Re: [Puppet Users] Re: Port 8139 needs to be open between machine running puppetrun and a client puppetd machine, correct?

[Joe McDonagh]

Raj Gurung wrote:

Modified the puppet.conf but no joy still.

# puppetrun -d --host client.mydomain.com 
debug: Parsing /etc/puppet/puppet.conf
Finished

I dont see the changes pushed to client.mydomain.com 
 box. I wonder if LDAP is required 
component for puppetrun?


Thanks,
grg350

On Thu, Feb 11, 2010 at 12:44 PM, Iain Sutton > wrote:


Hi,

We are able to successfully invoke puppetrun from the
puppetmaster. The two main differences between our configuration
and what is posted below are:

a) the line 'server=puppet.mydomain.com
' is in the [puppetd] section on the
client, not in the [main] section
b) we don't have a namespaceauth.conf on the puppetmaster at all,
since when we had this in place, all clients would receive a '500
Internal Server Error' when they checked in. I haven't revisited
this recently.

We're running puppet 0.24.8 on CentOS/RHEL on client and server.

Hope this helps,

Iain


On 11 February 2010 13:49, grg350 mailto:grg...@gmail.com>> wrote:

Don, looks like you are able to run puppetrun to configure
clients.
Its not working for me.
My config files goes:

On Client:
cat puppet.conf
[main]
server=puppetmaster.mydomain.com

logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true

[puppetd]
listen=true

cat namespaceauth.conf
[puppetrunner]
   allow puppetmaster.mydomain.com


On puppetmaster:
cat namespaceauth.com 
[fileserver]
   allow *.mydomain.com 
[puppetmaster]
   allow *.mydomain.com 
[puppetrunner]
   allow *.mydomain.com 

I ran puppetrun with
#puppetrun --host client.mydomain.com 

But it doesn't looks like the client get updated and exits with
"Failed to load ruby LDAP library. LDAP functionality will not be
available
Finished"

Also, I dont see any traffic on port 8139 and 8140 while running
tcpdump.Those two machines are on same LAN and no firewall between
them. Not sure what I have been missing. any help would be
appreciated.

Thanks,
grg350

On Jan 31, 4:28 pm, Dan Bode mailto:d...@reductivelabs.com>> wrote:
> On Sun, Jan 31, 2010 at 12:11 PM, Don Jackson <
>
>
>
>
>
> puppet-us...@clark-communications.com
> wrote:
>
> > Hello,
>
> > I am attempting to get my machines configured properly so
I can use
> > puppetrun on my puppetmaster to get clients to update
themselves during my
> > development/testing of new recipes.
>
> > I understand about listen = true in the puppetd.conf file,
and I also have
> > learned about the namespaceauth.conf file,
> > where I put stuff like:
>
> >[puppetrunner]
> >allow puppet.mydomain.com

>
> > This was all I needed to get machines on the same LAN as
my puppetmaster to
> > work, but it didn't work across firewalls to machines in a
colo.
>
> > From router/firewall logs, it appears that the
puppetmaster needs to
> > connect to port 8139 of the machine running puppetd.
>
> that is correct, when using puppetrun, the authorized host
needs to initiate
> a connection with the client on port 8139, then that host
will initiate a
> request with its puppetmaster on 8140.
>
> You can change the puppetd listen port with the puppetport
option.
>
> -Dan
>
>
>
> > I wasn't able to find this clearly documented, hence this
email.
>
> > Regards,
>
> > Don
>
> > --
> > You received this message because you are subscribed to
the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to
puppet-users@googlegroups.com
.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com

http://groups.com>>
> > .
> > For more options, visit 

Re: [Puppet Users] Re: Port 8139 needs to be open between machine running puppetrun and a client puppetd machine, correct?

[Raj Gurung]

Modified the puppet.conf but no joy still.

# puppetrun -d --host client.mydomain.com
debug: Parsing /etc/puppet/puppet.conf
Finished

I dont see the changes pushed to client.mydomain.com box. I wonder if LDAP
is required component for puppetrun?

