Hi Jithendra,
There is the file, but there's is no such an entry in it. Here I'm posting
the entire file.
# The top level settings are used as module
# and system configuration.
# A set of users which may be applied and/or used by various modules
# when a 'default' entry is found it will reference the 'default_user'
# from the distro configuration specified below
users:
- default
# If this is set, 'root' will not be able to ssh in and they
# will get a message to login instead as the above $user (ubuntu)
disable_root: true
# This will cause the set+update hostname module to not operate (if true)
preserve_hostname: false
# Example datasource config
# datasource:
# Ec2:
# metadata_urls: [ 'blah.com' ]
# timeout: 5 # (defaults to 50 seconds)
# max_wait: 10 # (defaults to 120 seconds)
# The modules that run in the 'init' stage
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write-files
- growpart
- resizefs
- set_hostname
- update_hostname
- update_etc_hosts
- ca-certs
- rsyslog
- users-groups
- ssh
# The modules that run in the 'config' stage
cloud_config_modules:
# Emit the cloud config ready event
# this can be used by upstart jobs for 'start on cloud-config'.
- emit_upstart
- disk_setup
- mounts
- ssh-import-id
- locale
- set-passwords
- grub-dpkg
- apt-pipelining
- apt-configure
- package-update-upgrade-install
- landscape
- timezone
- puppet
- chef
- salt-minion
- mcollective
- disable-ec2-metadata
- runcmd
- byobu
# The modules that run in the 'final' stage
cloud_final_modules:
- rightscale_userdata
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message
- power-state-change
# System and/or distro specific settings
# (not accessible to handlers/transforms)
system_info:
# This will affect which distro class gets used
distro: ubuntu
# Default user name + that default users groups (if added/used)
default_user:
name: ubuntu
lock_passwd: True
gecos: Ubuntu
groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev,
sudo, video]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
# Other config here will be given to the distro class and/or path classes
paths:
cloud_dir: /var/lib/cloud/
templates_dir: /etc/cloud/templates/
upstart_dir: /etc/init/
package_mirrors:
- arches: [i386, amd64]
failsafe:
primary: http://archive.ubuntu.com/ubuntu
security: http://security.ubuntu.com/ubuntu
search:
primary:
- http://%(ec2_region)s.ec2.archive.ubuntu.com/ubuntu/
- http://%(availability_zone)s.clouds.archive.ubuntu.com/ubuntu/
security: []
- arches: [armhf, armel, default]
failsafe:
primary: http://ports.ubuntu.com/ubuntu-ports
security: http://ports.ubuntu.com/ubuntu-ports
ssh_svcname: ssh
110,11
Bot
Thanks,
Bhathiya
On Tue, Feb 23, 2016 at 5:04 PM, Jithendra Sirimanne <[email protected]>
wrote:
> Hi Bhathiya,
>
> check whether you have a file in /etc/cloud/cloud.cfg
>
> if so open that file and in it you fill find a line "manage_etc_hosts:
> true".
>
> Make this to "manage_etc_hosts: false"
>
> Best Regards
> Jithendra
>
> --
> Jithendra Sirimanne
> *Systems Engineer*
> Mobile: +94 (0) 716 374696 <+94+(0)+716+374696>
> Tel : +94 112 145 345
> Email : [email protected]
>
> On Tue, Feb 23, 2016 at 3:01 PM, Bhathiya Jayasekara <[email protected]>
> wrote:
>
>> Hi Akila,
>>
>> I just noticed that everytime I run ./setup.sh in agent, /etc/hosts file
>> is replaced/updated. That causes losing the puppetmaster entry in the file.
>> Any idea why?
>>
>> Thanks,
>> Bhathiya
>>
>> On Tue, Feb 23, 2016 at 2:51 PM, Akila Ravihansa Perera <
>> [email protected]> wrote:
>>
>>> Hi,
>>>
>>> Looks like Puppet agent cannot resolve the hostname set in puppet.conf.
