Hi Martin, I was sure that the hostname of the master was puppet. But still got the same error when I ran puppet agent —test on the agent side. Any idea where else I need to check?
[root@puppet ~]# hostname puppet [root@puppet ~]# cat /etc/hosts 127.0.0.1 puppet puppet 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.2.10 puppet puppetmaster.local [root@centos ~]# puppet agent --test --server puppetmaster.local --noop Error: Could not request certificate: request https://puppetmaster.local:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP connection to puppetmaster.local:8140 (getaddrinfo: Name or service not known) Exiting; failed to retrieve certificate and waitforcert is disabled Zhang > On Aug 23, 2019, at 2:20 AM, Martin Alfke <tux...@gmail.com> wrote: > > What is the hostname of the master? > puppet or puppetmaster? > > You must configure the agent if the hostname of the master is not “puppet”. > You can do so by running the following command on the agent: > > puppet config set —section agent master <puppetmaster fqdn> > > >> On 23. Aug 2019, at 09:49, Zhang Zhao <zhang.alex.z...@gmail.com >> <mailto:zhang.alex.z...@gmail.com>> wrote: >> >> Hi Martin, >> This is the Vagrantfile below.. I didn’t DNS and NTP..It’s just a very >> simple testing environment. And puppet master and agent are able to ping >> each other. >> >> Zhangs-MBP:VBox alex$ cat Vagrantfile >> # -*- mode: ruby -*- >> # vi: set ft=ruby : >> >> # All Vagrant configuration is done below. The "2" in Vagrant.configure >> # configures the configuration version (we support older styles for >> # backwards compatibility). Please don't change it unless you know what >> # you're doing. >> Vagrant.configure("2") do |config| >> config.vm.provider "virtualbox" do |v| >> v.memory = 2048 >> v.cpus = 2 >> end >> >> config.vm.define "puppetmaster" do |pm| >> pm.vm.box = "centos/7" >> pm.vm.network "private_network", ip: "192.168.2.10" >> pm.vm.hostname = "puppetmaster" >> end >> >> config.vm.define "agent-centos" do |c| >> c.vm.box = "centos/7" >> c.vm.network "private_network", ip: "192.168.2.11" >> c.vm.hostname = "centos" >> end >> end >> >> >> >> Zhang >> >> >> >> >> >>> On Aug 23, 2019, at 12:43 AM, Martin Alfke <tux...@gmail.com >>> <mailto:tux...@gmail.com>> wrote: >>> >>> Hi Zhang, >>> >>>> On 23. Aug 2019, at 09:36, Zhang Zhao <zhang.alex.z...@gmail.com >>>> <mailto:zhang.alex.z...@gmail.com>> wrote: >>>> >>>> Hi Martin, >>>> Thank you for your reply.. The firewall was disabled before I started >>>> puppet… I was using VirtualBox to create the environment. One server acts >>>> as puppet master and the other acts as agent. Still getting same error…. >>>> Any idea what else steps I was missing for configuration? >>> >>> How did you do the Virtualbox network setup? >>> Do you use bridge interfaces? >>> Have the two systems a shared internal network? >>> >>> Can the agent resolve the master hostname (puppet)? >>> Is puppet really the hostname of the master VM? >>> >>> Can the agent ping the master (ping -c1 puppet)? >>> >>> DNS (via Server like bind or via /etc/hosts entries) and NTP are two >>> requirements for a working Puppet environment. >>> >>> Best, >>> Martin >>> >>>> >>>> >>>> [root@puppetmaster ~]# systemctl status firewalld >>>> ● firewalld.service - firewalld - dynamic firewall daemon >>>> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; >>>> vendor preset: enabled) >>>> Active: inactive (dead) >>>> Docs: man:firewalld(1) >>>> >>>> >>>> >>>> >>>> [root@centos ~]# puppet agent --test >>>> Error: Could not request certificate: Connection refused - request >>>> https://puppet:8140//puppet-ca/v1/certificate/ca >>>> <https://puppet:8140//puppet-ca/v1/certificate/ca> failed: Failed to open >>>> TCP connection to puppet:8140 (Connection refused - connect(2) for >>>> "puppet" port 8140) >>>> Exiting; failed to retrieve certificate and waitforcert is disabled >>>> >>>> >>>> >>>> >>>>> On Aug 22, 2019, at 4:58 AM, Martin Alfke <tux...@gmail.com >>>>> <mailto:tux...@gmail.com>> wrote: >>>>> >>>>> Hi, >>>>> >>>>> >>>>>> On 22. Aug 2019, at 08:02, Zhang Zhao <zhang.alex.z...