On Monday, May 11, 2015 at 8:38:23 PM UTC-5, Gabriel Filion wrote: > > > If you're trying to access a puppet URI like > https://puppetmaster:8140/.../ then the master is probably waiting for > you to send a client TLS certificate to authenticate yourself. This is > how the puppet master ensures that only client that it knows of are > trying to get information out of it. > > To test out that puppet is working right, I'd recommend rather to try > running a puppet agent run from the master server as a client to the > puppet master on the same server (e.g. configure /etc/puppet/puppet.conf > to specify master host, create a node in your manifests for the puppet > master host that does something simple like a notify{ 'some text': } > then run puppet agent -t). Since the puppet master will use the same TLS > cert as a client then as server, the cert will be already valid. > > -- > Gabriel Filion >
Yes, I was trying to load it up in a browser, so that explains why that didn't work. I went ahead and did some basic configuration on the master server to set up a simple agent as well. I feel like I'm right back to where I started though. When I run puppet agent -t, I get some 500 errors (html prints to my terminal) and looking in the apache error_log I see: [ 2015-05-14 14:31:09.6396 2593/7f3e24760700 App/Implementation.cpp:287 ]: Could not spawn process for application /usr/share/puppet/rack/puppetmasterd: An error occured while starting up the preloader. Error ID: 25487624 Error details saved to: /tmp/passenger-error-xaaVuJ.html Message from application: Permission denied - /etc/puppet/modules (Errno::EACCES) /usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:136:in `open' /usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:136:in `entries' /usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:136:in `block in module_directories' /usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:135:in `collect' /usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:135:in `module_directories' /usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:164:in `search_directories' /usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:94:in `files_to_load' /usr/share/ruby/vendor_ruby/puppet/util/autoload.rb:225:in `files_to_load' /usr/share/ruby/vendor_ruby/puppet/application.rb:229:in `available_application_names' /usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:105:in `find_subcommand' /usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:92:in `execute' config.ru:35:in `block in <main>' /usr/local/share/gems/gems/rack-1.6.1/lib/rack/builder.rb:55:in `instance_eval' /usr/local/share/gems/gems/rack-1.6.1/lib/rack/builder.rb:55:in `initialize' config.ru:1:in `new' config.ru:1:in `<main>' /usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:107:in `eval' /usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:107:in `preload_app' /usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:153:in `<module:App>' /usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:29:in `<module:PhusionPassenger>' /usr/local/share/gems/gems/passenger-5.0.7/helper-scripts/rack-preloader.rb:28:in `<main>' I went ahead and checked permissions on /etc/puppet/modules and /etc/puppet and it all looks good. It's all owned by the puppet user and If I switch to the puppet user I can ls in the directory and everything else. If I look at my running processes, should I see anything actually running as the puppet user? Apache should just be running as 'apache' or 'httpd', correct? Not puppet? I also went ahead and blew out everything in /var/lib/puppet/ssl just to be sure. It all re-created just fine and sudo puppet cert list --all lists out what I would expect. I greatly appreciate the help. This is my first experience with Puppet at all, so I appreciate your patience during my learning curve. Thanks Joe -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/26520b4a-600f-49a7-a704-6d395967477f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