>>> Please check whether correct hostname is set in puppet.conf and that it is
>>> resolvable via DNS or /etc/hosts file.
>>>
>>> Also make sure hostname is correctly set in Puppet master. Output of
>>> `hostname` command should match the value in puppet.conf.
>>>
>>> Thanks.
>>>
>>> On Tue, Feb 23, 2016 at 2:10 PM, Bhathiya Jayasekara <[email protected]>
>>> wrote:
>>>
>>>> The problem was I didn't have a directory for my APIM version in
>>>> *hieradata/production/wso2/wso2am.* Thanks a lot Akila for helping me
>>>> a lot offline.
>>>>
>>>> But unfortunately I'm still away from success. Now I'm getting below
>>>> error. Any idea about the cause?
>>>>
>>>> root@apim-node-1:/opt# ./setup.sh
>>>> #####################################################
>>>> Starting cleanup
>>>> #####################################################
>>>> #####################################################
>>>> Setting up environment
>>>> #####################################################
>>>> #####################################################
>>>> Installing
>>>> #####################################################
>>>> Warning: Unable to fetch my node definition, but the agent run will
>>>> continue:
>>>> Warning: getaddrinfo: Name or service not known
>>>> Info: Retrieving plugin
>>>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional
>>>> resources using 'eval_generate': getaddrinfo: Name or service not known
>>>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: getaddrinfo:
>>>> Name or service not known Could not retrieve file metadata for
>>>> puppet://puppet/plugins: getaddrinfo: Name or service not known
>>>> Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
>>>> Info: Loading facts in /var/lib/puppet/lib/facter/service_provider.rb
>>>> Info: Loading facts in /var/lib/puppet/lib/facter/package_provider.rb
>>>> Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
>>>> Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
>>>> Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
>>>> Error: Could not retrieve catalog from remote server: getaddrinfo: Name
>>>> or service not known
>>>> Warning: Not using cache on failed catalog
>>>> Error: Could not retrieve catalog; skipping run
>>>> Error: Could not send report: getaddrinfo: Name or service not known
>>>>
>>>> Thanks,
>>>> Bhathiya
>>>>
>>>> On Tue, Feb 23, 2016 at 10:44 AM, Bhathiya Jayasekara <
>>>> [email protected]> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> Thanks for the replies. The problem was the hostname as Lahiru
>>>>> mentioned. I didn't restart the VM after changing /etc/hostname before.
>>>>> Just restarted the VM now and issue is solved. I think it's better to
>>>>> update the doc if a restart is required after changing hostname.
>>>>>
>>>>> However I endedup in another error..
>>>>>
>>>>> Error: Could not retrieve catalog from remote server: Error 400 on
>>>>> SERVER: Could not find data item classes in any Hiera data file and no
>>>>> default supplied at
>>>>> /etc/puppet/environments/production/manifests/site.pp:21 on node
>>>>> apim-node-1.openstacklocal
>>>>> Warning: Not using cache on failed catalog
>>>>> Error: Could not retrieve catalog; skipping run
>>>>>
>>>>> As mentioned in the doc, I have that site.pp in puppet master only. Do
>>>>> I need to have it in agent too?
>>>>>
>>>>> Thanks,
>>>>> Bhathiya
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Feb 23, 2016 at 9:34 AM, Akila Ravihansa Perera <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hi Bhathiya,
>>>>>>
>>>>>> Please try the following steps;
>>>>>>
>>>>>> 1. Delete all certificates in Puppet master (rm -rf
>>>>>> /var/lib/puppet/ssl/*)
>>>>>> 2. Delete all certificates in Puppet agent (rm -rf
>>>>>> /var/lib/puppet/ssl/*)
>>>>>> You may use `puppet cert clean --all` command as well
>>>>>>
>>>>>> 3. Check puppet.conf in both Puppet agent and master
>>>>>> Agent should point to master hostname
>>>>>> server = puppet.example.com
>>>>>>
>>>>>> This hostname must resolve to corresponding IP address via DNS or
>>>>>> hosts file mappings
>>>>>>
>>>>>> This hostname must be the Puppet master's system hostname. Or else it
>>>>>> should be added as a property to puppet.conf in Puppet master instance
>>>>>>
>>>>>> dns_alt_names=puppet.example.com
>>>>>>
>>>>>> 4. Auto-signing should be enabled in puppet.conf in Puppet master. Or
>>>>>> all the white-listed hostnames should be added to autosign.conf in Puppet
>>>>>> master.
