On 2012-10-10 02:35, Pondy wrote: > Hi everyone, > > Please help, I have built a new server and installed puppet (2.6.17) > running on RHEL 6.3. It seems that it is not listening on port 8139.
By default, puppet listens on 8140, not 8139. And your configuration
doesn't seem to be specifying an alternative port.
maybe that's what you ought to looking for?
tcp 0 0 0.0.0.0:8140 0.0.0.0:*
LISTEN 18794/ruby1.8
> iptables -L:
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> /etc/puppet/puppet.conf:
> [main]
> # The Puppet log directory.
> # The default value is '$vardir/log'.
> logdir = /var/log/puppet
>
> # Where Puppet PID files are kept.
> # The default value is '$vardir/run'.
> rundir = /var/run/puppet
>
> # Where SSL certificates are kept.
> # The default value is '$confdir/ssl'.
> ssldir = $vardir/ssl
>
> [agent]
> # The file in which puppetd stores a list of the classes
> # associated with the retrieved configuratiion. Can be loaded in
> # the separate ``puppet`` executable using the ``--loadclasses``
> # option.
> # The default value is '$confdir/classes.txt'.
> classfile = $vardir/classes.txt
>
> # Where puppetd caches the local configuration. An
> # extension indicating the cache format is added automatically.
> # The default value is '$confdir/localconfig'.
> localconfig = $vardir/localconfig
> listen = true
> server = mypuppet server.fqdn
>
> /etc/puppet/namespaceauth.conf:
> [puppetmaster]
> allow mypuppet server.fqdn
>
> /etc/puppet/auth.conf:
> # This is an example auth.conf file, it mimics the puppetmasterd defaults
> #
> # The ACL are checked in order of appearance in this file.
> #
> # Supported syntax:
> # This file supports two different syntax depending on how
> # you want to express the ACL.
> #
> # Path syntax (the one used below):
> # ---------------------------------
> # path /path/to/resource
> # [environment envlist]
> # [method methodlist]
> # [auth[enthicated] {yes|no|on|off|any}]
> # allow [host|ip|*]
> # deny [host|ip]
> #
> # The path is matched as a prefix. That is /file match at
> # the same time /file_metadat and /file_content.
> #
> # Regex syntax:
> # -------------
> # This one is differenciated from the path one by a '~'
> #
> # path ~ regex
> # [environment envlist]
> # [method methodlist]
> # [auth[enthicated] {yes|no|on|off|any}]
> # allow [host|ip|*]
> # deny [host|ip]
> #
> # The regex syntax is the same as ruby ones.
> #
> # Ex:
> # path ~ .pp$
> # will match every resource ending in .pp (manifests files for instance)
> #
> # path ~ ^/path/to/resource
> # is essentially equivalent to path /path/to/resource
> #
> # environment:: restrict an ACL to a specific set of environments
> # method:: restrict an ACL to a specific set of methods
> # auth:: restrict an ACL to an authenticated or unauthenticated request
> # the default when unspecified is to restrict the ACL to authenticated
> requests
> # (ie exactly as if auth yes was present).
> #
>
> ### Authenticated ACL - those applies only when the client
> ### has a valid certificate and is thus authenticated
>
> # allow nodes to retrieve their own catalog (ie their configuration)
> path ~ ^/catalog/([^/]+)$
> method find
> allow $1
>
> # allow all nodes to access the certificates services
> path /certificate_revocation_list/ca
> method find
> allow *
>
> # allow all nodes to store their reports
> path /report
> method save
> allow *
>
> # Puppetrun settings
> path /run
> allow mypuppet server fqdn
>
> # inconditionnally allow access to all files services
> # which means in practice that fileserver.conf will
> # still be used
> path /file
> allow *
>
> ### Unauthenticated ACL, for clients for which the current master doesn't
> ### have a valid certificate
>
> # allow access to the master CA
> path /certificate/ca
> auth no
> method find
> allow *
>
> path /certificate/
> auth no
> method find
> allow *
>
> path /certificate_request
> auth no
> method find, save
> allow *
>
> # this one is not stricly necessary, but it has the merit
> # to show the default policy which is deny everything else
> path /
> auth any
>
> It seems as though the puppet is running:
> 4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd
> --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log
>
> But I cant even telnet to port 8139 on the localhost to test that the
> port is open.
>
> Can any one please help?
>
> Any suggestions welcome, I have copied the /etc/puppet/*.conf files from
> another working server.
>
> Please Help!
--
Gabriel Filion
signature.asc
Description: OpenPGP digital signature
