Re: [Puppet Users] DNS issues?

[Brian Keifer]

On Mar 10, 2010, at 11:48 AM, Patrick wrote:

> 
> On Mar 10, 2010, at 6:54 AM, Brian Keifer wrote:
> 
>> 
>> On Mar 9, 2010, at 5:50 PM, Patrick wrote:
>> 
>>> 
>>> On Mar 9, 2010, at 1:59 PM, Brian Keifer wrote:
>>> 
 
 On Mar 9, 2010, at 4:57 PM, Patrick wrote:
 
> 
> On Mar 9, 2010, at 6:36 AM, Brian Keifer wrote:
> 
>> 
>> On Mar 9, 2010, at 12:17 AM, Dan Bode wrote:
>> 
>>> 
>>> 1. Check the source attribute assignment.
>>> 
>>> source => puppet:///modules/stats/denora.conf
>>> 
>>> the third slash means use same server address as the server we 
>>> connected to.
>>> 
>>> maybe its hardcoded to be the server name?
>>> 
>>> 2. you could also try:
>>> 
>>> [puppetmasterd]
>>> certdnsnames=badger.valinor.net
>>> 
>>> on the server if you need this name to be accepted by the cert.
>>> 
>> 
>> Thanks!  I had been using source => 
>> "puppet://$servername/module/path/filename.ext".  I switched to 
>> puppet:/// and added the certdnsnames line to my puppetmaster's config 
>> file.  My config looks a bit cleaner, but I'm still getting the random 
>> errors on my file definitions:
>> 
>> err: //inspircd/File[/home/procrast/inspircd/conf/modules.conf]: Failed 
>> to retrieve current state of resource: undefined method `closed?' for 
>> nil:NilClass Could not retrieve file metadata for 
>> puppet:///inspircd/modules.conf: undefined method `closed?' for 
>> nil:NilClass at /etc/puppet/modules/inspircd/manifests/init.pp:15
>> 
>> From several test runs with:
>> 
>>  puppetd --server puppet.procrast.net --fqdn badger.procrast.net 
>> --no-daemonize --onetime --verbose
>> 
>> I get between 3 and 9 of these errors each time, always a different 
>> subset of my files.  These same files serve properly to my other two 
>> clients.
>> 
>> I don't get it.
> 
> This might be related to http://projects.reductivelabs.com/issues/3083.  
> Try using "puppetca --list --all" on the server and check if those 
> clients are in the list.  If they are not in the list, it's probably that 
> bug.
> -Patrick
> 
 
 The problem client does appear to be listed.
 
 [r...@badger /etc/puppet]# puppetca --list --all
 + badger.procrast.net
 + puppet.procrast.net
>>> 
>>> Does puppetca show the other clients (that work) as being in the same 
>>> domain?  Also, take a look at /etc/puppet/fileserver.conf.
>>> 
>> 
>> Yep.  They all show .procrast.net addresses.  My fileserver.conf is quite 
>> basic at the moment.  It's got the path to the files for each module and an 
>> "allow *" for each.
>> 
>> I believe the fileserver.conf is set up correctly, as the problems are 
>> sporadic.  On one run a file may fail, but on the other runs it copies 
>> properly.  Additionally, the other two clients that are not on the same 
>> machine as the fileserver have no issues at all.
>> 
> I really have no idea what's wrong.  Here's some standard troubleshooting 
> ideas that I would try.
> 
> Here are a couple of things to compare between clients that work and clients 
> that don't:
>   What version of puppet are they using?
>   Is the path to the server complicated?  (How many router hops? is there 
> a natting firewall in between?  High latency?  Packet loss?)
>   What OS are you using?

All clients and the server are using 0.25.4 installed via gem.

The path to the two remote clients is 10-12 hops, but they work fine.  The path 
to the client that's running from the same machine as the puppetmaster is, 
naturally, zero hops.  That's the only one that's having problems.

The problem server is FreeBSD, but I'm fairly certain we can rule out the OS as 
the problem since the other clients can connect to it without issue and a 
puppetd on the FreeBSD machine can connect to a remote puppetmaster without any 
problems.

Anyone else happen to have any insight or know of any documentation that 
specifically speaks to running puppetd and puppetmasterd on the same host with 
different IP addresses?

Thanks!

-Brian 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] DNS issues?

