Hi Martin, I was sure that the hostname of the master was puppet. But still got the same error when I ran puppet agent —test on the agent side. Any idea where else I need to check?
[root@puppet ~]# hostname puppet [root@puppet ~]# cat /etc/hosts 127.0.0.1 puppet puppet 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.2.10 puppet puppetmaster.local [root@centos ~]# puppet agent --test --server puppetmaster.local --noop Error: Could not request certificate: request https://puppetmaster.local:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP connection to puppetmaster.local:8140 (getaddrinfo: Name or service not known) Exiting; failed to retrieve certificate and waitforcert is disabled Zhang > On Aug 23, 2019, at 2:20 AM, Martin Alfke <[email protected]> wrote: > > What is the hostname of the master? > puppet or puppetmaster? > > You must configure the agent if the hostname of the master is not “puppet”. > You can do so by running the following command on the agent: > > puppet config set —section agent master <puppetmaster fqdn> > > >> On 23. Aug 2019, at 09:49, Zhang Zhao <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Martin, >> This is the Vagrantfile below.. I didn’t DNS and NTP..It’s just a very >> simple testing environment. And puppet master and agent are able to ping >> each other. >> >> Zhangs-MBP:VBox alex$ cat Vagrantfile >> # -*- mode: ruby -*- >> # vi: set ft=ruby : >> >> # All Vagrant configuration is done below. The "2" in Vagrant.configure >> # configures the configuration version (we support older styles for >> # backwards compatibility). Please don't change it unless you know what >> # you're doing. >> Vagrant.configure("2") do |config| >> config.vm.provider "virtualbox" do |v| >> v.memory = 2048 >> v.cpus = 2 >> end >> >> config.vm.define "puppetmaster" do |pm| >> pm.vm.box = "centos/7" >> pm.vm.network "private_network", ip: "192.168.2.10" >> pm.vm.hostname = "puppetmaster" >> end >> >> config.vm.define "agent-centos" do |c| >> c.vm.box = "centos/7" >> c.vm.network "private_network", ip: "192.168.2.11" >> c.vm.hostname = "centos" >> end >> end >> >> >> >> Zhang >> >> >> >> >> >>> On Aug 23, 2019, at 12:43 AM, Martin Alfke <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi Zhang, >>> >>>> On 23. Aug 2019, at 09:36, Zhang Zhao <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi Martin, >>>> Thank you for your reply.. The firewall was disabled before I started >>>> puppet… I was using VirtualBox to create the environment. One server acts >>>> as puppet master and the other acts as agent. Still getting same error…. >>>> Any idea what else steps I was missing for configuration? >>> >>> How did you do the Virtualbox network setup? >>> Do you use bridge interfaces? >>> Have the two systems a shared internal network? >>> >>> Can the agent resolve the master hostname (puppet)? >>> Is puppet really the hostname of the master VM? >>> >>> Can the agent ping the master (ping -c1 puppet)? >>> >>> DNS (via Server like bind or via /etc/hosts entries) and NTP are two >>> requirements for a working Puppet environment. >>> >>> Best, >>> Martin >>> >>>> >>>> >>>> [root@puppetmaster ~]# systemctl status firewalld >>>> ● firewalld.service - firewalld - dynamic firewall daemon >>>> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; >>>> vendor preset: enabled) >>>> Active: inactive (dead) >>>> Docs: man:firewalld(1) >>>> >>>> >>>> >>>> >>>> [root@centos ~]# puppet agent --test >>>> Error: Could not request certificate: Connection refused - request >>>> https://puppet:8140//puppet-ca/v1/certificate/ca >>>> <https://puppet:8140//puppet-ca/v1/certificate/ca> failed: Failed to open >>>> TCP connection to puppet:8140 (Connection refused - connect(2) for >>>> "puppet" port 8140) >>>> Exiting; failed to retrieve certificate and waitforcert is disabled >>>> >>>> >>>> >>>> >>>>> On