Hi Bhathiya, check whether you have a file in /etc/cloud/cloud.cfg
if so open that file and in it you fill find a line "manage_etc_hosts: true". Make this to "manage_etc_hosts: false" Best Regards Jithendra -- Jithendra Sirimanne *Systems Engineer* Mobile: +94 (0) 716 374696 <+94+(0)+716+374696> Tel : +94 112 145 345 Email : [email protected] On Tue, Feb 23, 2016 at 3:01 PM, Bhathiya Jayasekara <[email protected]> wrote: > Hi Akila, > > I just noticed that everytime I run ./setup.sh in agent, /etc/hosts file > is replaced/updated. That causes losing the puppetmaster entry in the file. > Any idea why? > > Thanks, > Bhathiya > > On Tue, Feb 23, 2016 at 2:51 PM, Akila Ravihansa Perera < > [email protected]> wrote: > >> Hi, >> >> Looks like Puppet agent cannot resolve the hostname set in puppet.conf. >> Please check whether correct hostname is set in puppet.conf and that it is >> resolvable via DNS or /etc/hosts file. >> >> Also make sure hostname is correctly set in Puppet master. Output of >> `hostname` command should match the value in puppet.conf. >> >> Thanks. >> >> On Tue, Feb 23, 2016 at 2:10 PM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> The problem was I didn't have a directory for my APIM version in >>> *hieradata/production/wso2/wso2am.* Thanks a lot Akila for helping me a >>> lot offline. >>> >>> But unfortunately I'm still away from success. Now I'm getting below >>> error. Any idea about the cause? >>> >>> root@apim-node-1:/opt# ./setup.sh >>> ##################################################### >>> Starting cleanup >>> ##################################################### >>> ##################################################### >>> Setting up environment >>> ##################################################### >>> ##################################################### >>> Installing >>> ##################################################### >>> Warning: Unable to fetch my node definition, but the agent run will >>> continue: >>> Warning: getaddrinfo: Name or service not known >>> Info: Retrieving plugin >>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >>> resources using 'eval_generate': getaddrinfo: Name or service not known >>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: getaddrinfo: Name >>> or service not known Could not retrieve file metadata for >>> puppet://puppet/plugins: getaddrinfo: Name or service not known >>> Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb >>> Info: Loading facts in /var/lib/puppet/lib/facter/service_provider.rb >>> Info: Loading facts in /var/lib/puppet/lib/facter/package_provider.rb >>> Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb >>> Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb >>> Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb >>> Error: Could not retrieve catalog from remote server: getaddrinfo: Name >>> or service not known >>> Warning: Not using cache on failed catalog >>> Error: Could not retrieve catalog; skipping run >>> Error: Could not send report: getaddrinfo: Name or service not known >>> >>> Thanks, >>> Bhathiya >>> >>> On Tue, Feb 23, 2016 at 10:44 AM, Bhathiya Jayasekara <[email protected] >>> > wrote: >>> >>>> Hi all, >>>> >>>> Thanks for the replies. The problem was the hostname as Lahiru >>>> mentioned. I didn't restart the VM after changing /etc/hostname before. >>>> Just restarted the VM now and issue is solved. I think it's better to >>>> update the doc if a restart is required after changing hostname. >>>> >>>> However I endedup in another error.. >>>> >>>> Error: Could not retrieve catalog from remote server: Error 400 on >>>> SERVER: Could not find data item classes in any Hiera data file and no >>>> default supplied at >>>> /etc/puppet/environments/production/manifests/site.pp:21 on node >>>> apim-node-1.openstacklocal >>>> Warning: Not using cache on failed catalog >>>> Error: Could not retrieve catalog; skipping run >>>> >>>> As mentioned in the doc, I have that site.pp in puppet master only. Do >>>> I need to have it in agent too? >>>> >>>> Thanks, >>>> Bhathiya >>>> >>>> >>>> >>>> On Tue, Feb 23, 2016 at 9:34 AM, Akila Ravihansa Perera < >>>> [email protected]> wrote: >>>> >>>>> Hi Bhathiya, >>>>> >>>>> Please try the following steps; >>>>> >>>>> 1. Delete all certificates in Puppet master (rm -rf >>>>> /var/lib/puppet/ssl/*) >>>>> 2. Delete all certificates in Puppet agent (rm -rf >>>>> /var/lib/puppet/ssl/*) >>>>> You may use `puppet cert clean --all` command as well >>>>> >>>>> 3. Check puppet.conf in both Puppet agent and master >>>>> Agent should point to master hostname >>>>> server = puppet.example.com >>>>> >>>>> This hostname must resolve to corresponding IP address via DNS or >>>>> hosts file mappings >>>>> >>>>> This hostname must be the Puppet master's system hostname. Or else it >>>>> should be added as a property to puppet.conf in Puppet master instance >>>>> >>>>> dns_alt_names=puppet.example.com >>>>> >>>>> 4. Auto-signing should be enabled in puppet.conf in Puppet master. Or >>>>> all the white-listed hostnames should be added to autosign.conf in Puppet >>>>> master. >>>>> autosign = true >>>>> >>>>> 5. Restart Puppet master service after modifying above config files. >>>>> >>>>> Thanks. >>>>> >>>>> On Tue, Feb 23, 2016 at 7:43 AM, Lahiru Sandaruwan <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Bhathiya, >>>>>> >>>>>> Please check if the hostname(hostname command) is correctly set in >>>>>> puppet master. Also, after the certificate clearance, remember to restart >>>>>> puppet master. >>>>>> >>>>>> Thanks. >>>>>> >>>>>> On Tue, Feb 23, 2016 at 12:34 AM, Sajith Kariyawasam <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi Bhathiya, >>>>>>> >>>>>>> Did you delete old certs in puppet master as explained in [1] ? From >>>>>>> the commands you have listed, it seems you have deleted the certs in >>>>>>> agent >>>>>>> side only. >>>>>>> [2] too provides some tips related to a similar issue. >>>>>>> Also, if you are testing in an IaaS, please make sure all the >>>>>>> necessary ports in puppet master instance are accessible from puppet >>>>>>> agent >>>>>>> instance. >>>>>>> >>>>>>> >>>>>>> [1] >>>>>>> http://serverfault.com/questions/515296/puppet-agent-certificate-verify-failure >>>>>>> [2] >>>>>>> http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat >>>>>>> >>>>>>> Thanks, >>>>>>> Sajith >>>>>>> >>>>>>> On Tue, Feb 23, 2016 at 12:02 AM, Bhathiya Jayasekara < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Thanks for the prompt response Pubudu. I already tried that and got >>>>>>>> below. >>>>>>>> >>>>>>>> root@apim-2:/opt# find /var/lib/puppet/ssl -name '*.pem' -exec rm >>>>>>>> {} \; >>>>>>>> root@apim-2:/opt# puppet agent -t >>>>>>>> Info: Creating a new SSL key for apim-2.openstacklocal >>>>>>>> Info: Caching certificate for ca >>>>>>>> Info: csr_attributes file loading from >>>>>>>> /etc/puppet/csr_attributes.yaml >>>>>>>> Info: Creating a new SSL certificate request for >>>>>>>> apim-2.openstacklocal >>>>>>>> Info: Certificate Request fingerprint (SHA256): >>>>>>>> 74:F4:B5:D3:39:02:0F:D7:6D:88:0C:06:4B:55:1C:08:7C:B8:C9:3E:91:0F:B1:C9:1B:07:DE:27:BB:D1:D5:55 >>>>>>>> Info: Caching certificate for apim-2.openstacklocal >>>>>>>> Info: Caching certificate_revocation_list for ca >>>>>>>> Error: Could not request certificate: SSL_connect returned=1 >>>>>>>> errno=0 state=SSLv3 read server certificate B: certificate verify >>>>>>>> failed: >>>>>>>> [certificate revoked for /CN=apim-2.openstacklocal] >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Bhathiya >>>>>>>> >>>>>>>> On Mon, Feb 22, 2016 at 11:52 PM, Pubudu Gunatilaka < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Bhathiya, >>>>>>>>> >>>>>>>>> Could you please check with this [1] ? I think you are having >>>>>>>>> Error 4. >>>>>>>>> >>>>>>>>> [1] - >>>>>>>>> http://suhan-opensource.blogspot.com/2014/10/puppet-master-agent-communication-errors.html >>>>>>>>> >>>>>>>>> Thank you! >>>>>>>>> >>>>>>>>> On Mon, Feb 22, 2016 at 11:47 PM, Bhathiya Jayasekara < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi all, >>>>>>>>>> >>>>>>>>>> I followed all the steps in [1]. But at the end I'm getting below >>>>>>>>>> cert error. Can someone please help me to understand what's wrong? >>>>>>>>>> >>>>>>>>>> root@apim-2:/opt# ./setup.sh >>>>>>>>>> ##################################################### >>>>>>>>>> Starting cleanup >>>>>>>>>> ##################################################### >>>>>>>>>> ##################################################### >>>>>>>>>> Setting up environment >>>>>>>>>> ##################################################### >>>>>>>>>> ##################################################### >>>>>>>>>> Installing >>>>>>>>>> ##################################################### >>>>>>>>>> Warning: