Hi Zhang, > On 23. Aug 2019, at 09:36, Zhang Zhao <[email protected]> wrote: > > Hi Martin, > Thank you for your reply.. The firewall was disabled before I started puppet… > I was using VirtualBox to create the environment. One server acts as puppet > master and the other acts as agent. Still getting same error…. Any idea what > else steps I was missing for configuration?
How did you do the Virtualbox network setup? Do you use bridge interfaces? Have the two systems a shared internal network? Can the agent resolve the master hostname (puppet)? Is puppet really the hostname of the master VM? Can the agent ping the master (ping -c1 puppet)? DNS (via Server like bind or via /etc/hosts entries) and NTP are two requirements for a working Puppet environment. Best, Martin > > > [root@puppetmaster ~]# systemctl status firewalld > ● firewalld.service - firewalld - dynamic firewall daemon > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; > vendor preset: enabled) > Active: inactive (dead) > Docs: man:firewalld(1) > > > > > [root@centos ~]# puppet agent --test > Error: Could not request certificate: Connection refused - request > https://puppet:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP > connection to puppet:8140 (Connection refused - connect(2) for "puppet" port > 8140) > Exiting; failed to retrieve certificate and waitforcert is disabled > > > > >> On Aug 22, 2019, at 4:58 AM, Martin Alfke <[email protected]> wrote: >> >> Hi, >> >> >>> On 22. Aug 2019, at 08:02, Zhang Zhao <[email protected]> wrote: >>> >>> Hi, >>> I am new to Puppet. Trying to set up a test environment. But the agent >>> could not request a certificate as connection refused. I made sure that >>> puppet server was running and service was enabled. Anyone can let me know >>> where was wrong? Thanks. >> >> Is there a local firewall (iptables) running on the master? >> You can temporarily flush the rules: >> sudo iptables -F >> >> If a local firewall is running, you want to open port 8140/tcp for incoming >> connections. >> >> Best, >> Martin >> >> >>> >>> Zhang >>> >>> On PuppetMaster, >>> [root@puppetmaster ~]# puppet resource service puppetserver ensure=running >>> enable=true >>> service { 'puppetserver': >>> ensure => 'running', >>> enable => 'true', >>> } >>> >>> [root@puppetmaster ~]# netstat -ntlp >>> Active Internet connections (only servers) >>> Proto Recv-Q Send-Q Local Address Foreign Address State >>> PID/Program name >>> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN >>> 1/systemd >>> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN >>> 2469/sshd >>> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN >>> 2694/master >>> tcp6 0 0 :::8140 :::* LISTEN >>> 27805/java >>> tcp6 0 0 :::111 :::* LISTEN >>> 1/systemd >>> tcp6 0 0 :::22 :::* LISTEN >>> 2469/sshd >>> tcp6 0 0 ::1:25 :::* LISTEN >>> 2694/master >>> >>> >>> [root@puppetmaster ~]# puppet cert list --all >>> Warning: `puppet cert` is deprecated and will be removed in a future >>> release. >>> (location: >>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in >>> `run') >>> + "puppetmaster.attlocal.net" (SHA256) >>> 10:A5:A4:7D:9E:10:D1:14:C3:92:D2:CE:B4:7E:78:C5:C4:26:56:DA:0D:7B:4E:0B:D5:58:B4:1E:43:03:F4:9E >>> (alt names: "DNS:puppet", "DNS:puppetmaster.attlocal.net") >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/01AABC8A-874A-4606-AE70-199C6BAB5550%40gmail.com.