[Patrick]

On Mar 10, 2010, at 6:54 AM, Brian Keifer wrote:

> 
> On Mar 9, 2010, at 5:50 PM, Patrick wrote:
> 
>> 
>> On Mar 9, 2010, at 1:59 PM, Brian Keifer wrote:
>> 
>>> 
>>> On Mar 9, 2010, at 4:57 PM, Patrick wrote:
>>> 
 
 On Mar 9, 2010, at 6:36 AM, Brian Keifer wrote:
 
> 
> On Mar 9, 2010, at 12:17 AM, Dan Bode wrote:
> 
>> 
>> 1. Check the source attribute assignment.
>> 
>> source => puppet:///modules/stats/denora.conf
>> 
>> the third slash means use same server address as the server we connected 
>> to.
>> 
>> maybe its hardcoded to be the server name?
>> 
>> 2. you could also try:
>> 
>> [puppetmasterd]
>> certdnsnames=badger.valinor.net
>> 
>> on the server if you need this name to be accepted by the cert.
>> 
> 
> Thanks!  I had been using source => 
> "puppet://$servername/module/path/filename.ext".  I switched to 
> puppet:/// and added the certdnsnames line to my puppetmaster's config 
> file.  My config looks a bit cleaner, but I'm still getting the random 
> errors on my file definitions:
> 
> err: //inspircd/File[/home/procrast/inspircd/conf/modules.conf]: Failed 
> to retrieve current state of resource: undefined method `closed?' for 
> nil:NilClass Could not retrieve file metadata for 
> puppet:///inspircd/modules.conf: undefined method `closed?' for 
> nil:NilClass at /etc/puppet/modules/inspircd/manifests/init.pp:15
> 
> From several test runs with:
> 
>   puppetd --server puppet.procrast.net --fqdn badger.procrast.net 
> --no-daemonize --onetime --verbose
> 
> I get between 3 and 9 of these errors each time, always a different 
> subset of my files.  These same files serve properly to my other two 
> clients.
> 
> I don't get it.
 
 This might be related to http://projects.reductivelabs.com/issues/3083.  
 Try using "puppetca --list --all" on the server and check if those clients 
 are in the list.  If they are not in the list, it's probably that bug.
 -Patrick
 
>>> 
>>> The problem client does appear to be listed.
>>> 
>>> [r...@badger /etc/puppet]# puppetca --list --all
>>> + badger.procrast.net
>>> + puppet.procrast.net
>> 
>> Does puppetca show the other clients (that work) as being in the same 
>> domain?  Also, take a look at /etc/puppet/fileserver.conf.
>> 
> 
> Yep.  They all show .procrast.net addresses.  My fileserver.conf is quite 
> basic at the moment.  It's got the path to the files for each module and an 
> "allow *" for each.
> 
> I believe the fileserver.conf is set up correctly, as the problems are 
> sporadic.  On one run a file may fail, but on the other runs it copies 
> properly.  Additionally, the other two clients that are not on the same 
> machine as the fileserver have no issues at all.
> 
> Thanks!

I really have no idea what's wrong.  Here's some standard troubleshooting ideas 
that I would try.

Here are a couple of things to compare between clients that work and clients 
that don't:
What version of puppet are they using?
Is the path to the server complicated?  (How many router hops? is there 
a natting firewall in between?  High latency?  Packet loss?)
What OS are you using?


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] DNS issues?

[Brian Keifer]

On Mar 9, 2010, at 5:50 PM, Patrick wrote:

> 
> On Mar 9, 2010, at 1:59 PM, Brian Keifer wrote:
> 
>> 
>> On Mar 9, 2010, at 4:57 PM, Patrick wrote:
>> 
>>> 
>>> On Mar 9, 2010, at 6:36 AM, Brian Keifer wrote:
>>> 
 
 On Mar 9, 2010, at 12:17 AM, Dan Bode wrote:
 
> 
> 1. Check the source attribute assignment.
> 
> source => puppet:///modules/stats/denora.conf
> 
> the third slash means use same server address as the server we connected 
> to.
> 
> maybe its hardcoded to be the server name?
> 
> 2. you could also try:
> 
> [puppetmasterd]
> certdnsnames=badger.valinor.net
> 
> on the server if you need this name to be accepted by the cert.
> 
 