Aug 22, 2019, at 4:58 AM, Martin Alfke <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Hi, >>>>> >>>>> >>>>>> On 22. Aug 2019, at 08:02, Zhang Zhao <[email protected] >>>>>> <mailto:[email protected]>> wrote: >>>>>> >>>>>> Hi, >>>>>> I am new to Puppet. Trying to set up a test environment. But the agent >>>>>> could not request a certificate as connection refused. I made sure that >>>>>> puppet server was running and service was enabled. Anyone can let me >>>>>> know where was wrong? Thanks. >>>>> >>>>> Is there a local firewall (iptables) running on the master? >>>>> You can temporarily flush the rules: >>>>> sudo iptables -F >>>>> >>>>> If a local firewall is running, you want to open port 8140/tcp for >>>>> incoming connections. >>>>> >>>>> Best, >>>>> Martin >>>>> >>>>> >>>>>> >>>>>> Zhang >>>>>> >>>>>> On PuppetMaster, >>>>>> [root@puppetmaster ~]# puppet resource service puppetserver >>>>>> ensure=running enable=true >>>>>> service { 'puppetserver': >>>>>> ensure => 'running', >>>>>> enable => 'true', >>>>>> } >>>>>> >>>>>> [root@puppetmaster ~]# netstat -ntlp >>>>>> Active Internet connections (only servers) >>>>>> Proto Recv-Q Send-Q Local Address Foreign Address >>>>>> State PID/Program name >>>>>> tcp 0 0 0.0.0.0:111 0.0.0.0:* >>>>>> LISTEN 1/systemd >>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* >>>>>> LISTEN 2469/sshd >>>>>> tcp 0 0 127.0.0.1:25 0.0.0.0:* >>>>>> LISTEN 2694/master >>>>>> tcp6 0 0 :::8140 :::* >>>>>> LISTEN 27805/java >>>>>> tcp6 0 0 :::111 :::* >>>>>> LISTEN 1/systemd >>>>>> tcp6 0 0 :::22 :::* >>>>>> LISTEN 2469/sshd >>>>>> tcp6 0 0 ::1:25 :::* >>>>>> LISTEN 2694/master >>>>>> >>>>>> >>>>>> [root@puppetmaster ~]# puppet cert list --all >>>>>> Warning: `puppet cert` is deprecated and will be removed in a future >>>>>> release. >>>>>> (location: >>>>>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in >>>>>> `run') >>>>>> + "puppetmaster.attlocal.net <http://puppetmaster.attlocal.net/>" >>>>>> (SHA256) >>>>>> 10:A5:A4:7D:9E:10:D1:14:C3:92:D2:CE:B4:7E:78:C5:C4:26:56:DA:0D:7B:4E:0B:D5:58:B4:1E:43:03:F4:9E >>>>>> (alt names: "DNS:puppet", "DNS:puppetmaster.attlocal.net >>>>>> <http://puppetmaster.attlocal.net/>") >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Puppet Users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>> an email to [email protected] >>>>>> <mailto:[email protected]>. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com>. >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "Puppet Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>>>> email to [email protected] >>>>> <mailto:[email protected]>. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com >>>>> >>>>> <https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com>. >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected] >>>> <mailto:[email protected]>. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com >>>> >>>> <https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com>. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] >>> <mailto:[email protected]>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/01AABC8A-874A-4606-AE70-199C6BAB5550%40gmail.com >>> >>> <https://groups.google.com/d/msgid/puppet-users/01AABC8A-874A-4606-AE70-199C6BAB5550%40gmail.com>. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <mailto:[email protected]>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/DD22CE32-FBDF-404C-8820-17E01F3E5D89%40gmail.com >> >> <https://groups.google.com/d/msgid/puppet-users/DD22CE32-FBDF-404C-8820-17E01F3E5D89%40gmail.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/7B7B81F0-7369-4E82-BD64-2986426870DF%40gmail.com > > <https://groups.google.com/d/msgid/puppet-users/7B7B81F0-7369-4E82-BD64-2986426870DF%40gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/58CC13A2-C695-462D-901F-D7601ADEC4DE%40gmail.com.