>>>>>> autosign = true
>>>>>>
>>>>>> 5. Restart Puppet master service after modifying above config files.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> On Tue, Feb 23, 2016 at 7:43 AM, Lahiru Sandaruwan <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Bhathiya,
>>>>>>>
>>>>>>> Please check if the hostname(hostname command) is correctly set in
>>>>>>> puppet master. Also, after the certificate clearance, remember to
>>>>>>> restart
>>>>>>> puppet master.
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> On Tue, Feb 23, 2016 at 12:34 AM, Sajith Kariyawasam <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Hi Bhathiya,
>>>>>>>>
>>>>>>>> Did you delete old certs in puppet master as explained in [1] ?
>>>>>>>> From the commands you have listed, it seems you have deleted the certs
>>>>>>>> in
>>>>>>>> agent side only.
>>>>>>>> [2] too provides some tips related to a similar issue.
>>>>>>>> Also, if you are testing in an IaaS, please make sure all the
>>>>>>>> necessary ports in puppet master instance are accessible from puppet
>>>>>>>> agent
>>>>>>>> instance.
>>>>>>>>
>>>>>>>>
>>>>>>>> [1]
>>>>>>>> http://serverfault.com/questions/515296/puppet-agent-certificate-verify-failure
>>>>>>>> [2]
>>>>>>>> http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Sajith
>>>>>>>>
>>>>>>>> On Tue, Feb 23, 2016 at 12:02 AM, Bhathiya Jayasekara <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Thanks for the prompt response Pubudu. I already tried that and
>>>>>>>>> got below.
>>>>>>>>>
>>>>>>>>> root@apim-2:/opt# find /var/lib/puppet/ssl -name '*.pem' -exec rm
>>>>>>>>> {} \;
>>>>>>>>> root@apim-2:/opt# puppet agent -t
>>>>>>>>> Info: Creating a new SSL key for apim-2.openstacklocal
>>>>>>>>> Info: Caching certificate for ca
>>>>>>>>> Info: csr_attributes file loading from
>>>>>>>>> /etc/puppet/csr_attributes.yaml
>>>>>>>>> Info: Creating a new SSL certificate request for
>>>>>>>>> apim-2.openstacklocal
>>>>>>>>> Info: Certificate Request fingerprint (SHA256):
>>>>>>>>> 74:F4:B5:D3:39:02:0F:D7:6D:88:0C:06:4B:55:1C:08:7C:B8:C9:3E:91:0F:B1:C9:1B:07:DE:27:BB:D1:D5:55
>>>>>>>>> Info: Caching certificate for apim-2.openstacklocal
>>>>>>>>> Info: Caching certificate_revocation_list for ca
>>>>>>>>> Error: Could not request certificate: SSL_connect returned=1
>>>>>>>>> errno=0 state=SSLv3 read server certificate B: certificate verify
>>>>>>>>> failed:
>>>>>>>>> [certificate revoked for /CN=apim-2.openstacklocal]
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Bhathiya
>>>>>>>>>
>>>>>>>>> On Mon, Feb 22, 2016 at 11:52 PM, Pubudu Gunatilaka <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Bhathiya,
>>>>>>>>>>
>>>>>>>>>> Could you please check with this [1] ? I think you are having
>>>>>>>>>> Error 4.