 Thanks!  I had been using source => 
 "puppet://$servername/module/path/filename.ext".  I switched to puppet:/// 
 and added the certdnsnames line to my puppetmaster's config file.  My 
 config looks a bit cleaner, but I'm still getting the random errors on my 
 file definitions:
 
 err: //inspircd/File[/home/procrast/inspircd/conf/modules.conf]: Failed to 
 retrieve current state of resource: undefined method `closed?' for 
 nil:NilClass Could not retrieve file metadata for 
 puppet:///inspircd/modules.conf: undefined method `closed?' for 
 nil:NilClass at /etc/puppet/modules/inspircd/manifests/init.pp:15
 
 From several test runs with:
 
puppetd --server puppet.procrast.net --fqdn badger.procrast.net 
 --no-daemonize --onetime --verbose
 
 I get between 3 and 9 of these errors each time, always a different subset 
 of my files.  These same files serve properly to my other two clients.
 
 I don't get it.
>>> 
>>> This might be related to http://projects.reductivelabs.com/issues/3083.  
>>> Try using "puppetca --list --all" on the server and check if those clients 
>>> are in the list.  If they are not in the list, it's probably that bug.
>>> -Patrick
>>> 
>> 
>> The problem client does appear to be listed.
>> 
>> [r...@badger /etc/puppet]# puppetca --list --all
>> + badger.procrast.net
>> + puppet.procrast.net
> 
> Does puppetca show the other clients (that work) as being in the same domain? 
>  Also, take a look at /etc/puppet/fileserver.conf.
> 

Yep.  They all show .procrast.net addresses.  My fileserver.conf is quite basic 
at the moment.  It's got the path to the files for each module and an "allow *" 
for each.

I believe the fileserver.conf is set up correctly, as the problems are 
sporadic.  On one run a file may fail, but on the other runs it copies 
properly.  Additionally, the other two clients that are not on the same machine 
as the fileserver have no issues at all.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] DNS issues?

[Patrick]

On Mar 9, 2010, at 1:59 PM, Brian Keifer wrote:

> 
> On Mar 9, 2010, at 4:57 PM, Patrick wrote:
> 
>> 
>> On Mar 9, 2010, at 6:36 AM, Brian Keifer wrote:
>> 
>>> 
>>> On Mar 9, 2010, at 12:17 AM, Dan Bode wrote:
>>> 
 
 1. Check the source attribute assignment.
 
 source => puppet:///modules/stats/denora.conf
 
 the third slash means use same server address as the server we connected 
 to.
 
 maybe its hardcoded to be the server name?
 
 2. you could also try:
 
 [puppetmasterd]
 certdnsnames=badger.valinor.net
 
 on the server if you need this name to be accepted by the cert.
 
>>> 
>>> Thanks!  I had been using source => 
>>> "puppet://$servername/module/path/filename.ext".  I switched to puppet:/// 
>>> and added the certdnsnames line to my puppetmaster's config file.  My 
>>> config looks a bit cleaner, but I'm still getting the random errors on my 
>>> file definitions:
>>> 
>>> err: //inspircd/File[/home/procrast/inspircd/conf/modules.conf]: Failed to 
>>> retrieve current state of resource: undefined method `closed?' for 
>>> nil:NilClass Could not retrieve file metadata for 
>>> puppet:///inspircd/modules.conf: undefined method `closed?' for 
>>> nil:NilClass at /etc/puppet/modules/inspircd/manifests/init.pp:15
>>> 
>>> From several test runs with:
>>> 
>>> puppetd --server puppet.procrast.net --fqdn badger.procrast.net 
>>> --no-daemonize --onetime --verbose
>>> 
>>> I get between 3 and 9 of these errors each time, always a different subset 
>>> of my files.  These same files serve properly to my other two clients.
>>> 
>>> I don't get it.
>> 
>> This might be related to http://projects.reductivelabs.com/issues/3083.  Try 
>> using "puppetca --list --all" on the server and check if those clients are 
>> in the list.  If they are not in the list, it's probably that bug.
>> -Patrick
>> 
> 
> The problem client does appear to be listed.
> 
> [r...@badger /etc/puppet]# puppetca --list --all
> + badger.procrast.net
> + puppet.procrast.net

Does puppetca show the other clients (that work) as being in the same domain?  
Also, take a look at /etc/puppet/fileserver.conf.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] DNS issues?

