date:20181031

[Puppet Users] Re: how to manage a resource to single instance using hiera fqdn in a datacenter.

2018-10-31 Thread jcbollinger

On Tuesday, October 30, 2018 at 11:42:59 AM UTC-5, linuxlearni...@gmail.com 
wrote:
>
>
> I'm new to hiera. can someone please guide with some references how to 
> install a package only to a single node for the 20 nodes in a datacenter 
> pointing to the same role using hiera fqdn. Thanks in advance
>
>
Determining what resources to apply to a node (by means of determining 
which classes to apply to it), is a process called "classification" in the 
jargon.  Hiera can and sometimes does *support* classification, but it does 
not itself *perform* classification, and it certainly does not itself apply 
any changes to nodes.

Overall, your question is incredibly broad.  It's analogous to asking "How 
do I use SQLite to print a football player data sheet?"  There are numerous 
ways in which you could obtain the results you're after, many of them 
involving Hiera in one way or another.  The Hiera side would typically 
involve establishing a per-node level of your Hiera hierarchy 
,

and putting the appropriate data into a data source in that level that 
matches your target node.  But what "the appropriate data" are depends on 
the Puppet manifest set you're using, perhaps including code that hasn't 
yet been written, and possibly on other data.

In the football analogy, these are the questions of database schema, 
desired datasheet details, and implementation of the program that extracts, 
formats, and prints the statistics.  Someone else may present an example of 
a Puppet analog of those things, but I will not spend time on that at this 
point because I have no way to predict how or whether any particular 
example would integrate into your existing manifest set.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6982f930-eefb-4e9e-9574-02d10abc0b1f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet master not seeing certificate signing request from agent

2018-10-31 Thread Matt Zagrabelny

Greetings,

I'm running puppet 5.5.6 (Debian testing).

I'm having issues getting the master to see the cert signing request from
an agent.

The firewall isn't an issue. I see the packets hit an "allow" rule on the
master, but I've also turned the firewall off.

tcpdump shows the packets reaching the server:

2018-10-31 11:03:19.705234 IP6 2607::2a.46390 > 2607::20.8140: tcp 0
2018-10-31 11:03:35.833194 IP6 2607::2a.46390 > 2607::20.8140: tcp 0
2018-10-31 11:04:08.345204 IP6 2607::2a.46390 > 2607::20.8140: tcp 0

2607::2a = agent
2607::20 = master

I'm not seeing anything from the server:

# puppet master --no-daemonize
Warning: Accessing 'ca' as a setting is deprecated.
(location: /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1165:in
`issue_deprecation_warning')
Warning: The WEBrick Puppet master server is deprecated and will be removed
in a future release. Please use Puppet Server instead. See
http://links.puppet.com/deprecate-rack-webrick-servers for more information.
(location: /usr/lib/ruby/vendor_ruby/puppet/application/master.rb:207:in
`main')
Notice: Starting Puppet master version 5.5.6

Adding --debug or --verbose didn't seem to yield any extra log messages
after the "Starting Puppet master..." for when I expected a cert signing
request message.

and the agent just shows an expiration:

# puppet agent -t --server puppet-5-5
Warning: Setting cadir is deprecated.
(location: /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1169:in
`issue_deprecation_warning')
Error: Could not request certificate: execution expired
Exiting; failed to retrieve certificate and waitforcert is disabled

Any ideas where to look next?

Thanks!

-m

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOLfK3X4NnJKpQiKoB4gW%3D4BctUBHOBHVWCdWcF6U6wembgbig%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: puppet master not seeing certificate signing request from agent

2018-10-31 Thread Matt Zagrabelny

On Wed, Oct 31, 2018 at 11:23 AM Matt Zagrabelny  wrote:

> Greetings,
>
> I'm running puppet 5.5.6 (Debian testing).
>
> I'm having issues getting the master to see the cert signing request from
> an agent.
>
> The firewall isn't an issue. I see the packets hit an "allow" rule on the
> master, but I've also turned the firewall off.
>
> tcpdump shows the packets reaching the server:
>
> 2018-10-31 11:03:19.705234 IP6 2607::2a.46390 > 2607::20.8140: tcp 0
> 2018-10-31 11:03:35.833194 IP6 2607::2a.46390 > 2607::20.8140: tcp 0
> 2018-10-31 11:04:08.345204 IP6 2607::2a.46390 > 2607::20.8140: tcp 0
>
> 2607::2a = agent
> 2607::20 = master
>
> I'm not seeing anything from the server:
>
> # puppet master --no-daemonize
> Warning: Accessing 'ca' as a setting is deprecated.
>(location: /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1165:in
> `issue_deprecation_warning')
> Warning: The WEBrick Puppet master server is deprecated and will be
> removed in a future release. Please use Puppet Server instead. See
> http://links.puppet.com/deprecate-rack-webrick-servers for more
> information.
>(location:
> /usr/lib/ruby/vendor_ruby/puppet/application/master.rb:207:in `main')
> Notice: Starting Puppet master version 5.5.6
>
> Adding --debug or --verbose didn't seem to yield any extra log messages
> after the "Starting Puppet master..." for when I expected a cert signing
> request message.
>
> and the agent just shows an expiration:
>
> # puppet agent -t --server puppet-5-5
> Warning: Setting cadir is deprecated.
>(location: /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1169:in
> `issue_deprecation_warning')
> Error: Could not request certificate: execution expired
> Exiting; failed to retrieve certificate and waitforcert is disabled
>
> Any ideas where to look next?
>
>
>
No new updates, but I wanted to add that lsof reports puppet listening:

puppet25053  puppet8u  IPv4 125393  0t0  TCP *:8140
(LISTEN)
puppet25053  puppet9u  IPv6 125394  0t0  TCP *:8140
(LISTEN)

and I'm not seeing anything in the master log file:

