On Tuesday, November 13, 2012 2:46:09 PM UTC-6, JGonza1 wrote: > > Added new clients that are behind a firewall and none of them are updating > with the configurations from the puppet master. I get the message below > from the client when I run command puppet agent --server > ct-eng-pup.caretools.ent --test. What ports need to be opened for client to > talk to puppet master. The puppet client had no problem get aa certificate > from the puppet client but it will not update. > > info: Caching catalog for pdlnx-pntp02.kareoprod.ent > info: Applying configuration version '1351815499' > notice: Finished catalog run in 0.10 seconds > # > >
Those messages do not reflect any kind of problem with contacting the master (as would be expected since the client was able to have its certificate signed). Instead, they suggest that the master is delivering an empty catalog. That would arise from a problem with your Puppet manifests, not with your firewall. > On the puppet master on the > /var/lib/puppet/reports/pdlnx-pntp02.kareoprod.ent the transaction report I > am getting a lot of failed, see log below. > --- !ruby/object:Puppet::Transaction::Report > configuration_version: 1351815499 > environment: production > host: pdlnx-pntp02.kareoprod.ent > kind: apply > logs: > - !ruby/object:Puppet::Util::Log > level: !ruby/sym info > message: Caching catalog for pdlnx-pntp02.kareoprod.ent > source: Puppet > tags: > - info > time: 2012-11-13 12:23:01.849547 -08:00 > - !ruby/object:Puppet::Util::Log > level: !ruby/sym info > message: Applying configuration version '1351815499' > source: Puppet > tags: > - info > time: 2012-11-13 12:23:01.886192 -08:00 > - !ruby/object:Puppet::Util::Log > level: !ruby/sym notice > message: Finished catalog run in 0.10 seconds > source: Puppet > tags: > - notice > time: 2012-11-13 12:23:01.987541 -08:00 > metrics: > events: !ruby/object:Puppet::Util::Metric > label: Events > name: events > values: > - - success > - Success > - 0 > - - total > - Total > - 0 > - - failure > - Failure > - 0 > time: !ruby/object:Puppet::Util::Metric > label: Time > name: time > values: > - - total > - Total > - 0.221700026885986 > - - config_retrieval > - Config retrieval > - 0.221333026885986 > - - filebucket > - Filebucket > - 0.000367 > resources: !ruby/object:Puppet::Util::Metric > label: Resources > name: resources > values: > - - changed > - Changed > - 0 > - - failed_to_restart > - Failed to restart > - 0 > - - restarted > - Restarted > - 0 > - - total > - Total > - 7 > - - out_of_sync > - Out of sync > - 0 > - - failed > - Failed > - 0 > - - skipped > - Skipped > - 6 > - - scheduled > - Scheduled > - 0 > changes: !ruby/object:Puppet::Util::Metric > label: Changes > name: changes > values: > - - total > - Total > - 0 > puppet_version: 2.7.19 > report_format: 2 > resource_statuses: > "Filebucket[puppet]": !ruby/object:Puppet::Resource::Status > change_count: 0 > changed: false > evaluation_time: 0.000367 > events: [] > failed: false > file: > line: > out_of_sync: false > out_of_sync_count: 0 > resource: "Filebucket[puppet]" > resource_type: Filebucket > skipped: false > tags: > - filebucket > - puppet > time: 2012-11-13 12:23:01.972617 -08:00 > title: puppet > "Schedule[weekly]": !ruby/object:Puppet::Resource::Status > change_count: 0 > changed: false > events: [] > failed: false > I think you are misreading that. As far as I can tell, it explicitly reports that there were zero failures in each of several categories it covers. Furthermore, if you are getting reports from the agent then that is additional evidence that communication between the agent and master is working fine. You do not have a firewall problem here. Most likely the certnames (== hostnames by default) presented by the affected nodes do not match any node blocks in your top-level manifests. The master's log should show more clearly and succinctly which nodes are requesting catalogs, including, I think, their certnames. Compare those to your node blocks, and / or create a 'default' node to support otherwise-unmatched nodes. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ZLtBwt2tkY0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
