Hi Martin, Thank you for your reply.. The firewall was disabled before I started puppet… I was using VirtualBox to create the environment. One server acts as puppet master and the other acts as agent. Still getting same error…. Any idea what else steps I was missing for configuration?
[root@puppetmaster ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) [root@centos ~]# puppet agent --test Error: Could not request certificate: Connection refused - request https://puppet:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP connection to puppet:8140 (Connection refused - connect(2) for "puppet" port 8140) Exiting; failed to retrieve certificate and waitforcert is disabled > On Aug 22, 2019, at 4:58 AM, Martin Alfke <tux...@gmail.com> wrote: > > Hi, > > >> On 22. Aug 2019, at 08:02, Zhang Zhao <zhang.alex.z...@gmail.com >> <mailto:zhang.alex.z...@gmail.com>> wrote: >> >> Hi, >> I am new to Puppet. Trying to set up a test environment. But the agent could >> not request a certificate as connection refused. I made sure that puppet >> server was running and service was enabled. Anyone can let me know where was >> wrong? Thanks. > > Is there a local firewall (iptables) running on the master? > You can temporarily flush the rules: > sudo iptables -F > > If a local firewall is running, you want to open port 8140/tcp for incoming > connections. > > Best, > Martin > > >> >> Zhang >> >> On PuppetMaster, >> [root@puppetmaster ~]# puppet resource service puppetserver ensure=running >> enable=true >> service { 'puppetserver': >> ensure => 'running', >> enable => 'true', >> } >> >> [root@puppetmaster ~]# netstat -ntlp >> Active Internet connections (only servers) >> Proto Recv-Q Send-Q Local Address Foreign Address State >> PID/Program name >> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN >> 1/systemd >> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN >> 2469/sshd >> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN >> 2694/master >> tcp6 0 0 :::8140 :::* LISTEN >> 27805/java >> tcp6 0 0 :::111 :::* LISTEN >> 1/systemd >> tcp6 0 0 :::22 :::* LISTEN >> 2469/sshd >> tcp6 0 0 ::1:25 :::* LISTEN >> 2694/master >> >> >> [root@puppetmaster ~]# puppet cert list --all >> Warning: `puppet cert` is deprecated and will be removed in a future release. >> (location: >> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in >> `run') >> + "puppetmaster.attlocal.net <http://puppetmaster.attlocal.net/>" (SHA256) >> 10:A5:A4:7D:9E:10:D1:14:C3:92:D2:CE:B4:7E:78:C5:C4:26:56:DA:0D:7B:4E:0B:D5:58:B4:1E:43:03:F4:9E >> (alt names: "DNS:puppet", "DNS:puppetmaster.attlocal.net >> <http://puppetmaster.attlocal.net/>") >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com >> <mailto:puppet-users+unsubscr...@googlegroups.com>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com > > <https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com.