Re: [Puppet Users] Could not request certificate: Connection refused - request https://centos:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP connection to centos:8140 (Connection refused - connect(2) for "centos" port 8140)

[Zhang Zhao]

Hi Martin,
Thank you for your reply.. The firewall was disabled before I started puppet… I 
was using VirtualBox to create the environment. One server acts as puppet 
master and the other acts as agent. Still getting same error…. Any idea what 
else steps I was missing for configuration?


[root@puppetmaster ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor 
preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)




[root@centos ~]# puppet agent --test
Error: Could not request certificate: Connection refused - request 
https://puppet:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP 
connection to puppet:8140 (Connection refused - connect(2) for "puppet" port 
8140)
Exiting; failed to retrieve certificate and waitforcert is disabled




> On Aug 22, 2019, at 4:58 AM, Martin Alfke <tux...@gmail.com> wrote:
> 
> Hi,
> 
> 
>> On 22. Aug 2019, at 08:02, Zhang Zhao <zhang.alex.z...@gmail.com 
>> <mailto:zhang.alex.z...@gmail.com>> wrote:
>> 
>> Hi, 
>> I am new to Puppet. Trying to set up a test environment. But the agent could 
>> not request a certificate as connection refused. I made sure that puppet 
>> server was running and service was enabled. Anyone can let me know where was 
>> wrong? Thanks.
> 
> Is there a local firewall (iptables) running on the master?
> You can temporarily flush the rules:
> sudo iptables -F
> 
> If a local firewall is running, you want to open port 8140/tcp for incoming 
> connections.
> 
> Best,
> Martin
> 
> 
>> 
>> Zhang
>> 
>> On PuppetMaster, 
>> [root@puppetmaster ~]# puppet resource service puppetserver ensure=running 
>> enable=true
>> service { 'puppetserver':
>>   ensure => 'running',
>>   enable => 'true',
>> }
>> 
>> [root@puppetmaster ~]# netstat -ntlp
>> Active Internet connections (only servers)
>> Proto Recv-Q Send-Q Local Address           Foreign Address         State    
>>    PID/Program name    
>> tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN   
>>    1/systemd           
>> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN   
>>    2469/sshd           
>> tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN   
>>    2694/master         
>> tcp6       0      0 :::8140                 :::*                    LISTEN   
>>    27805/java          
>> tcp6       0      0 :::111                  :::*                    LISTEN   
>>    1/systemd           
>> tcp6       0      0 :::22                   :::*                    LISTEN   
>>    2469/sshd           
>> tcp6       0      0 ::1:25                  :::*                    LISTEN   
>>    2694/master
>> 
>> 
>> [root@puppetmaster ~]# puppet cert list --all
>> Warning: `puppet cert` is deprecated and will be removed in a future release.
>>    (location: 
>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in 
>> `run')
>> + "puppetmaster.attlocal.net <http://puppetmaster.attlocal.net/>" (SHA256) 
>> 10:A5:A4:7D:9E:10:D1:14:C3:92:D2:CE:B4:7E:78:C5:C4:26:56:DA:0D:7B:4E:0B:D5:58:B4:1E:43:03:F4:9E
>>  (alt names: "DNS:puppet", "DNS:puppetmaster.attlocal.net 
>> <http://puppetmaster.attlocal.net/>")
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com 
>> <mailto:puppet-users+unsubscr...@googlegroups.com>.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com?utm_medium=email&utm_source=footer>.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> <mailto:puppet-users+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com
>  
> <https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com?utm_medium=email&utm_source=footer>.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com.