Hi Martin, Finally made it work.. Had to add the ip, hostname and alias on /etc/hosts on both master and client servers.. Didn’t add master’s info on client server.. When I tried ping, I only tested to ping ip and it worked, but didn’t ping by hostname.. Anyway, thanks for your advice.
Zhang Zhang > On Aug 26, 2019, at 10:34 PM, Zhang Zhao <[email protected]> wrote: > > Hi Martin, > I was sure that the hostname of the master was puppet. But still got the same > error when I ran puppet agent —test on the agent side. Any idea where else I > need to check? > > [root@puppet ~]# hostname > puppet > [root@puppet ~]# cat /etc/hosts > 127.0.0.1 puppet puppet > 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 > 192.168.2.10 puppet puppetmaster.local > > > > > > [root@centos ~]# puppet agent --test --server puppetmaster.local --noop > Error: Could not request certificate: request > https://puppetmaster.local:8140//puppet-ca/v1/certificate/ca > <https://puppetmaster.local:8140//puppet-ca/v1/certificate/ca> failed: Failed > to open TCP connection to puppetmaster.local:8140 (getaddrinfo: Name or > service not known) > Exiting; failed to retrieve certificate and waitforcert is disabled > > > > Zhang > >> On Aug 23, 2019, at 2:20 AM, Martin Alfke <[email protected] >> <mailto:[email protected]>> wrote: >> >> What is the hostname of the master? >> puppet or puppetmaster? >> >> You must configure the agent if the hostname of the master is not “puppet”. >> You can do so by running the following command on the agent: >> >> puppet config set —section agent master <puppetmaster fqdn> >> >> >>> On 23. Aug 2019, at 09:49, Zhang Zhao <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi Martin, >>> This is the Vagrantfile below.. I didn’t DNS and NTP..It’s just a very >>> simple testing environment. And puppet master and agent are able to ping >>> each other. >>> >>> Zhangs-MBP:VBox alex$ cat Vagrantfile >>> # -*- mode: ruby -*- >>> # vi: set ft=ruby : >>> >>> # All Vagrant configuration is done below. The "2" in Vagrant.configure >>> # configures the configuration version (we support older styles for >>> # backwards compatibility). Please don't change it unless you know what >>> # you're doing. >>> Vagrant.configure("2") do |config| >>> config.vm.provider "virtualbox" do |v| >>> v.memory = 2048 >>> v.cpus = 2 >>> end >>> >>> config.vm.define "puppetmaster" do |pm| >>> pm.vm.box = "centos/7" >>> pm.vm.network "private_network", ip: "192.168.2.10" >>> pm.vm.hostname = "puppetmaster" >>> end >>> >>> config.vm.define "agent-centos" do |c| >>> c.vm.box = "centos/7" >>> c.vm.network "private_network", ip: "192.168.2.11" >>> c.vm.hostname = "centos" >>> end >>> end >>> >>> >>> >>> Zhang >>> >>> >>> >>> >>> >>>> On Aug 23, 2019, at 12:43 AM, Martin Alfke <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi Zhang, >>>> >>>>> On 23. Aug 2019, at 09:36, Zhang Zhao <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Hi Martin, >>>>> Thank you for your reply.. The firewall was disabled before I started >>>>> puppet… I was using VirtualBox to create the environment. One server acts >>>>> as puppet master and the other acts as agent. Still getting same error…. >>>>> Any idea what else steps I was missing for configuration? >>>> >>>> How did you do the Virtualbox network setup? >>>> Do you use bridge interfaces? >>>> Have the two systems a shared internal network? >>>> >>>> Can the agent resolve the master hostname (puppet)? >>>> Is puppet really the hostname of the master VM? >>>> >>>> Can the agent ping the master (ping -c1 puppet)? >>>> >>>> DNS (via Server like bind or via /etc/hosts entries) and NTP are two >>>> requirements for a working Puppet environment. >>>> >>>> Best, >>>> Martin >>>> >>>>> >>>>> >>>>> [root@puppetmaster ~]# systemctl status firewalld >>>>> ● firewalld.service - firewalld - dynamic firewall daemon >>>>> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; >>>>> vendor preset: enabled) >>>>> Active: inactive (dead) >>>>> Docs: man:firewalld(1) >>>>> >>>>> >>>>> >>>>> >>>>> [root@centos ~]# puppet agent --test >>>>> Error: Could not request certificate: Connection refused - request >>>>> https://puppet:8140//puppet-ca/v1/certificate/ca >>>>> <https://puppet:8140//puppet-ca/v1/certificate/ca> failed: Failed to open >>>>> TCP connection to puppet:8140 (Connection refused - connect(2) for >>>>> "puppet" port 