalog run in 4.84 seconds I would appreciate any advice you may have... thanks! tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client 'certificate verify failed'
On 04/13/2011 05:11 AM, Martin Orda wrote: Hi, I've looked in the archives and elsewhere but couldn't find a solution to the issue I'm having. I'm running puppet with an external CA that I manage myself (ca=false for puppetmasterd) puppetmasterd is behind nginx reverse proxy. On the client I'm getting: root@web01:~# puppet agent --verbose --no-daemonize --onetime err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed notice: Using cached catalog err: Could not retrieve catalog; skipping run The puppetmaster's fqdn is excel.example.com and the SSL settings on the master shouldn't really matter since nginx is the SSL endpoint in this scenario. Could you have a look at the below (also available as http://pastie.org/1789339) and let me know if my config is sensible or if you can spot anything incorrect? Hi, as a matter of fact, I don't see where you're telling the client to talk to excel.example.com (puppet agent's server parameter). As is, the agent probably just talks to puppet. If your master cert is for excel and not puppet, you're bound to get errors. If setting this doesn't help, you should use openssl s_client to query your master's certificate and find out why a client would fail its verification. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client 'certificate verify failed'
Hi, I've looked in the archives and elsewhere but couldn't find a solution to the issue I'm having. I'm running puppet with an external CA that I manage myself (ca=false for puppetmasterd) puppetmasterd is behind nginx reverse proxy. On the client I'm getting: root@web01:~# puppet agent --verbose --no-daemonize --onetime err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed notice: Using cached catalog err: Could not retrieve catalog; skipping run The puppetmaster's fqdn is excel.example.com and the SSL settings on the master shouldn't really matter since nginx is the SSL endpoint in this scenario. Could you have a look at the below (also available as http://pastie.org/1789339) and let me know if my config is sensible or if you can spot anything incorrect? Upon puppet agent's invocation, no private keys or CSRs are created which was my goal yet the verification fails. Below I've shown that the checksums for the certificates used by both the client and master are the same. Could you tell me (or point to a relevant explanation) what is being verified in this process? *** puppetmaster (excel): /etc/puppet/puppet.conf: [main] ca=false ssldir=/etc/ssl cadir=$ssldir publickeydir=$ssldir/public privatekeydir=$ssldir/private certdir=$ssldir/certs vardir=/var/lib/puppet localcacert = $certdir/ca-example.pem [agent] vardir = /var/lib/puppet logdir = /var/log/puppet templatedir = /var/lib/puppet/templates factpath = $vardir/lib/facter hostcert = $certdir/$certname.pem hostprivkey = $privatedir/$certname.pem hostpubkey = $publickeydir/$certname.pem [master] certname = puppet.example.com servertype = mongrel Relevant parts of /etc/nginx/sites-enabled/default: server { listen 8140; ssl on; ssl_verify_client on; ssl_session_timeout 5m; ssl_certificate /etc/ssl/certs/puppet.example.com.crt; ssl_certificate_key /etc/ssl/private/puppet.example.com.pem; ssl_client_certificate /etc/ssl/certs/ca-example.crt; #ssl_crl /etc/ssl/crl.pem; } SSL certs: excel:/etc# for i in `find /etc/ssl/ -name '*.pem'`; do md5sum $i; done 295340125c63ae9d64a87efc17135fec /etc/ssl/certs/ca-example.pem 7dbfce2a18002180a89df1853885273c /etc/ssl/certs/puppet.example.com.pem 6e33bd09dde9df47274a2ff1e06c1727 /etc/ssl/certs/web01.example.com.pem ce15583b70c297f1be3c07b6c2f9828a /etc/ssl/private/ca-example.pem f724911baa98c21291fe4eba4082266a /etc/ssl/private/puppet.example.com.pem a38699481a609f32fab4374b5e51f4b0 /etc/ssl/private/web01.example.com.pem 5c269566c26c1f268df08b8162e388aa /etc/ssl/crl.pem 39571a88f872fa33256692f7e97d266f /etc/ssl/public/ca-example.pem 2bf6ed6843c4e523c0e0c6f387fd792b /etc/ssl/public/puppet.example.com.pem 94ab66cac55b88c5e8bf02b8a774187d /etc/ssl/public/web01.example.com.pem *** puppet client (web01): /etc/puppet/puppet.conf: [main] ca=false ssldir=/etc/ssl cadir=$ssldir publickeydir=$ssldir/public #privatedir=$ssldir/private privatekeydir=$ssldir/private certdir=$ssldir/certs [agent] vardir = /var/lib/puppet logdir = /var/log/puppet templatedir = /var/lib/puppet/templates factpath = $vardir/lib/facter localcacert = $certdir/ca-example.pem hostprivkey = /etc/ssl/private/web01.example.com.pem hostpubkey = $publickeydir/$certname.pem SSL certs: root@web01:~# for i in `find /etc/ssl -name '*.pem'`; do md5sum $i; done a38699481a609f32fab4374b5e51f4b0 /etc/ssl/private/web01.example.com.pem 6e33bd09dde9df47274a2ff1e06c1727 /etc/ssl/certs/web01.example.com.pem 295340125c63ae9d64a87efc17135fec /etc/ssl/certs/ca-example.pem 94ab66cac55b88c5e8bf02b8a774187d /etc/ssl/public/web01.example.com.pem 39571a88f872fa33256692f7e97d266f /etc/ssl/public/ca-example.pem 5c269566c26c1f268df08b8162e388aa /etc/ssl/crl.pem excel:~# date; ssh 172.19.80.212 date Wed Apr 13 02:36:23 BST 2011 Wed Apr 13 02:36:23 BST 2011 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet client certs dns
On 04/01/2011 08:23 PM, FRLinux wrote: Hello, First off, forgive me if that has been discussed before. Has there been any thought given to using dns records queried from the IP of a host where puppet is installed? Reason I'm asking is we had an issue in which our fqdn got screwed up in /etc/hosts in the form of node.example instead of host.example.com and that led to the server signing the cert for the host (yeah bad, we use auto signing) as node.example which of course was not a valid host declared in sites. This is not a rant, just a question. Thanks for anyone who can shed any light on this. Hi, certification can be painful at times, but I don't see the real problem you had with requesting a signature on a badly named cert? You can always just revoke it on the master and have your client issue a new CSR. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet client certs dns
On Mon, Apr 4, 2011 at 9:50 AM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: certification can be painful at times, but I don't see the real problem you had with requesting a signature on a badly named cert? You can always just revoke it on the master and have your client issue a new CSR. Hello, Thanks for your response, my point was more that if puppet relied on querying the FQDN for the box, it would request the right cert all the time. Cheers, Steph -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client certs dns
Hello, First off, forgive me if that has been discussed before. Has there been any thought given to using dns records queried from the IP of a host where puppet is installed? Reason I'm asking is we had an issue in which our fqdn got screwed up in /etc/hosts in the form of node.example instead of host.example.com and that led to the server signing the cert for the host (yeah bad, we use auto signing) as node.example which of course was not a valid host declared in sites. This is not a rant, just a question. Thanks for anyone who can shed any light on this. Cheers, Steph -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client could not request certificate: Error 500 on SERVER
Hi, I am new to puppet. I have puppet server set up with passenger. But when I start puppetd from client, I see following error in the syslog file: Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html head meta http-equiv=Content-Type content=text/html; charset=UTF-8 meta name=generator content=Phusion Passenger titleRuby (Rack) application could not be started/ title I see puppetd process from the client #ps -ef|grep puppet root 28571 1 0 Mar29 ?00:00:07 /usr/bin/ruby /usr/ sbin/puppetd --server=puppet-dev.jcvi.org --logdest=syslog Can anyone tell me what the problem is here? Thanks, -Haiyan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER
On Wed, Mar 30, 2011 at 3:00 PM, hyzhang hyzh...@jcvi.org wrote: Hi, I am new to puppet. I have puppet server set up with passenger. But when I start puppetd from client, I see following error in the syslog file: Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html head meta http-equiv=Content-Type content=text/html; charset=UTF-8 meta name=generator content=Phusion Passenger titleRuby (Rack) application could not be started/ title You didn't paste the most important part of the error. Thie page ruby/rack generates usually have some pretty useful information in an error field. Like a module missing on an import/require, permission problems, and so on. Please identify and post the error so we can be helpful :) -- []'s Hugo www.devin.com.br -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client log events, centralized?
I've noticed that events for puppet client are logged locally (I'm just starting out with puppet). Is there a way to have these events sent to a central parser so they might be easily parsed/sorted/acted- upon? I probably missed a configuration directive. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client log events, centralized?
Syslog server On Wed, Oct 13, 2010 at 4:09 PM, Forrie for...@gmail.com wrote: I've noticed that events for puppet client are logged locally (I'm just starting out with puppet). Is there a way to have these events sent to a central parser so they might be easily parsed/sorted/acted- upon? I probably missed a configuration directive. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- http://about.me/scoot http://twitter.com/ohlol -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client log events, centralized?
On Wed, Oct 13, 2010 at 04:09:34PM -0700, Forrie wrote: I've noticed that events for puppet client are logged locally (I'm just starting out with puppet). Is there a way to have these events sent to a central parser so they might be easily parsed/sorted/acted- upon? I probably missed a configuration directive. http://projects.puppetlabs.com/projects/1/wiki/Reports_And_Reporting -- Bruce Get thee behind me, Stan: for it is written, thou hast gotten me into another fine mess. -- Oliver 4:8 signature.asc Description: Digital signature
Re: [Puppet Users] Puppet Client using wrong environment.
When no environment is defined it uses production, per my notes: environments = production,testing,development manifest = /opt/puppet/production/site.pp modulepath = /opt/puppet/production/modules This is part of [main]. On Wed, Mar 17, 2010 at 5:00 PM, Rob McBroom mailingli...@skurfer.comwrote: How is the environment determined when you don’t specify one? On my systems, it seems that the `--environment` option is completely ignored. I imagine this is because the external information (from LDAP in my case) always takes precedence. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Tony -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Client using wrong environment.
Finally found the issue I never looked into the /etc/puppet directory(my bad), there was the issue, a strange one although but here is what happened, in there were two files(wish I knew why there were that second if we use puppet 0.24.8): puppet.conf puppetd.conf Same content, nothing different, I don't declare the environment in there as I use it in /etc/sysconfig/puppet [app02 ~]$ grep environment /etc/puppet/puppet.conf /etc/puppet/puppetd.conf [app02 ~]$ diff /etc/puppet/puppet.conf /etc/puppet/puppetd.conf [app02 ~]# /usr/sbin/puppetd -t --environment=*development* info: Loading fact drac info: Loading fact rhelver info: Loading fact sserial info: Retrieving plugins info: Loading fact drac info: Loading fact rhelver info: Loading fact sserial info: mount[localhost]: Mounted / info: mount[modules]: Mounted info: mount[plugins]: Mounted info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run info: Loading fact drac info: Loading fact rhelver info: Loading fact sserial info: Sent transaction report in 1.47 seconds notice: Finished catalog run in 16.85 seconds [app02 ~]# grep -m2 -P development|production /var/lib/puppet/localconfig.yaml file: /opt/puppet/*production*/classes/yumrepos.pp file: /opt/puppet/*production*/classes/yumrepos.pp Fixing: *[app02 ~]# rm /etc/puppet/puppetd.conf* *rm: remove regular file `/etc/puppet/puppetd.conf'? y* [app02 ~]# /usr/sbin/puppetd -t --environment=*development* info: Loading fact drac info: Loading fact rhelver info: Loading fact sserial info: Retrieving plugins info: Loading fact drac info: Loading fact rhelver info: Loading fact sserial info: mount[localhost]: Mounted / info: mount[modules]: Mounted info: mount[plugins]: Mounted info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run info: Loading fact drac info: Loading fact rhelver info: Loading fact sserial notice: //Node[app02.example.com]/common::ldap/Sudo::Config[standard]/Package[sudo-ldap]/ensure: removed notice: //Node[app02.example.com]/common::ldap/Sudo::Config[standard]/Package[sudo]/ensure: created info: Sent transaction report in 0.37 seconds notice: Finished catalog run in 18.09 seconds [app02 ~]# grep -m2 -P development|production /var/lib/puppet/localconfig.yaml file: /opt/puppet/*development*/site.pp file: /opt/puppet/*development*/classes/common.pp So what is doing puppetd is reading both files and for some reason ignoring the --environment flag via command line or the flag in the /etc/sysconfig/puppet when bringing up the daemon with the /etc/init.d/puppet script. Doing a strace I see both files are being opened with puppetd: open(/etc/puppet/puppetd.conf, O_RDONLY) = 3 open(/etc/puppet/puppet.conf, O_RDONLY) = 4 I assume it attempts to read puppetd.conf as it was the old config file, but should it ignore the environment flag as it's doing it? Thanks On Thu, Mar 18, 2010 at 10:24 AM, Tony G. tony...@gmail.com wrote: When no environment is defined it uses production, per my notes: environments = production,testing,development manifest = /opt/puppet/production/site.pp modulepath = /opt/puppet/production/modules This is part of [main]. On Wed, Mar 17, 2010 at 5:00 PM, Rob McBroom mailingli...@skurfer.comwrote: How is the environment determined when you don’t specify one? On my systems, it seems that the `--environment` option is completely ignored. I imagine this is because the external information (from LDAP in my case) always takes precedence. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Tony -- Tony -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Client using wrong environment.
How is the environment determined when you don’t specify one? On my systems, it seems that the `--environment` option is completely ignored. I imagine this is because the external information (from LDAP in my case) always takes precedence. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client - could not parse YAML data
Any ideas? Getting this error below from only 2 out of a total of 200 clients... puppetd[26557]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse YAML data for node servername here: syntax error on line 89, col 7: `' Client and Master Puppet versions are .25.1 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client error
I was wondering if I could get help. on client [r...@linux ~]# puppetd --test --verbose info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run err: //Node[basenode]/motd/Package[motd]/ensure: change from absent to latest failed: Could not update: Could not find package motd at /etc/puppet/modules/motd/manifests/init.pp:5 notice: //Node[basenode]/motd/File[/etc/motd]: Dependency package[motd] has 1 failures notice: Finished catalog run in 9.68 seconds on puppetmaster # /etc/puppet/modules/motd/manifests/init.pp class motd { package { motd: ensure = latest } file { /etc/motd: owner = root, group = root, mode= 440, source = puppet:///motd/motd, require = Package[motd], } } Thanks Cory McKee --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Puppet client running into an error but not reporting it.
I have a situation where there is a problem with one of my manifests. The puppet client throws up an error but does not report. I don't get an email notification of the problem even though I have all: setting on the tagmail and I don't see any trace of a report on the syslog either. This is the output from the client puppetd --verbose --no-daemon notice: Starting Puppet client version 0.25.0 info: Retrieving plugin info: Caching catalog for ubuntu.panztel.local err: Could not run Puppet configuration client: Parameter unless failed: 'grep -qFx '#include /etc/asterisk/manager.conf.d/*.conf' '/etc/asterisk/manager.conf'' is both unqualifed and specified no search path at /etc/puppet/modules/common/manifests/defines/line.pp:32 I think I know what is causing the problem but at this time I am not concerned about that at all. I don't care what the problem is. I want to make sure I get notified everytime there is a problem. Here is the log on the server. Sep 25 11:27:04 nzvoip1 puppetmasterd[11320]: Reopening log files Sep 25 11:27:04 nzvoip1 puppetmasterd[11320]: Starting Puppet server version 0.25.0 Sep 25 11:27:31 nzvoip1 puppetmasterd[11320]: (Module common(/etc/puppet/modules/common)) using the deprecated 'plugins' directory for ruby extensions; please move to 'lib' Sep 25 11:27:31 nzvoip1 puppetmasterd[11320]: (Module common(/etc/puppet/modules/common)) using the deprecated 'plugins' directory for ruby extensions; please move to 'lib' Sep 25 11:27:35 nzvoip1 puppetmasterd[11320]: (/File[/var/puppet/storeconfigs.sqlite]/owner) Cannot manage ownership unless running as root Sep 25 11:27:35 nzvoip1 puppetmasterd[11320]: (/File[/var/puppet/log/rails.log]/owner) Cannot manage ownership unless running as root Sep 25 11:27:37 nzvoip1 puppetmasterd[11320]: Compiled catalog for ubuntu.panztel.local in 1.35 seconds Sep 25 11:30:01 nzvoip1 /USR/SBIN/CRON[13961]: (root) CMD ([ -x /usr/sbin/update-motd ] /usr/sbin/update-motd 2/dev/null) No report, nothing in the log file. No indication that anything went wrong. If this was in production I would never know there was a problem. The only reason I know there is a problem is because I am running the client manually with the --no-daemon option. What can I do to make sure I always get notified when something goes wrong? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] puppet client on centos5 / apt-rpm
I have puppet client on centos5, but we don't use yum to install packages, we use apt-rpm to install packages, so it would be 'apt-get install packagename' instead of 'yum install packagename'. How can I customize puppet for the above? Thanks, Hai --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] puppet client looking for server puppet
In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not request certificate: Certificate retrieval failed: Could not find server puppet Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Starting catalog run Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Finished catalog run in 0.03 seconds Am I hitting a but? Here is the detail of the ` puppetd --genconfig ' output without the comments from puppet client puppet-test [puppetd] manifest = /etc//opt/csw/puppet/manifests/site.pp bucketdir = /var//opt/csw/puppet/bucket yamldir = /var//opt/csw/puppet/yaml modulepath = /etc//opt/csw/puppet/modules:/usr/share/puppet/modules masterlog = /var//opt/csw/puppet/log/puppetmaster.log clientyamldir = /var//opt/csw/puppet/client_yaml masterhttplog = /var//opt/csw/puppet/log/masterhttp.log manifestdir = /etc//opt/csw/puppet/manifests pluginpath = /var//opt/csw/puppet/plugins factdest = /var//opt/csw/puppet/facts authconfig = /etc//opt/csw/puppet/namespaceauth.conf logdir = /var//opt/csw/puppet/log ssldir = /etc//opt/csw/puppet/ssl plugindest = /var//opt/csw/puppet/lib factsource = puppet://mypuppet.example.net/facts rundir = /var//opt/csw/puppet/run genconfig = true pluginsource = puppet://mypuppet.example.net/plugins factpath = /var//opt/csw/puppet/facts libdir = /var//opt/csw/puppet/lib statedir = /var//opt/csw/puppet/state railslog = /var//opt/csw/puppet/log/rails.log dblocation = /var//opt/csw/puppet/state/clientconfigs.sqlite3 runinterval = 60 localconfig = /var//opt/csw/puppet/state/localconfig puppetdlog = /var//opt/csw/puppet/log/puppetd.log ca_server = mypuppet.example.net statefile = /var//opt/csw/puppet/state/state.yaml server = mypuppet.example.net httplog = /var//opt/csw/puppet/log/http.log splaylimit = 60 config = /etc//opt/csw/puppet/puppet.conf reportserver = mypuppet.example.net ca_port = 8140 puppetdlockfile = /var//opt/csw/puppet/state/puppetdlock classfile = /var//opt/csw/puppet/state/classes.txt signeddir = /etc//opt/csw/puppet/ssl/ca/signed autosign = /etc//opt/csw/puppet/autosign.conf cert_inventory = /etc//opt/csw/puppet/ssl/ca/inventory.txt cacert = /etc//opt/csw/puppet/ssl/ca/ca_crt.pem caprivatedir = /etc//opt/csw/puppet/ssl/ca/private capass = /etc//opt/csw/puppet/ssl/ca/private/ca.pass cakey = /etc//opt/csw/puppet/ssl/ca/ca_key.pem csrdir = /etc//opt/csw/puppet/ssl/ca/requests serial = /etc//opt/csw/puppet/ssl/ca/serial cacrl = /etc//opt/csw/puppet/ssl/ca/ca_crl.pem cadir = /etc//opt/csw/puppet/ssl/ca capub = /etc//opt/csw/puppet/ssl/ca/ca_pub.pem certdir = /etc//opt/csw/puppet/ssl/certs privatedir = /etc//opt/csw/puppet/ssl/private hostcert = /etc//opt/csw/puppet/ssl/certs/puppet-test.example.net.pem localcacert = /etc//opt/csw/puppet/ssl/certs/ca.pem publickeydir = /etc//opt/csw/puppet/ssl/public_keys passfile = /etc//opt/csw/puppet/ssl/private/password hostprivkey = /etc//opt/csw/puppet/ssl/private_keys/puppet-test.example.net.pem privatekeydir = /etc//opt/csw/puppet/ssl/private_keys hostcsr = /etc//opt/csw/puppet/ssl/csr_puppet-test.example.net.pem hostpubkey = /etc//opt/csw/puppet/ssl/public_keys/puppet-test.example.net.pem reportdir = /var//opt/csw/puppet/reports templatedir = /var//opt/csw/puppet/templates tagmap = /etc//opt/csw/puppet/tagmail.conf rrdinterval = 60 rrddir = /var//opt/csw/puppet/rrd fileserverconfig = /etc//opt/csw/puppet/fileserver.conf graphdir = /var//opt/csw/puppet/state/graphs clientbucketdir = /var//opt/csw/puppet/clientbucket -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Puppet Client Isolated from Network
