O.K. I think I have this working.
With no node defined at all, puppetd refused to run on any node. It
would check in with Puppetmaster, correctly negotiate SSL, but then
not find a node definition it just quit with the error message
mentioned above. So right now I have a default node defined, which
allows me to run puppetd on just about any client, running the simple
class sudo from one of he getting started guides:
node default {
include sudo
}
I assume from here I can define particular hosts, etc. I had defined
particular hosts in the past, and they did not work, but perhaps I had
the syntax wrong or some such.
Frankly was just a little taken aback since most of the basic
tutorials demonstrate running things through puppet without nodes
explicitly defined, but in my case it seems like it was absolutely
required. Perhaps I have a weird setting somewhere, I do not know.
So far I have not found one, but maybe I will in time.
Thank you to everyone who tried to help.
On Apr 7, 7:17 pm, Denmat <tu2bg...@gmail.com> wrote:
> I believe you will need with .24 a [puppetd] section (i subsequently looked
> up the namespace name] in your puppet.conf file. This will tell puppet it
> should also act as a client.
>
> Cheers,
> Den
>
> On 08/04/2011, at 8:22, Saurval <saur...@gmail.com> wrote:
>
>
>
> > At the time of the last run I did not have a nodes.pp included in my
> > configuration. I had added one with a node definition, but it has
> > made no difference, I get the same error reported originally
>
> > err: Could not retrieve configuration: Could not find
> > jenkins.example.com with names jenkins.example.com, jenkins
> > warning: Not using cache on failed configuration
>
> > This is the node definition I added, though it prompted no change.
>
> > node 'jenkins.example.com' inherits basenode {
> > info('jenkins.example.com')
> > }
>
> > When I run puppetd or puppetmasterd with --genconfig my FQDN comes up
> > as the default value for 'certname'. When I look at the certificate
> > my 'CN= my FQDN' comes up as the Issuer and the Subject, so that seems
> > to match just fine.
>
> > I do not have a [client] section to my configuration, and I do not see
> > one in my --genconfig output either.
>
> > -Saurval
>
> > On Apr 7, 5:38 pm, Denmat <tu2bg...@gmail.com> wrote:
> >> Hi,
> >> First is what name is defined in the node definition.
> >> Then I would check the puppet.conf for the client settings (l think in .24
> >> it is the [client] section).
> >> After that ... I'd have to keep fiddling at the console.
>
> >> Cheers,
>
> >> On 08/04/2011, at 1:56, Saurval <saur...@gmail.com> wrote:
>
> >>> I am on CentOS 5.4 running
> >>> puppet-0.22.4-1.el5.rf
> >>> puppet-server-0.22.4-1.el5.rf
>
> >>> I am a little stumped on this one. I imagine it is something simple
> >>> I am missing. but basically the puppetmasterd cannot talk to a
> >>> puppetd instance running as a client on the same host.
>
> >>> The error I am getting is essentially:
>
> >>> [root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetd -o --
> >>> server=jenkins.example.com --test
> >>> err: Could not retrieve configuration: Could not find
> >>> jenkins.example.com with names jenkins.example.com, jenkins
> >>> warning: Not using cache on failed configuration
>
> >>> After testing SSL with OpenSSL by hand, the handshake works, and it
> >>> looks like everyone is using the same name in the subject name of the
> >>> certificates. In fact, it looks like the puppet master is seeing the
> >>> request, accepting SSL, but then still reporting the same error. Here
> >>> is the debug output showing the response to the client's attempt to
> >>> run seen above.