8140) >>>>> Exiting; failed to retrieve certificate and waitforcert is disabled >>>>> >>>>> >>>>> >>>>> >>>>>> On Aug 22, 2019, at 4:58 AM, Martin Alfke <[email protected] >>>>>> <mailto:[email protected]>> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>>> On 22. Aug 2019, at 08:02, Zhang Zhao <[email protected] >>>>>>> <mailto:[email protected]>> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> I am new to Puppet. Trying to set up a test environment. But the agent >>>>>>> could not request a certificate as connection refused. I made sure that >>>>>>> puppet server was running and service was enabled. Anyone can let me >>>>>>> know where was wrong? Thanks. >>>>>> >>>>>> Is there a local firewall (iptables) running on the master? >>>>>> You can temporarily flush the rules: >>>>>> sudo iptables -F >>>>>> >>>>>> If a local firewall is running, you want to open port 8140/tcp for >>>>>> incoming connections. >>>>>> >>>>>> Best, >>>>>> Martin >>>>>> >>>>>> >>>>>>> >>>>>>> Zhang >>>>>>> >>>>>>> On PuppetMaster, >>>>>>> [root@puppetmaster ~]# puppet resource service puppetserver >>>>>>> ensure=running enable=true >>>>>>> service { 'puppetserver': >>>>>>> ensure => 'running', >>>>>>> enable => 'true', >>>>>>> } >>>>>>> >>>>>>> [root@puppetmaster ~]# netstat -ntlp >>>>>>> Active Internet connections (only servers) >>>>>>> Proto Recv-Q Send-Q Local Address Foreign Address >>>>>>> State PID/Program name >>>>>>> tcp 0 0 0.0.0.0:111 0.0.0.0:* >>>>>>> LISTEN 1/systemd >>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* >>>>>>> LISTEN 2469/sshd >>>>>>> tcp 0 0 127.0.0.1:25 0.0.0.0:* >>>>>>> LISTEN 2694/master >>>>>>> tcp6 0 0 :::8140 :::* >>>>>>> LISTEN 27805/java >>>>>>> tcp6 0 0 :::111 :::* >>>>>>> LISTEN 1/systemd >>>>>>> tcp6 0 0 :::22 :::* >>>>>>> LISTEN 2469/sshd >>>>>>> tcp6 0 0 ::1:25 :::* >>>>>>> LISTEN 2694/master >>>>>>> >>>>>>> >>>>>>> [root@puppetmaster ~]# puppet cert list --all >>>>>>> Warning: `puppet cert` is deprecated and will be removed in a future >>>>>>> release. >>>>>>> (location: >>>>>>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in >>>>>>> `run') >>>>>>> + "puppetmaster.attlocal.net <http://puppetmaster.attlocal.net/>" >>>>>>> (SHA256) >>>>>>> 10:A5:A4:7D:9E:10:D1:14:C3:92:D2:CE:B4:7E:78:C5:C4:26:56:DA:0D:7B:4E:0B:D5:58:B4:1E:43:03:F4:9E >>>>>>> (alt names: "DNS:puppet", "DNS:puppetmaster.attlocal.net >>>>>>> <http://puppetmaster.attlocal.net/>") >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Puppet Users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>>> an email to [email protected] >>>>>>> <mailto:[email protected]>. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com >>>>>>> >>>>>>> <https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com>. >>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Puppet Users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>> an email to [email protected] >>>>>> <mailto:[email protected]>. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com>. >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "Puppet Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>>>> email to [email protected] >>>>> <mailto:[email protected]>. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com >>>>> >>>>> <https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com>. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected] >>>> <mailto:[email protected]>. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/puppet-users/01AABC8A-874A-4606-AE70-199C6BAB5550%40gmail.com >>>> >>>> <https://groups.google.com/d/msgid/puppet-users/01AABC8A-874A-4606-AE70-199C6BAB5550%40gmail.com>. >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] >>> <mailto:[email protected]>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/DD22CE32-FBDF-404C-8820-17E01F3E5D89%40gmail.com >>> >>> <https://groups.google.com/d/msgid/puppet-users/DD22CE32-FBDF-404C-8820-17E01F3E5D89%40gmail.com?utm_medium=email&utm_source=footer>. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <mailto:[email protected]>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/7B7B81F0-7369-4E82-BD64-2986426870DF%40gmail.com >> >> <https://groups.google.com/d/msgid/puppet-users/7B7B81F0-7369-4E82-BD64-2986426870DF%40gmail.com?utm_medium=email&utm_source=footer>. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/FF471FC9-B3FA-408B-8C68-402312CEB3EA%40gmail.com.
