Hey Im running puppet on Ubuntu
On Tue, Jun 21, 2011 at 3:25 PM, John Nicholson <vilvic.j...@gmail.com>wrote:
>
> I'm in the process of setting up puppet and experiencing some issues.
> I'm running Ubuntu 11.04 desktop and server in two seperate VM's. I've
> installed puppet master (2.6.4) and puppet (2.6.4). The puppet master
> and agent are happily working together.
>
> I'm running the example in the book Pro Puppet. This is the first
> example;
>
> Code:
>
> class sudo {
> package { sudo:
> ensure => present,
> }
> if $operatingsystem == "Ubuntu" {
> package { "sudo-ldap":
> ensure => present,
> require => Package["sudo"],
> }
> }
> file { "/etc/sudoers":
> owner => "root",
> group => "root",
> mode => 0440,
> source => "puppet://$puppetserver/modules/sudo/etc/sudoers",
> require => Package["sudo"],
> }
> }
>
> On the agent I run the following command;
>
> puppet agent --server=<myserver> --no-daemonize --verbose --onetime
>
> The agent see's the change but I get an error;
>
> info: Caching catalog for <agentServer>
> info: Applying configuration version '123456789'
> err: /Stage[main]/Sudo/Package[sudo-ldap]/ensure: change from purged
> to present
> failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--
> force-confold
> install sudo-ldap' returned 100: E: Could not open lock file /var/lib/
> dpkg/lock
> - open (13: Permission denied)
> E: Unable to lick the administration directory (/var/lib/dpkg/), are
> you root?
>
> I don't have another package manager open.
>
> I understand what the problem is. The agent is being run as the
> current logged in user and that user doesn't have permission to run
> apt-get. Generally to run apt-get i have to do sudo apt-get.
>
> I've thought about modifying the sudoers file and adding nopasswd for
> my user (as suggested in other posts) for apt-get but that doesn't
> solve the problem since the command in the puppet agent is not run
> with sudo.
>
> I understand if I run the puppet agent as a daemon then it runs as
> user root which I guess would solve the problem. I'm not sure it's
> best to run the agent as a daemon. I might want to control when the
> agent pulls the updates from the puppet master (or through cron).
>
> In any case if you remote control the agent (via ssh) this might help
http://napkins.wordpress.com/2009/02/18/using-nopasswd-in-sudoers-on-ubuntu/
> If I run;
>
> sudo puppet agent --server=<myserver> --no-daemonize --verbose --
> onetime
>
> I get a different error;
>
> err: Could not request certificate: Retrieved certificate does not
> match private
> key; please remove certificate from server and regenerate it with the
> current key
>
> I've tried removing the ssl certs from both the puppet master and
> agent and run the command again. I get the same problem. When I remove
> the sudo from the start of the command the puppet agent is happy with
> the cert.
>
> I though about adding my user to the root group as a test. Even when I
> do that if I run apt-get update manually a permission denied. I
> wondered if this has something to do with the root user being disabled
> by default on Ubuntu.
>
> I'm a novice when it comes to these sorts of things. Has anyone got
> this working or have any suggestions of how I might solve this issue?
>
>
On the node machine run:
/usr/bin/find /var/lib/puppet/ssl/ -name '*.pem' -exec rm {} \;
Sign the cert on the master side and you should be good to go,
Another issue iv found is that the clocks of the node and the master need to
be in sync
--
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