>>>>>>>>>>
>>>>>>>>>> [1] -
>>>>>>>>>> http://suhan-opensource.blogspot.com/2014/10/puppet-master-agent-communication-errors.html
>>>>>>>>>>
>>>>>>>>>> Thank you!
>>>>>>>>>>
>>>>>>>>>> On Mon, Feb 22, 2016 at 11:47 PM, Bhathiya Jayasekara <
>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi all,
>>>>>>>>>>>
>>>>>>>>>>> I followed all the steps in [1]. But at the end I'm getting
>>>>>>>>>>> below cert error. Can someone please help me to understand what's
>>>>>>>>>>> wrong?
>>>>>>>>>>>
>>>>>>>>>>> root@apim-2:/opt# ./setup.sh
>>>>>>>>>>> #####################################################
>>>>>>>>>>> Starting cleanup
>>>>>>>>>>> #####################################################
>>>>>>>>>>> #####################################################
>>>>>>>>>>> Setting up environment
>>>>>>>>>>> #####################################################
>>>>>>>>>>> #####################################################
>>>>>>>>>>> Installing
>>>>>>>>>>> #####################################################
>>>>>>>>>>> Warning: Unable to fetch my node definition, but the agent run
>>>>>>>>>>> will continue:
>>>>>>>>>>> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server
>>>>>>>>>>> certificate B: certificate verify failed: [certificate revoked for
>>>>>>>>>>> /CN=apim-2.openstacklocal]
>>>>>>>>>>> Info: Retrieving plugin
>>>>>>>>>>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional
>>>>>>>>>>> resources using 'eval_generate': SSL_connect returned=1 errno=0
>>>>>>>>>>> state=SSLv3
>>>>>>>>>>> read server certificate B: certificate verify failed: [certificate
>>>>>>>>>>> revoked
>>>>>>>>>>> for /CN=apim-2.openstacklocal]
>>>>>>>>>>> Error: /File[/var/lib/puppet/lib]: Could not evaluate:
>>>>>>>>>>> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
>>>>>>>>>>> B:
>>>>>>>>>>> certificate verify failed: [certificate revoked for
>>>>>>>>>>> /CN=apim-2.openstacklocal] Could not retrieve file metadata for
>>>>>>>>>>> puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3
>>>>>>>>>>> read
>>>>>>>>>>> server certificate B: certificate verify failed: [certificate
>>>>>>>>>>> revoked for
>>>>>>>>>>> /CN=apim-2.openstacklocal]
>>>>>>>>>>> Error: Could not retrieve catalog from remote server:
>>>>>>>>>>> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
>>>>>>>>>>> B:
>>>>>>>>>>> certificate verify failed: [certificate revoked for
>>>>>>>>>>> /CN=apim-2.openstacklocal]
>>>>>>>>>>> Warning: Not using cache on failed catalog
>>>>>>>>>>> Error: Could not retrieve catalog; skipping run
>>>>>>>>>>> Error: Could not send report: SSL_connect returned=1 errno=0
>>>>>>>>>>> state=SSLv3 read server certificate B: certificate verify failed:
>>>>>>>>>>> [certificate revoked for /CN=apim-2.openstacklocal]
>>>>>>>>>>>
>>>>>>>>>>> [1]
>>>>>>>>>>> https://github.com/wso2/puppet-modules/wiki/Use-WSO2-Puppet-Modules-in-puppet-master-agent-Environment
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Bhathiya Jayasekara*
>>>>>>>>>>> *Senior Software Engineer,*
>>>>>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>>>>>>>>
>>>>>>>>>>> *Phone: +94715478185 <%2B94715478185>*
>>>>>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>>>>>>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>>>>>>>>> *Twitter: https://twitter.com/bhathiyax
>>>>>>>>>>> <https://twitter.com/bhathiyax>*
>>>>>>>>>>> *Blog: http://movingaheadblog.blogspot.com
>>>>>>>>>>> <http://movingaheadblog.blogspot.com/>*
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Dev mailing list
>>>>>>>>>>> [email protected]
>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Pubudu Gunatilaka*