Thanks,
grg350

On Thu, Feb 11, 2010 at 12:44 PM, Iain Sutton  wrote:

> Hi,
>
> We are able to successfully invoke puppetrun from the puppetmaster. The two
> main differences between our configuration and what is posted below are:
>
> a) the line 'server=puppet.mydomain.com' is in the [puppetd] section on
> the client, not in the [main] section
> b) we don't have a namespaceauth.conf on the puppetmaster at all, since
> when we had this in place, all clients would receive a '500 Internal Server
> Error' when they checked in. I haven't revisited this recently.
>
> We're running puppet 0.24.8 on CentOS/RHEL on client and server.
>
> Hope this helps,
>
> Iain
>
>
> On 11 February 2010 13:49, grg350  wrote:
>
>> Don, looks like you are able to run puppetrun to configure clients.
>> Its not working for me.
>> My config files goes:
>>
>> On Client:
>> cat puppet.conf
>> [main]
>> server=puppetmaster.mydomain.com
>> logdir=/var/log/puppet
>> vardir=/var/lib/puppet
>> ssldir=/var/lib/puppet/ssl
>> rundir=/var/run/puppet
>> factpath=$vardir/lib/facter
>> pluginsync=true
>>
>> [puppetd]
>> listen=true
>>
>> cat namespaceauth.conf
>> [puppetrunner]
>>allow puppetmaster.mydomain.com
>>
>> On puppetmaster:
>> cat namespaceauth.com
>> [fileserver]
>>allow *.mydomain.com
>> [puppetmaster]
>>allow *.mydomain.com
>> [puppetrunner]
>>allow *.mydomain.com
>>
>> I ran puppetrun with
>> #puppetrun --host client.mydomain.com
>>
>> But it doesn't looks like the client get updated and exits with
>> "Failed to load ruby LDAP library. LDAP functionality will not be
>> available
>> Finished"
>>
>> Also, I dont see any traffic on port 8139 and 8140 while running
>> tcpdump.Those two machines are on same LAN and no firewall between
>> them. Not sure what I have been missing. any help would be
>> appreciated.
>>
>> Thanks,
>> grg350
>>
>> On Jan 31, 4:28 pm, Dan Bode  wrote:
>> > On Sun, Jan 31, 2010 at 12:11 PM, Don Jackson <
>> >
>> >
>> >
>> >
>> >
>> > puppet-us...@clark-communications.com> wrote:
>> >
>> > > Hello,
>> >
>> > > I am attempting to get my machines configured properly so I can use
>> > > puppetrun on my puppetmaster to get clients to update themselves
>> during my
>> > > development/testing of new recipes.
>> >
>> > > I understand about listen = true in the puppetd.conf file, and I also
>> have
>> > > learned about the namespaceauth.conf file,
>> > > where I put stuff like:
>> >
>> > >[puppetrunner]
>> > >allow puppet.mydomain.com
>> >
>> > > This was all I needed to get machines on the same LAN as my
>> puppetmaster to
>> > > work, but it didn't work across firewalls to machines in a colo.
>> >
>> > > From router/firewall logs, it appears that the puppetmaster needs to
>> > > connect to port 8139 of the machine running puppetd.
>> >
>> > that is correct, when using puppetrun, the authorized host needs to
>> initiate
>> > a connection with the client on port 8139, then that host will initiate
>> a
>> > request with its puppetmaster on 8140.
>> >
>> > You can change the puppetd listen port with the puppetport option.
>> >
>> > -Dan
>> >
>> >
>> >
>> > > I wasn't able to find this clearly documented, hence this email.
>> >
>> > > Regards,
>> >
>> > > Don
>> >
>> > > --
>> > > You received this message because you are subscribed to the Google
>> Groups
>> > > "Puppet Users" group.
>> > > To post to this group, send email to puppet-us...@googlegroups.com.
>> > > To unsubscribe from this group, send email to
>> > > puppet-users+unsubscr...@googlegroups.com
>> 
>> > > .
>> > > For more options, visit this group at
>> > >http://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 

"Nothing comes easy that is done well."  -Harry F. Banks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visi

Re: [Puppet Users] Re: Port 8139 needs to be open between machine running puppetrun and a client puppetd machine, correct?

[Iain Sutton]

Hi,

We are able to successfully invoke puppetrun from the puppetmaster. The two
main differences between our configuration and what is posted below are:

a) the line 'server=puppet.mydomain.com' is in the [puppetd] section on the
client, not in the [main] section
b) we don't have a namespaceauth.conf on the puppetmaster at all, since when
we had this in place, all clients would receive a '500 Internal Server
Error' when they checked in. I haven't revisited this recently.

We're running puppet 0.24.8 on CentOS/RHEL on client and server.