[Brian Keifer]

On Mar 9, 2010, at 4:57 PM, Patrick wrote:

> 
> On Mar 9, 2010, at 6:36 AM, Brian Keifer wrote:
> 
>> 
>> On Mar 9, 2010, at 12:17 AM, Dan Bode wrote:
>> 
>>> 
>>> 1. Check the source attribute assignment.
>>> 
>>> source => puppet:///modules/stats/denora.conf
>>> 
>>> the third slash means use same server address as the server we connected to.
>>> 
>>> maybe its hardcoded to be the server name?
>>> 
>>> 2. you could also try:
>>> 
>>> [puppetmasterd]
>>>  certdnsnames=badger.valinor.net
>>> 
>>> on the server if you need this name to be accepted by the cert.
>>> 
>> 
>> Thanks!  I had been using source => 
>> "puppet://$servername/module/path/filename.ext".  I switched to puppet:/// 
>> and added the certdnsnames line to my puppetmaster's config file.  My config 
>> looks a bit cleaner, but I'm still getting the random errors on my file 
>> definitions:
>> 
>> err: //inspircd/File[/home/procrast/inspircd/conf/modules.conf]: Failed to 
>> retrieve current state of resource: undefined method `closed?' for 
>> nil:NilClass Could not retrieve file metadata for 
>> puppet:///inspircd/modules.conf: undefined method `closed?' for nil:NilClass 
>> at /etc/puppet/modules/inspircd/manifests/init.pp:15
>> 
>> From several test runs with:
>> 
>>  puppetd --server puppet.procrast.net --fqdn badger.procrast.net 
>> --no-daemonize --onetime --verbose
>> 
>> I get between 3 and 9 of these errors each time, always a different subset 
>> of my files.  These same files serve properly to my other two clients.
>> 
>> I don't get it.
> 
> This might be related to http://projects.reductivelabs.com/issues/3083.  Try 
> using "puppetca --list --all" on the server and check if those clients are in 
> the list.  If they are not in the list, it's probably that bug.
> -Patrick
> 

The problem client does appear to be listed.

[r...@badger /etc/puppet]# puppetca --list --all
+ badger.procrast.net
+ puppet.procrast.net

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] DNS issues?

[Patrick]

On Mar 9, 2010, at 6:36 AM, Brian Keifer wrote:

> 
> On Mar 9, 2010, at 12:17 AM, Dan Bode wrote:
> 
>> 
>> 1. Check the source attribute assignment.
>> 
>> source => puppet:///modules/stats/denora.conf
>> 
>> the third slash means use same server address as the server we connected to.
>> 
>> maybe its hardcoded to be the server name?
>> 
>> 2. you could also try:
>> 
>> [puppetmasterd]
>>   certdnsnames=badger.valinor.net
>> 
>> on the server if you need this name to be accepted by the cert.
>> 
> 
> Thanks!  I had been using source => 
> "puppet://$servername/module/path/filename.ext".  I switched to puppet:/// 
> and added the certdnsnames line to my puppetmaster's config file.  My config 
> looks a bit cleaner, but I'm still getting the random errors on my file 
> definitions:
> 
> err: //inspircd/File[/home/procrast/inspircd/conf/modules.conf]: Failed to 
> retrieve current state of resource: undefined method `closed?' for 
> nil:NilClass Could not retrieve file metadata for 
> puppet:///inspircd/modules.conf: undefined method `closed?' for nil:NilClass 
> at /etc/puppet/modules/inspircd/manifests/init.pp:15
> 
> From several test runs with:
> 
>   puppetd --server puppet.procrast.net --fqdn badger.procrast.net 
> --no-daemonize --onetime --verbose
> 
> I get between 3 and 9 of these errors each time, always a different subset of 
> my files.  These same files serve properly to my other two clients.
> 
> I don't get it.

This might be related to http://projects.reductivelabs.com/issues/3083.  Try 
using "puppetca --list --all" on the server and check if those clients are in 
the list.  If they are not in the list, it's probably that bug.
-Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] DNS issues?