[2018-10-31 16:05:35] DEBUG Puppet::Network::HTTP::WEBrickREST is mounted
on /.
[2018-10-31 16:05:35] INFO  WEBrick::HTTPServer#start: pid=25053 port=8140

Confused...

-m

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOLfK3XYkCM7c3CfB2_CuSGAZ9RFy_4Lk--Xqqc7WEM69z4oTA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: puppet master not seeing certificate signing request from agent

2018-10-31 Thread Justin Stoller

What happens on the agent that is running on the master?

When running any agent here's a flag, `--http_debug` I think, that will
show you exactly what Puppet's requesting.

Seeing the output from curling the CA endpoints from the agent in question
might be helpful (both from curl's side and the master's).
See:
https://puppet.com/docs/puppet/5.5/http_api/http_certificate_request.html
and the related CA endpoints. You should be able to do a GET on
certificate/ca and certificate_revocation_list/ca

The agent's timing out doing something, running with  --trace might help
with that.

On Wed, Oct 31, 2018 at 2:12 PM Matt Zagrabelny  wrote:

>
>
> On Wed, Oct 31, 2018 at 11:23 AM Matt Zagrabelny 
> wrote:
>
>> Greetings,
>>
>> I'm running puppet 5.5.6 (Debian testing).
>>
>> I'm having issues getting the master to see the cert signing request from
>> an agent.
>>
>> The firewall isn't an issue. I see the packets hit an "allow" rule on the
>> master, but I've also turned the firewall off.
>>
>> tcpdump shows the packets reaching the server:
>>
>> 2018-10-31 11:03:19.705234 IP6 2607::2a.46390 > 2607::20.8140: tcp 0
>> 2018-10-31 11:03:35.833194 IP6 2607::2a.46390 > 2607::20.8140: tcp 0
>> 2018-10-31 11:04:08.345204 IP6 2607::2a.46390 > 2607::20.8140: tcp 0
>>
>> 2607::2a = agent
>> 2607::20 = master
>>
>> I'm not seeing anything from the server:
>>
>> # puppet master --no-daemonize
>> Warning: Accessing 'ca' as a setting is deprecated.
>>(location: /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1165:in
>> `issue_deprecation_warning')
>> Warning: The WEBrick Puppet master server is deprecated and will be
>> removed in a future release. Please use Puppet Server instead. See
>> http://links.puppet.com/deprecate-rack-webrick-servers for more
>> information.
>>(location:
>> /usr/lib/ruby/vendor_ruby/puppet/application/master.rb:207:in `main')
>> Notice: Starting Puppet master version 5.5.6
>>
>> Adding --debug or --verbose didn't seem to yield any extra log messages
>> after the "Starting Puppet master..." for when I expected a cert signing
>> request message.
>>
>> and the agent just shows an expiration:
>>
>> # puppet agent -t --server puppet-5-5
>> Warning: Setting cadir is deprecated.
>>(location: /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1169:in
>> `issue_deprecation_warning')
>> Error: Could not request certificate: execution expired
>> Exiting; failed to retrieve certificate and waitforcert is disabled
>>
>> Any ideas where to look next?
>>
>>
>>
> No new updates, but I wanted to add that lsof reports puppet listening:
>
> puppet25053  puppet8u  IPv4 125393  0t0  TCP *:8140
> (LISTEN)
> puppet25053  puppet9u  IPv6 125394  0t0  TCP *:8140
> (LISTEN)
>
> and I'm not seeing anything in the master log file:
>
> [2018-10-31 16:05:35] DEBUG Puppet::Network::HTTP::WEBrickREST is mounted
> on /.
> [2018-10-31 16:05:35] INFO  WEBrick::HTTPServer#start: pid=25053 port=8140
>
> Confused...
>
> -m
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAOLfK3XYkCM7c3CfB2_CuSGAZ9RFy_4Lk--Xqqc7WEM69z4oTA%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CA%2B%3DBEqXmxwTfHmbcsnvsjspT34FKxLWoJMOipKATnn86kQa8mA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: how to manage a resource to single instance using hiera fqdn in a datacenter.

[Puppet Users] puppet master not seeing certificate signing request from agent

[Puppet Users] Re: puppet master not seeing certificate signing request from agent

Re: [Puppet Users] Re: puppet master not seeing certificate signing request from agent

4 matches

Site Navigation

Mail list logo

Footer information