Hope this helps,

Iain

On 11 February 2010 13:49, grg350  wrote:

> Don, looks like you are able to run puppetrun to configure clients.
> Its not working for me.
> My config files goes:
>
> On Client:
> cat puppet.conf
> [main]
> server=puppetmaster.mydomain.com
> logdir=/var/log/puppet
> vardir=/var/lib/puppet
> ssldir=/var/lib/puppet/ssl
> rundir=/var/run/puppet
> factpath=$vardir/lib/facter
> pluginsync=true
>
> [puppetd]
> listen=true
>
> cat namespaceauth.conf
> [puppetrunner]
>allow puppetmaster.mydomain.com
>
> On puppetmaster:
> cat namespaceauth.com
> [fileserver]
>allow *.mydomain.com
> [puppetmaster]
>allow *.mydomain.com
> [puppetrunner]
>allow *.mydomain.com
>
> I ran puppetrun with
> #puppetrun --host client.mydomain.com
>
> But it doesn't looks like the client get updated and exits with
> "Failed to load ruby LDAP library. LDAP functionality will not be
> available
> Finished"
>
> Also, I dont see any traffic on port 8139 and 8140 while running
> tcpdump.Those two machines are on same LAN and no firewall between
> them. Not sure what I have been missing. any help would be
> appreciated.
>
> Thanks,
> grg350
>
> On Jan 31, 4:28 pm, Dan Bode  wrote:
> > On Sun, Jan 31, 2010 at 12:11 PM, Don Jackson <
> >
> >
> >
> >
> >
> > puppet-us...@clark-communications.com> wrote:
> >
> > > Hello,
> >
> > > I am attempting to get my machines configured properly so I can use
> > > puppetrun on my puppetmaster to get clients to update themselves during
> my
> > > development/testing of new recipes.
> >
> > > I understand about listen = true in the puppetd.conf file, and I also
> have
> > > learned about the namespaceauth.conf file,
> > > where I put stuff like:
> >
> > >[puppetrunner]
> > >allow puppet.mydomain.com
> >
> > > This was all I needed to get machines on the same LAN as my
> puppetmaster to
> > > work, but it didn't work across firewalls to machines in a colo.
> >
> > > From router/firewall logs, it appears that the puppetmaster needs to
> > > connect to port 8139 of the machine running puppetd.
> >
> > that is correct, when using puppetrun, the authorized host needs to
> initiate
> > a connection with the client on port 8139, then that host will initiate a
> > request with its puppetmaster on 8140.
> >
> > You can change the puppetd listen port with the puppetport option.
> >
> > -Dan
> >
> >
> >
> > > I wasn't able to find this clearly documented, hence this email.
> >
> > > Regards,
> >
> > > Don
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Puppet Users" group.
> > > To post to this group, send email to puppet-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > puppet-users+unsubscr...@googlegroups.com
> 
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Port 8139 needs to be open between machine running puppetrun and a client puppetd machine, correct?

[grg350]

Don, looks like you are able to run puppetrun to configure clients.
Its not working for me.
My config files goes:

On Client:
cat puppet.conf
[main]
server=puppetmaster.mydomain.com
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true

[puppetd]
listen=true

cat namespaceauth.conf
[puppetrunner]
allow puppetmaster.mydomain.com

On puppetmaster:
cat namespaceauth.com
[fileserver]
allow *.mydomain.com
[puppetmaster]
allow *.mydomain.com
[puppetrunner]
allow *.mydomain.com

I ran puppetrun with
#puppetrun --host client.mydomain.com

But it doesn't looks like the client get updated and exits with
"Failed to load ruby LDAP library. LDAP functionality will not be
available
Finished"

Also, I dont see any traffic on port 8139 and 8140 while running
tcpdump.Those two machines are on same LAN and no firewall between
them. Not sure what I have been missing. any help would be
appreciated.

Thanks,
grg350

On Jan 31, 4:28 pm, Dan Bode  wrote:
> On Sun, Jan 31, 2010 at 12:11 PM, Don Jackson <
>
>
>
>
>
> puppet-us...@clark-communications.com> wrote:
>
> > Hello,
>
> > I am attempting to get my machines configured properly so I can use
> > puppetrun on my puppetmaster to get clients to update themselves during my
> > development/testing of new recipes.
>
> > I understand about listen = true in the puppetd.conf file, and I also have
> > learned about the namespaceauth.conf file,
> > where I put stuff like:
>
> >        [puppetrunner]
> >            allow puppet.mydomain.com
>
> > This was all I needed to get machines on the same LAN as my puppetmaster to
> > work, but it didn't work across firewalls to machines in a colo.
>
> > From router/firewall logs, it appears that the puppetmaster needs to
> > connect to port 8139 of the machine running puppetd.
>
> that is correct, when using puppetrun, the authorized host needs to initiate
> a connection with the client on port 8139, then that host will initiate a
> request with its puppetmaster on 8140.
>
> You can change the puppetd listen port with the puppetport option.
>
> -Dan
>
>
>
> > I wasn't able to find this clearly documented, hence this email.
>
> > Regards,
>
> > Don
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com > groups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.