[Brian Keifer]

On Mar 9, 2010, at 12:17 AM, Dan Bode wrote:

> 
> 1. Check the source attribute assignment.
> 
> source => puppet:///modules/stats/denora.conf
> 
> the third slash means use same server address as the server we connected to.
> 
> maybe its hardcoded to be the server name?
> 
> 2. you could also try:
>   
> [puppetmasterd]
>certdnsnames=badger.valinor.net
> 
> on the server if you need this name to be accepted by the cert.
> 

Thanks!  I had been using source => 
"puppet://$servername/module/path/filename.ext".  I switched to puppet:/// and 
added the certdnsnames line to my puppetmaster's config file.  My config looks 
a bit cleaner, but I'm still getting the random errors on my file definitions:

err: //inspircd/File[/home/procrast/inspircd/conf/modules.conf]: Failed to 
retrieve current state of resource: undefined method `closed?' for nil:NilClass 
Could not retrieve file metadata for puppet:///inspircd/modules.conf: undefined 
method `closed?' for nil:NilClass at 
/etc/puppet/modules/inspircd/manifests/init.pp:15

>From several test runs with:

puppetd --server puppet.procrast.net --fqdn badger.procrast.net 
--no-daemonize --onetime --verbose

I get between 3 and 9 of these errors each time, always a different subset of 
my files.  These same files serve properly to my other two clients.

I don't get it.

-Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] DNS issues?

[Dan Bode]

Hi Brian,

On Mon, Mar 8, 2010 at 2:35 PM, Brian Keifer  wrote:

> I'm just starting out with puppet and have been seeing problems very
> similar to those in ticket #3083:
>
>http://projects.reductivelabs.com/issues/3083
>
> First, an overview of my configuration.  I have three physical servers,
> each running puppet 0.25.4.  One of the servers is going to be my
> puppetmaster as well as a client.  The other two servers in my configuration
> will only be puppetd clients.  Their forward and reverse DNS do not match
> and, for political reasons, I can't change them.
>
> I've set up puppetmasterd running on the main IP address of the first
> server.  The puppetmaster's puppet.conf contains:
>
>certname = server.example.com
>
> And the client's puppet.con contains:
>
>certname = client1.example.com
>
> When I run puppetd with:
>
>puppetd --server server.example.com --fqdn client1.example.com
>
> I get the following for some seemingly random number of files in my
> manifests:
>
> puppetd[67238]: (//stats/File[/home/procrast/stats/denora.conf]) Failed to
> retrieve current state of resource: undefined method `closed?' for
> nil:NilClass Could not retrieve file metadata for puppet://
> badger.valinor.net/stats/denora.conf: undefined method `closed?' for
> nil:NilClass at /etc/puppet/modules/stats/manifests/init.pp:15
>
> I gather from my reading that it's DNS related somehow, but I'm not sure
> what else I need to set in order to override whatever puppet thinks the
> client/server should be.
>

1. Check the source attribute assignment.

source => puppet:///modules/stats/denora.conf

the third slash means use same server address as the server we connected to.

maybe its hardcoded to be the server name?

2. you could also try:

[puppetmasterd]
   certdnsnames=badger.valinor.net

on the server if you need this name to be accepted by the cert.



> Thanks in advance!
>
> -Brian
>
>
hope this helps,

Dan


> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] DNS issues?

[Brian Keifer]

I'm just starting out with puppet and have been seeing problems very similar to 
those in ticket #3083:

http://projects.reductivelabs.com/issues/3083

First, an overview of my configuration.  I have three physical servers, each 
running puppet 0.25.4.  One of the servers is going to be my puppetmaster as 
well as a client.  The other two servers in my configuration will only be 
puppetd clients.  Their forward and reverse DNS do not match and, for political 
reasons, I can't change them.

I've set up puppetmasterd running on the main IP address of the first server.  
The puppetmaster's puppet.conf contains:

certname = server.example.com

And the client's puppet.con contains:

certname = client1.example.com

When I run puppetd with:

puppetd --server server.example.com --fqdn client1.example.com

I get the following for some seemingly random number of files in my manifests:

puppetd[67238]: (//stats/File[/home/procrast/stats/denora.conf]) Failed to 
retrieve current state of resource: undefined method `closed?' for nil:NilClass 
Could not retrieve file metadata for 
puppet://badger.valinor.net/stats/denora.conf: undefined method `closed?' for 
nil:NilClass at /etc/puppet/modules/stats/manifests/init.pp:15

I gather from my reading that it's DNS related somehow, but I'm not sure what 
else I need to set in order to override whatever puppet thinks the 
client/server should be.

Thanks in advance!

-Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.