Hi Zhang, > On 23. Aug 2019, at 09:36, Zhang Zhao <zhang.alex.z...@gmail.com> wrote: > > Hi Martin, > Thank you for your reply.. The firewall was disabled before I started puppet… > I was using VirtualBox to create the environment. One server acts as puppet > master and the other acts as agent. Still getting same error…. Any idea what > else steps I was missing for configuration?
How did you do the Virtualbox network setup? Do you use bridge interfaces? Have the two systems a shared internal network? Can the agent resolve the master hostname (puppet)? Is puppet really the hostname of the master VM? Can the agent ping the master (ping -c1 puppet)? DNS (via Server like bind or via /etc/hosts entries) and NTP are two requirements for a working Puppet environment. Best, Martin > > > [root@puppetmaster ~]# systemctl status firewalld > ● firewalld.service - firewalld - dynamic firewall daemon > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; > vendor preset: enabled) > Active: inactive (dead) > Docs: man:firewalld(1) > > > > > [root@centos ~]# puppet agent --test > Error: Could not request certificate: Connection refused - request > https://puppet:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP > connection to puppet:8140 (Connection refused - connect(2) for "puppet" port > 8140) > Exiting; failed to retrieve certificate and waitforcert is disabled > > > > >> On Aug 22, 2019, at 4:58 AM, Martin Alfke <tux...@gmail.com> wrote: >> >> Hi, >> >> >>> On 22. Aug 2019, at 08:02, Zhang Zhao <zhang.alex.z...@gmail.com> wrote: >>> >>> Hi, >>> I am new to Puppet. Trying to set up a test environment. But the agent >>> could not request a certificate as connection refused. I made sure that >>> puppet server was running and service was enabled. Anyone can let me know >>> where was wrong? Thanks. >> >> Is there a local firewall (iptables) running on the master? >> You can temporarily flush the rules: >> sudo iptables -F >> >> If a local firewall is running, you want to open port 8140/tcp for incoming >> connections. >> >> Best, >> Martin >> >> >>> >>> Zhang >>> >>> On PuppetMaster, >>> [root@puppetmaster ~]# puppet resource service puppetserver ensure=running >>> enable=true >>> service { 'puppetserver': >>> ensure => 'running', >>> enable => 'true', >>> } >>> >>> [root@puppetmaster ~]# netstat -ntlp >>> Active Internet connections (only servers) >>> Proto Recv-Q Send-Q Local Address Foreign Address State >>> PID/Program name >>> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN >>> 1/systemd >>> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN >>> 2469/sshd >>> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN >>> 2694/master >>> tcp6 0 0 :::8140 :::* LISTEN >>> 27805/java >>> tcp6 0 0 :::111 :::* LISTEN >>> 1/systemd >>> tcp6 0 0 :::22 :::* LISTEN >>> 2469/sshd >>> tcp6 0 0 ::1:25 :::* LISTEN >>> 2694/master >>> >>> >>> [root@puppetmaster ~]# puppet cert list --all >>> Warning: `puppet cert` is deprecated and will be removed in a future >>> release. >>> (location: >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in >>> `run') >>> + "puppetmaster.attlocal.net" (SHA256) >>> 10:A5:A4:7D:9E:10:D1:14:C3:92:D2:CE:B4:7E:78:C5:C4:26:56:DA:0D:7B:4E:0B:D5:58:B4:1E:43:03:F4:9E >>> (alt names: "DNS:puppet", "DNS:puppetmaster.attlocal.net") >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to puppet-users+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/01AABC8A-874A-4606-AE70-199C6BAB5550%40gmail.com.
