FAQ
Hi everyone,

Please help, I have built a new server and installed puppet (2.6.17)
running on RHEL 6.3. It seems that it is not listening on port 8139.

iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

/etc/puppet/puppet.conf:
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl

[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt

# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
listen = true
server = mypuppet server.fqdn

/etc/puppet/namespaceauth.conf:
[puppetmaster]
allow mypuppet server.fqdn

/etc/puppet/auth.conf:
# This is an example auth.conf file, it mimics the puppetmasterd defaults
#
# The ACL are checked in order of appearance in this file.
#
# Supported syntax:
# This file supports two different syntax depending on how
# you want to express the ACL.
#
# Path syntax (the one used below):
# ---------------------------------
# path /path/to/resource
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The path is matched as a prefix. That is /file match at
# the same time /file_metadat and /file_content.
#
# Regex syntax:
# -------------
# This one is differenciated from the path one by a '~'
#
# path ~ regex
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The regex syntax is the same as ruby ones.
#
# Ex:
# path ~ .pp$
# will match every resource ending in .pp (manifests files for instance)
#
# path ~ ^/path/to/resource
# is essentially equivalent to path /path/to/resource
#
# environment:: restrict an ACL to a specific set of environments
# method:: restrict an ACL to a specific set of methods
# auth:: restrict an ACL to an authenticated or unauthenticated request
# the default when unspecified is to restrict the ACL to authenticated
requests
# (ie exactly as if auth yes was present).
#

### Authenticated ACL - those applies only when the client
### has a valid certificate and is thus authenticated

# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1

# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *

# allow all nodes to store their reports
path /report
method save
allow *

# Puppetrun settings
path /run
allow mypuppet server fqdn

# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *

### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate

# allow access to the master CA
path /certificate/ca
auth no
method find
allow *

path /certificate/
auth no
method find
allow *

path /certificate_request
auth no
method find, save
allow *

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any

It seems as though the puppet is running:
4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd
--server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log

But I cant even telnet to port 8139 on the localhost to test that the port
is open.

Can any one please help?

Any suggestions welcome, I have copied the /etc/puppet/*.conf files from
another working server.

Please Help!

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7kFNpVNAyd4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Gabriel Filion at Oct 10, 2012 at 3:50 pm

    On 2012-10-10 02:35, Pondy wrote:
    Hi everyone,

    Please help, I have built a new server and installed puppet (2.6.17)
    running on RHEL 6.3. It seems that it is not listening on port 8139.
    By default, puppet listens on 8140, not 8139. And your configuration
    doesn't seem to be specifying an alternative port.

    maybe that's what you ought to looking for?

    tcp 0 0 0.0.0.0:8140 0.0.0.0:*
    LISTEN 18794/ruby1.8

    iptables -L:
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    /etc/puppet/puppet.conf:
    [main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

    [agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion. Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration. An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
    listen = true
    server = mypuppet server.fqdn

    /etc/puppet/namespaceauth.conf:
    [puppetmaster]
    allow mypuppet server.fqdn

    /etc/puppet/auth.conf:
    # This is an example auth.conf file, it mimics the puppetmasterd defaults
    #
    # The ACL are checked in order of appearance in this file.
    #
    # Supported syntax:
    # This file supports two different syntax depending on how
    # you want to express the ACL.
    #
    # Path syntax (the one used below):
    # ---------------------------------
    # path /path/to/resource
    # [environment envlist]
    # [method methodlist]
    # [auth[enthicated] {yes|no|on|off|any}]
    # allow [host|ip|*]
    # deny [host|ip]
    #
    # The path is matched as a prefix. That is /file match at
    # the same time /file_metadat and /file_content.
    #
    # Regex syntax:
    # -------------
    # This one is differenciated from the path one by a '~'
    #
    # path ~ regex
    # [environment envlist]
    # [method methodlist]
    # [auth[enthicated] {yes|no|on|off|any}]
    # allow [host|ip|*]
    # deny [host|ip]
    #
    # The regex syntax is the same as ruby ones.
    #
    # Ex:
    # path ~ .pp$
    # will match every resource ending in .pp (manifests files for instance)
    #
    # path ~ ^/path/to/resource
    # is essentially equivalent to path /path/to/resource
    #
    # environment:: restrict an ACL to a specific set of environments
    # method:: restrict an ACL to a specific set of methods
    # auth:: restrict an ACL to an authenticated or unauthenticated request
    # the default when unspecified is to restrict the ACL to authenticated
    requests
    # (ie exactly as if auth yes was present).
    #

    ### Authenticated ACL - those applies only when the client
    ### has a valid certificate and is thus authenticated

    # allow nodes to retrieve their own catalog (ie their configuration)
    path ~ ^/catalog/([^/]+)$
    method find
    allow $1

    # allow all nodes to access the certificates services
    path /certificate_revocation_list/ca
    method find
    allow *