Unable to fetch my node definition, but the agent run >>>>>>>>>> will continue: >>>>>>>>>> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >>>>>>>>>> certificate B: certificate verify failed: [certificate revoked for >>>>>>>>>> /CN=apim-2.openstacklocal] >>>>>>>>>> Info: Retrieving plugin >>>>>>>>>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >>>>>>>>>> resources using 'eval_generate': SSL_connect returned=1 errno=0 >>>>>>>>>> state=SSLv3 >>>>>>>>>> read server certificate B: certificate verify failed: [certificate >>>>>>>>>> revoked >>>>>>>>>> for /CN=apim-2.openstacklocal] >>>>>>>>>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: >>>>>>>>>> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: >>>>>>>>>> certificate verify failed: [certificate revoked for >>>>>>>>>> /CN=apim-2.openstacklocal] Could not retrieve file metadata for >>>>>>>>>> puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 >>>>>>>>>> read >>>>>>>>>> server certificate B: certificate verify failed: [certificate >>>>>>>>>> revoked for >>>>>>>>>> /CN=apim-2.openstacklocal] >>>>>>>>>> Error: Could not retrieve catalog from remote server: SSL_connect >>>>>>>>>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>>>>>>>>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>>>>>>>>> Warning: Not using cache on failed catalog >>>>>>>>>> Error: Could not retrieve catalog; skipping run >>>>>>>>>> Error: Could not send report: SSL_connect returned=1 errno=0 >>>>>>>>>> state=SSLv3 read server certificate B: certificate verify failed: >>>>>>>>>> [certificate revoked for /CN=apim-2.openstacklocal] >>>>>>>>>> >>>>>>>>>> [1] >>>>>>>>>> https://github.com/wso2/puppet-modules/wiki/Use-WSO2-Puppet-Modules-in-puppet-master-agent-Environment >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Bhathiya Jayasekara* >>>>>>>>>> *Senior Software Engineer,* >>>>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>>>>> >>>>>>>>>> *Phone: +94715478185 <%2B94715478185>* >>>>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>>>>> <https://twitter.com/bhathiyax>* >>>>>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Pubudu Gunatilaka* >>>>>>>>> Committer and PMC Member - Apache Stratos >>>>>>>>> Software Engineer >>>>>>>>> WSO2, Inc.: http://wso2.com >>>>>>>>> mobile : +94774079049 <%2B94772207163> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Bhathiya Jayasekara* >>>>>>>> *Senior Software Engineer,* >>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>>> >>>>>>>> *Phone: +94715478185 <%2B94715478185>* >>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>>> <https://twitter.com/bhathiyax>* >>>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Sajith Kariyawasam >>>>>>> *Committer and PMC member, Apache Stratos, * >>>>>>> *WSO2 Inc.; http://wso2.com <http://wso2.com>* >>>>>>> *Mobile: 0772269575 <0772269575>* >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> -- >>>>>> Lahiru Sandaruwan >>>>>> Committer and PMC member, Apache Stratos, >>>>>> Senior Software Engineer, >>>>>> WSO2 Inc., http://wso2.com >>>>>> lean.enterprise.middleware >>>>>> >>>>>> phone: +94773325954 >>>>>> email: [email protected] blog: http://lahiruwrites.blogspot.com/ >>>>>> linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146 >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Akila Ravihansa Perera >>>>> WSO2 Inc.; http://wso2.com/ >>>>> >>>>> Blog: http://ravihansa3000.blogspot.com >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Bhathiya Jayasekara* >>>> *Senior Software Engineer,* >>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>> >>>> *Phone: +94715478185 <%2B94715478185>* >>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>> <http://www.linkedin.com/in/bhathiyaj>* >>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>>> *Blog: http://movingaheadblog.blogspot.com >>>> <http://movingaheadblog.blogspot.com/>* >>>> >>> >>> >>> >>> -- >>> *Bhathiya Jayasekara* >>> *Senior Software Engineer,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <%2B94715478185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >> >> >> >> -- >> Akila Ravihansa Perera >> WSO2 Inc.; http://wso2.com/ >> >> Blog: http://ravihansa3000.blogspot.com >> > > > > -- > *Bhathiya Jayasekara* > *Senior Software Engineer,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <%2B94715478185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