@gmail.com >>>>>> <mailto:zhang.alex.z...@gmail.com>> wrote: >>>>>> >>>>>> Hi, >>>>>> I am new to Puppet. Trying to set up a test environment. But the agent >>>>>> could not request a certificate as connection refused. I made sure that >>>>>> puppet server was running and service was enabled. Anyone can let me >>>>>> know where was wrong? Thanks. >>>>> >>>>> Is there a local firewall (iptables) running on the master? >>>>> You can temporarily flush the rules: >>>>> sudo iptables -F >>>>> >>>>> If a local firewall is running, you want to open port 8140/tcp for >>>>> incoming connections. >>>>> >>>>> Best, >>>>> Martin >>>>> >>>>> >>>>>> >>>>>> Zhang >>>>>> >>>>>> On PuppetMaster, >>>>>> [root@puppetmaster ~]# puppet resource service puppetserver >>>>>> ensure=running enable=true >>>>>> service { 'puppetserver': >>>>>> ensure => 'running', >>>>>> enable => 'true', >>>>>> } >>>>>> >>>>>> [root@puppetmaster ~]# netstat -ntlp >>>>>> Active Internet connections (only servers) >>>>>> Proto Recv-Q Send-Q Local Address Foreign Address >>>>>> State PID/Program name >>>>>> tcp 0 0 0.0.0.0:111 0.0.0.0:* >>>>>> LISTEN 1/systemd >>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* >>>>>> LISTEN 2469/sshd >>>>>> tcp 0 0 127.0.0.1:25 0.0.0.0:* >>>>>> LISTEN 2694/master >>>>>> tcp6 0 0 :::8140 :::* >>>>>> LISTEN 27805/java >>>>>> tcp6 0 0 :::111 :::* >>>>>> LISTEN 1/systemd >>>>>> tcp6 0 0 :::22 :::* >>>>>> LISTEN 2469/sshd >>>>>> tcp6 0 0 ::1:25 :::* >>>>>> LISTEN 2694/master >>>>>> >>>>>> >>>>>> [root@puppetmaster ~]# puppet cert list --all >>>>>> Warning: `puppet cert` is deprecated and will be removed in a future >>>>>> release. >>>>>> (location: >>>>>> /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in >>>>>> `run') >>>>>> + "puppetmaster.attlocal.net <http://puppetmaster.attlocal.net/>" >>>>>> (SHA256) >>>>>> 10:A5:A4:7D:9E:10:D1:14:C3:92:D2:CE:B4:7E:78:C5:C4:26:56:DA:0D:7B:4E:0B:D5:58:B4:1E:43:03:F4:9E >>>>>> (alt names: "DNS:puppet", "DNS:puppetmaster.attlocal.net >>>>>> <http://puppetmaster.attlocal.net/>") >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Puppet Users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>> an email to puppet-users+unsubscr...@googlegroups.com >>>>>> <mailto:puppet-users+unsubscr...@googlegroups.com>. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/puppet-users/688ccd6f-00a8-4f28-9683-d7a4424bacf3%40googlegroups.com>. >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "Puppet Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>>>> email to puppet-users+unsubscr...@googlegroups.com >>>>> <mailto:puppet-users+unsubscr...@googlegroups.com>. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com >>>>> >>>>> <https://groups.google.com/d/msgid/puppet-users/5A7FEB43-1979-4A35-BF22-595752604F6D%40gmail.com>. >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to puppet-users+unsubscr...@googlegroups.com >>>> <mailto:puppet-users+unsubscr...@googlegroups.com>. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com >>>> >>>> <https://groups.google.com/d/msgid/puppet-users/4DF87865-B16D-4F63-AEFF-359F1D53557E%40gmail.com>. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to puppet-users+unsubscr...@googlegroups.com >>> <mailto:puppet-users+unsubscr...@googlegroups.com>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/01AABC8A-874A-4606-AE70-199C6BAB5550%40gmail.com >>> >>> <https://groups.google.com/d/msgid/puppet-users/01AABC8A-874A-4606-AE70-199C6BAB5550%40gmail.com>. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com >> <mailto:puppet-users+unsubscr...@googlegroups.com>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/DD22CE32-FBDF-404C-8820-17E01F3E5D89%40gmail.com >> >> <https://groups.google.com/d/msgid/puppet-users/DD22CE32-FBDF-404C-8820-17E01F3E5D89%40gmail.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/7B7B81F0-7369-4E82-BD64-2986426870DF%40gmail.com > > <https://groups.google.com/d/msgid/puppet-users/7B7B81F0-7369-4E82-BD64-2986426870DF%40gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/58CC13A2-C695-462D-901F-D7601ADEC4DE%40gmail.com.
