[Puppet Users] Starting over with Puppet Master and Puppet Client

I am making a huge mess, so I'd rather to start over and configure them.

This is a total newbie trying to setup something for his lab.... I think
this would also help many people out there..
*
Part I. *
I reinstalled puppetmaster and puppet on the master and client machine.

Here is the /etc/hosts for the master
127.0.0.1 localhost
127.0.1.1 ghive-ldap
10.10.0.57 ghive-ldap.abc.edu ghive-ldap
#10.10.0.57 ghive-ldap.abc.edu puppet
10.10.0.56 giab10

You see the line I commented out? In many tutorials, they say put the
default puuet after there. I am not sure if I am supposed to do that
(repeating a line like that...)? Everything else is default (our sys admin
sets up that way...)

Here is the /etc/hosts on the client
127.0.0.1 localhost
127.0.1.1 giab10

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
130.55.57.51 ghive-ldap

I can ping puppet, ghive-ldap, giab10.....

So for this step one... how am I supposed to tweak things??? Uncomment what
I have?

----------------
*Part II.
*
I started puppetmaster on the master machine like this

Then on client:
sudo puppet agent --server ghive-ldap --waitforcert 60 --test --verbose
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session

It hangs there, so back to master and check the cert list
sudo puppet cert --list

I got none!

By the way, I have to add double dash in front of list, because of this:
sudo puppet cert list
Invalid method to apply

So what should I do? I am not sure where the Doc covers this...
Should I issue sudo puppetca --sign giab10 on the master???

Please guide me through this. Thanks!


--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/jWD3_YwGhcsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

On Thursday, June 14, 2012 5:53:53 PM UTC-4, Ygor wrote:

Silly Question Number One:

What node definitions do you have in your manifest ?

Classically, you have *.pp files in /etc/puppet/manifest/nodes that are
referenced from /etc/puppet/manifest/site.pp

As an example, this line is in my site.pp file:

import "nodes/*-nodes.pp"


“Sometimes I think the surest sign that intelligent life exists elsewhere
in the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- tas wrote:

Dear Ygor,

I am afraid I don't have any node definition. I search through... none.

We basically first blueprint our blueprint machine, generate puppet files,
and then move them to the puppetmaster's /etc/puppet/modules
Then there is an init.pp file.

root@ghive-ldap:/etc/puppet# ls -r
ssl modules manifests

root@ghive-ldap:/etc/puppet/manifests# ls (gives none...)

root@ghive-ldap:/etc/puppet/modules# ls
files manifests templates

root@ghive-ldap:/etc/puppet/modules/manifests# ls
init.pp

I don't have site.pp... according to the previous tech's manual (giab012412
is the blueprint name, used to generate puppets)
Then, in /etc/puppet/manifests/site.pp modify the line that reads
"include giab.." to say "include giab012412". This will tell the
puppetmaster
to apply the new giab blueprint to all giabs that connect to it.


Thanks...
Sorry for making things so confusing...

John
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/aeE-5g1vAWkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

On Thursday, June 14, 2012 6:26:05 PM UTC-4, Ygor wrote:

Without a default node definition as an absolute minimum,
what is the Puppet Master supposed to do when queried by the Puppet
Client/Agent ?

I believe it will do exactly what your servers are doing: bupkis !

http://en.wiktionary.org/wiki/bupkis

“Sometimes I think the surest sign that intelligent life exists elsewhere
in the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- tas wrote:
are
elsewhere
them.
think
machine.
the
Uncomment
--verbose
this:

On Thursday, June 14, 2012 6:39:36 PM UTC-5, tas wrote:
Dear Ygor,

Thank you for the guidance.
I didn't know we have to specify one... almost every single tutorial I
visit didn't mention it :( bad...

http://pratikamin.wordpress.com/2011/05/24/turning-a-blueprint-puppet-recipe-into-a-puppet-deployment/

On Friday, June 15, 2012 10:31:50 AM UTC-4, jcbollinger wrote:


Do you mean like this section from that article?

4. Edit /etc/puppet/manifests/site.pp, this is the default file puppet
looks for, and loads first. For now you probably want to do it in here, but
later put it into node.pp or something(assuming client name is
blogtest.test.com)

node vpsblueprint {
include vps_blueprint
}

node 'blogtest.test.com' inherits vpsblueprint{
}

This tells puppet for the client connecting with the hostname
blogtest.test.com it should use the vpsblueprint node, which includes the
vps_blueprint module.

I must say that I have not noticed tutorials to be systematically
deficient in that regard. Puppetlabs's own cover the topic, and I don't
recall seeing any full-blown tutorials that miss it. More narrowly-focused
tutorials might omit it where it would be out of scope, of course.

John

On Friday, June 15, 2012 12:24:04 PM UTC-4, tas wrote:

Thanks John.
Yes. So I have a similar node configuration setup, as described in the
previous post. I am writing out these steps so I can document this and
hopefully will benefit more people....

on master:
service puppetmaster stop
service puppetmaster start

on client
service puppet stop
puppet agent --test

Check cert list on master, none.

*NOW*

on client, delete sudo rm -rf /var/lib/puppet/ssl
then run sudo puppetd -tdv

info: Creating a new SSL key for giab10
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for giab10
info: Certificate Request fingerprint (md5): FF:FF:...........

Wow...

Back to master....

sudo puppetca --list
giab10 (FF:FF:...................)
glasslab@ghive-ldap:~$ sudo puppet cert sign giab1
notice: Signed certificate request for giab10
notice: Removing file Puppet::SSL::CertificateRequest giab10 at
'/etc/puppet/ssl/ca/requests/giab10.pem'
Cool.

Can we test again? Back to client...

sudo puppet agent --test
err: Could not retrieve catalog from remote server: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

AHHHH... Try this? First delete the ssl....

sudo rm -rf /etc/puppet/ssl/

giabadmin@giab10:~$ sudo puppet agent --server puppet --waitforcert 60
--test --verbose

sudo puppet agent --server ghive-ldap --waitforcert 60 --test
--verbose

or
sudo puppet agent --test

err: Could not retrieve catalog from remote server: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog



NO LUCK....
Where's the problem?

Thanks.

On Friday, June 15, 2012 11:32:11 AM UTC-5, tas wrote:
By the way,

sudo puppetd -tdv did this again I receive the same SSL error....

My /etc/hosts on client looks like this
134.74.77.21 ghive-ldap.domain.com ghive-ldap puppet

On the client I have this
127.0.0.1 localhost
127.0.1.1 ghive-ldap
10.10.0.57 ghive-ldap.domain.com ghive-ldap
10.10.0.57 ghive-ldap.domain.com puppet <--------- I added this
line myself
10.10.0.56 giab10

On Thursday, June 14, 2012 3:26:05 PM UTC-7, Ygor wrote:
Without a default node definition as an absolute minimum,
what is the Puppet Master supposed to do when queried by the Puppet
Client/Agent ?

I believe it will do exactly what your servers are doing: bupkis !

On Friday, June 15, 2012 12:44:44 PM UTC-4, Philip Brown wrote:




Minor point of pedantry:

While I think having node definitions are a good idea; technically
speaking, I dont think they are required. I think it is possible to have a
site.pp that does exactly the same thing for all machines, and that is
technically "legal" puppetry.

But I'm not an expert, so please take my statement with a grain of salt.