>
> >>> root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetmasterd --manifest=/etc/
> >>> puppet/manifests/site.pp --logdest=/var/log/puppet/puppetmaster.log --
> >>> bindaddress=10.131.125.85 --debug
> >>> debug: puppet: Setting vardir to '/var/lib/puppet'
> >>> debug: puppet: Setting logdir to '/var/log/puppet'
> >>> debug: puppet: Setting rundir to '/var/run/puppet'
> >>> debug: puppet: Setting ssldir to '$vardir/ssl'
> >>> debug: puppetd: Setting classfile to '$vardir/classes.txt'
> >>> debug: puppetd: Setting localconfig to '$vardir/localconfig'
> >>> info: Starting server for Puppet version 0.22.4
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/private/ca.pass]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca/private]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/templates]:
> >>> Autorequiring File[/var/lib/puppet]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
> >>> private_keys]: Autorequiring File[/var/lib/puppet/ssl]
> >>> debug: /puppetconfig/ca/File[/etc/puppet/autosign.conf]: Autorequiring
> >>> File[/etc/puppet]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_pub.pem]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/state/state.yaml]:
> >>> Autorequiring File[/var/lib/puppet/state]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/state/graphs]:
> >>> Autorequiring File[/var/lib/puppet/state]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
> >>> csr_jenkins.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
> >>> public_keys]: Autorequiring File[/var/lib/puppet/ssl]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
> >>> private_keys/repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/
> >>> puppet/ssl/private_keys]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private]:
> >>> Autorequiring File[/var/lib/puppet/ssl]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/inventory.txt]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/serial]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_crl.pem]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/facts]: Autorequiring
> >>> File[/var/lib/puppet]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/public_keys/
> >>> repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
> >>> public_keys]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/requests]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs]:
> >>> Autorequiring File[/var/lib/puppet/ssl]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private/
> >>> password]: Autorequiring File[/var/lib/puppet/ssl/private]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca]: Autorequiring
> >>> File[/var/lib/puppet/ssl]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_key.pem]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs/
> >>> ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/signed]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_crt.pem]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/state]: Autorequiring
> >>> File[/var/lib/puppet]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/plugins]:
> >>> Autorequiring File[/var/lib/puppet]
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs/
> >>> repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
> >>> certs]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/lib]: Autorequiring
> >>> File[/var/lib/puppet]
> >>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/private]:
> >>> Autorequiring File[/var/lib/puppet/ssl/ca]
> >>> debug: /puppetconfig/puppet/File[/etc/puppet/namespaceauth.conf]:
> >>> Autorequiring File[/etc/puppet]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/ssl]: Autorequiring
> >>> File[/var/lib/puppet]
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/plugins]: File does
> >>> not exist
> >>> debug: /puppetconfig/puppet/File[/etc/puppet/namespaceauth.conf]: File
> >>> does not exist
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/facts]: File does not
> >>> exist
> >>> debug: /puppetconfig/puppet/File[/var/lib/puppet/state/state.yaml]:
> >>> File does not exist
> >>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private/
> >>> password]: File does not exist
> >>> debug: /puppetconfig/ca/File[/etc/puppet/autosign.conf]: File does not
> >>> exist
> >>> debug: Finishing transaction 23834716843800 with 0 changes
> >>> debug: Finishing transaction 23834716222400 with 0 changes
> >>> debug: Creating interpreter
> >>> debug: importing '/etc/puppet/manifests/modules.pp'
> >>> debug: importing '/etc/puppet/modules/ldap/manifests/init.pp'
> >>> debug: importing '/etc/puppet/modules/snmp/manifests/init.pp'
> >>> debug: Adding code to main on line 23 in file /etc/puppet/manifests/
> >>> site.pp
> >>> info: Parsed manifest in 0.03 seconds
> >>> debug: /puppetconfig/reporting/File[/etc/puppet/tagmail.conf]: File
> >>> does not exist
> >>> debug: Finishing transaction 23834715833640 with 0 changes
> >>> debug: Finishing transaction 23834715762400 with 0 changes
> >>> debug: Finishing transaction 23834715704720 with 0 changes
> >>> info: Listening on port 8140
> >>> notice: Starting Puppet server version 0.22.4
> >>> debug: Overriding jenkins with cert name jenkins.example.com
> >>> debug: Allowing authenticated client
> >>> jenkins.example.com(10.131.125.85) access to puppetmaster.getconfig
> >>> debug: Our client is remote
> >>> err: Could not find jenkins.example.com with names
> >>> jenkins.example.com, jenkins
>
> >>> Domain name service for the hostname is set up, and resolves via the
> >>> 'host' and 'dig'
> >>> requests. The FQHN is what is used as the host name, and is returned
> >>> by the 'hostname' command. Looking at it closely I note that reverse
> >>> resolution of the local IP 10.131.125.85 does not return, but I do not
> >>> know if that matters given the errors above.
>
> >>> The puppetmaster host has three different three different IPs (Four
> >>> counting loopback.) so I am making a point to binding to one interface
> >>> that matches what a DNS (as well as /etc/hosts) lookup would return.
>
> >>> Looking at the --genconfig output for both puppetd and puppetmaster it
> >>> looks like all the host names are in the correct places. It looks
> >>> like I have the correct host name in all teh right places. I realize
> >>> I am not calling to puppet master server puppet, but the server was
> >>> named and runs other functions well before I installed puppet. If I
> >>> absolutely have to create an alias for the server as 'puppet', I am
> >>> willing to do that, but it looks like more then just a simple /etc/
> >>> hosts alias would be needed, as I tried that and it did not seem to
> >>> help at all.
>
> >>> This same behavior is seen on other puppetd invocations on other
> >>> hosts, using their host names. But I figure it simplifies things to
> >>> start with the same physical host, so as to avoid questions like 'are
> >>> your clocks in sync?' and the like.
>
> >>> Can anyone point out
>
> ...
>
> read more »
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