>>>>>>>>>> Committer and PMC Member - Apache Stratos
>>>>>>>>>> Software Engineer
>>>>>>>>>> WSO2, Inc.: http://wso2.com
>>>>>>>>>> mobile : +94774079049 <%2B94772207163>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> *Bhathiya Jayasekara*
>>>>>>>>> *Senior Software Engineer,*
>>>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>>>>>>
>>>>>>>>> *Phone: +94715478185 <%2B94715478185>*
>>>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>>>>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>>>>>>> *Twitter: https://twitter.com/bhathiyax
>>>>>>>>> <https://twitter.com/bhathiyax>*
>>>>>>>>> *Blog: http://movingaheadblog.blogspot.com
>>>>>>>>> <http://movingaheadblog.blogspot.com/>*
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Dev mailing list
>>>>>>>>> [email protected]
>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Sajith Kariyawasam
>>>>>>>> *Committer and PMC member, Apache Stratos, *
>>>>>>>> *WSO2 Inc.; http://wso2.com <http://wso2.com>*
>>>>>>>> *Mobile: 0772269575 <0772269575>*
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Dev mailing list
>>>>>>>> [email protected]
>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> --
>>>>>>> Lahiru Sandaruwan
>>>>>>> Committer and PMC member, Apache Stratos,
>>>>>>> Senior Software Engineer,
>>>>>>> WSO2 Inc., http://wso2.com
>>>>>>> lean.enterprise.middleware
>>>>>>>
>>>>>>> phone: +94773325954
>>>>>>> email: [email protected] blog: http://lahiruwrites.blogspot.com/
>>>>>>> linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Dev mailing list
>>>>>>> [email protected]
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Akila Ravihansa Perera
>>>>>> WSO2 Inc.; http://wso2.com/
>>>>>>
>>>>>> Blog: http://ravihansa3000.blogspot.com
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> [email protected]
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Bhathiya Jayasekara*
>>>>> *Senior Software Engineer,*
>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>>
>>>>> *Phone: +94715478185 <%2B94715478185>*
>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>>> *Twitter: https://twitter.com/bhathiyax
>>>>> <https://twitter.com/bhathiyax>*
>>>>> *Blog: http://movingaheadblog.blogspot.com
>>>>> <http://movingaheadblog.blogspot.com/>*
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Bhathiya Jayasekara*
>>>> *Senior Software Engineer,*
>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>
>>>> *Phone: +94715478185 <%2B94715478185>*
>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
>>>> *Blog: http://movingaheadblog.blogspot.com
>>>> <http://movingaheadblog.blogspot.com/>*
>>>>
>>>
>>>
>>>
>>> --
>>> Akila Ravihansa Perera
>>> WSO2 Inc.; http://wso2.com/
>>>
>>> Blog: http://ravihansa3000.blogspot.com
>>>
>>
>>
>>
>> --
>> *Bhathiya Jayasekara*
>> *Senior Software Engineer,*
>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>
>> *Phone: +94715478185 <%2B94715478185>*
>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>> <http://www.linkedin.com/in/bhathiyaj>*
>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
>> *Blog: http://movingaheadblog.blogspot.com
>> <http://movingaheadblog.blogspot.com/>*
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
--
*Bhathiya Jayasekara*
*Senior Software Engineer,*
*WSO2 inc., http://wso2.com <http://wso2.com>*
*Phone: +94715478185*
*LinkedIn: http://www.linkedin.com/in/bhathiyaj
<http://www.linkedin.com/in/bhathiyaj>*
*Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
*Blog: http://movingaheadblog.blogspot.com
<http://movingaheadblog.blogspot.com/>*
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