I am reviewing puppet for suitability on a project that I'm working on. In many regards, it looks perfect and I'm very pleased with the overall feel thus far. For a proof-of-concept example, I've created a manifest that ensures that the ntp package is installed on the client, that it has the correct ntp.conf and that the services is running with that config. So far so good. The clients are going to be PC/104 systems running the Fedora appliance OS from CompactFlash more or less as if it were a live CD (think compressed and read-only). The goal is to have this OS be just the bare bones plus the puppet client. On boot, the puppet client would install the required packages, configure them and start services and custom applications as necessary. This means that any disk updates occurring after boot will not persist through a reboot. Boot times are longer this way, but the systems remain very flexible and can be deployed for a variety of purposes, which would ultimately be dictated by the puppet master. If there is a network loss for whatever reason, it is required that system remain operational in all other regards. If the network outage occurs after boot up this is rather trivial to handle. However, if the system is rebooted after loss of network, it must proceed under the last known state of configuration. I've been partly successful in this regard by creating a 2nd file system on the CompactFlash to which /var/cache/yum is sym-linked. This in effect makes the yum cache persistent through reboots. With the network disconnected, I can remove the ntp package and its configuration file from the client, reboot and puppet will dutifully reinstall the ntp package. However it is unable to retrieve the configuration file from the puppet master and thus far I have not found any way to configure puppetd to maintain a locally cached version to use as a fail safe. I have experimented with ignorecache and usecacheonfailure but without success. Do I need to make each puppet client its own file server somehow with a synchronized copy of the master? Is there some better route I've missed? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Puppet Client Isolated from Network
I am reviewing puppet for suitability on a project that I'm working on. In many regards, it looks perfect and I'm very pleased with the overall feel thus far. For a proof-of-concept example, I've created a manifest that ensures that the ntp package is installed on the client, that it has the correct ntp.conf and that the services is running with that config. So far so good. The clients are going to be PC/104 systems running the Fedora appliance OS from CompactFlash more or less as if it were a live CD (think compressed and read-only). The goal is to have this OS be just the bare bones plus the puppet client. On boot, the puppet client would install the required packages, configure them and start services and custom applications as necessary. This means that any disk updates occurring after boot will not persist through a reboot. Boot times are longer this way, but the systems remain very flexible and can be deployed for a variety of purposes, which would ultimately be dictated by the puppet master. If there is a network loss for whatever reason, it is required that system remain operational in all other regards. If the network outage occurs after boot up this is rather trivial to handle. However, if the system is rebooted after loss of network, it must proceed under the last known state of configuration. I've been partly successful in this regard by creating a 2nd file system on the CompactFlash to which /var/cache/yum is sym-linked. This in effect makes the yum cache persistent through reboots. With the network disconnected, I can remove the ntp package and its configuration file from the client, reboot and puppet will dutifully reinstall the ntp package. However it is unable to retrieve the configuration file from the puppet master and thus far I have not found any way to configure puppetd to maintain a locally cached version to use as a fail safe. I have experimented with ignorecache and usecacheonfailure but without success. Do I need to make each puppet client its own file server somehow with a synchronized copy of the master? Is there some other route I've missed? I've also noted that the ntp daemon does not start in this case, but I'm pretty sure that's simply because puppetd knows a dependency hasn't yet been met. If I can just convince puppetd to somehow persist/cache (similar to what I did with yum) the config file and use that if all else fails, I'll be ready to roll on this project. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---