    # allow all nodes to store their reports
    path /report
    method save
    allow *

    # Puppetrun settings
    path /run
    allow mypuppet server fqdn

    # inconditionnally allow access to all files services
    # which means in practice that fileserver.conf will
    # still be used
    path /file
    allow *

    ### Unauthenticated ACL, for clients for which the current master doesn't
    ### have a valid certificate

    # allow access to the master CA
    path /certificate/ca
    auth no
    method find
    allow *

    path /certificate/
    auth no
    method find
    allow *

    path /certificate_request
    auth no
    method find, save
    allow *

    # this one is not stricly necessary, but it has the merit
    # to show the default policy which is deny everything else
    path /
    auth any

    It seems as though the puppet is running:
    4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd
    --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log

    But I cant even telnet to port 8139 on the localhost to test that the
    port is open.

    Can any one please help?

    Any suggestions welcome, I have copied the /etc/puppet/*.conf files from
    another working server.

    Please Help!

    --
    Gabriel Filion
  • Jo Rhett at Oct 10, 2012 at 6:59 pm

    On Oct 9, 2012, at 11:35 PM, Pondy wrote:
    Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139. ...
    It seems as though the puppet is running:
    4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log
    That's the puppet client. You want to start the puppetmaster with "service puppetmaster start" to get the server.

    As per the other replier, default port is 8140 unless you've changed it in the config.

    --
    Jo Rhett
    Net Consonance : net philanthropy to improve open source and internet projects.



    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Pondy at Oct 10, 2012 at 11:34 pm
    Hi All, thanks for your input. So, I am talking about the puppet client.
    The puppet master server and all other clients seem to be working ok. I am
    also unable to telnet locally to port 8139 or 8140.
    On Thursday, 11 October 2012 04:30:21 UTC+10, Jo wrote:


    On Oct 9, 2012, at 11:35 PM, Pondy wrote:

    Please help, I have built a new server and installed puppet (2.6.17)
    running on RHEL 6.3. It seems that it is not listening on port 8139.

    ...

    It seems as though the puppet is running:
    4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd
    --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log


    That's the puppet client. You want to start the puppetmaster with "service
    puppetmaster start" to get the server.

    As per the other replier, default port is 8140 unless you've changed it in
    the config.

    --
    Jo Rhett
    Net Consonance : net philanthropy to improve open source and internet
    projects.


    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/skdRN9Ej2uwJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Gabriel Filion at Oct 11, 2012 at 1:32 am

    On 2012-10-10 18:37, Pondy wrote:
    Hi All, thanks for your input. So, I am talking about the puppet client.
    ah oops sorry, I'm not used to dealing with this option :\ my bad
    The puppet master server and all other clients seem to be working ok. I
    am also unable to telnet locally to port 8139 or 8140.
    hmm this is weird. in your original post you showed us that there were
    no iptables rules, and you do have "listen = true" in your puppet.conf.

    do you see the port as open and listening with netstat?

    --
    Gabriel Filion
  • Pondy at Oct 11, 2012 at 1:58 am
    Hi Gabrielle,

    Yes, I have listen = true and I cannot see that port open with netstat... I
    am truly confused, theres not much showing in the logs either.

    Thanks!

    On Thursday, 11 October 2012 09:46:31 UTC+10, Lelutin wrote:
    On 2012-10-10 18:37, Pondy wrote:
    Hi All, thanks for your input. So, I am talking about the puppet client.
    ah oops sorry, I'm not used to dealing with this option :\ my bad
    The puppet master server and all other clients seem to be working ok. I
    am also unable to telnet locally to port 8139 or 8140.
    hmm this is weird. in your original post you showed us that there were
    no iptables rules, and you do have "listen = true" in your puppet.conf.

    do you see the port as open and listening with netstat?

    --
    Gabriel Filion
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Josh Cooper at Oct 11, 2012 at 3:08 pm
    Hi,
    On Oct 10, 2012, at 6:58 PM, Pondy wrote:

    Hi Gabrielle,

    Yes, I have listen = true and I cannot see that port open with netstat... I am truly confused, theres not much showing in the logs either.

    Thanks!

    On Thursday, 11 October 2012 09:46:31 UTC+10, Lelutin wrote:
    On 2012-10-10 18:37, Pondy wrote:
    Hi All, thanks for your input. So, I am talking about the puppet client.
    ah oops sorry, I'm not used to dealing with this option :\ my bad
    The puppet master server and all other clients seem to be working ok. I
    am also unable to telnet locally to port 8139 or 8140.
    hmm this is weird. in your original post you showed us that there were
    no iptables rules, and you do have "listen = true" in your puppet.conf.

    do you see the port as open and listening with netstat?

    --
    Gabriel Filion
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
    Try running with --debug. Note you'll need to provide an auth.conf on the client otherwise no one will be allowed to connect, and puppet will ignore the listen setting.

    Josh

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedOct 10, '12 at 6:41a
activeOct 11, '12 at 3:08p
posts7
users4
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase