FAQ
I did `yum update` on my puppet server about a week ago. Up to that point I
had puppet and puppetdb running on the same machine. Since the update
puppetdb doesn't appear to be listening on port 8081 anymore.

When I run `puppet agent --test` on a client I get this error:

     err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Failed to submit 'replace facts' command for plugpc-005.client to
PuppetDB at puppet.server:8081: Connection refused - connect(2)

Looking at `nmap -P0 puppet.server` shows that port 8081 isn't open. Trying
`telnet puppet.server 8081` confirms this.

My configs are all set using the values from
[here].(http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).

`ps -ax` shows that the processes are running:

     2040 ? Ss 4:55 /usr/sbin/openvpn --daemon --writepid
/var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn
--script-security 2
     29737 ? Sl 0:37 /usr/bin/java -XX:OnOutOfMemoryError=kill -9
%p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
     29924 ? Sl 0:01 Passenger AppPreloader:
/usr/share/puppet/rack/puppetmasterd
     29963 ? Sl 0:00 Passenger RackApp:
/usr/share/puppet/rack/puppetmasterd


The output of `netstat -nap | grep 8081` is empty.

Turning off iptables doesn't make any difference. (not that it would -
nobody is listening at the port anyway)

NOTE: This system was working ok before the update. I could download
configs to clients and query the db for the results.

So - what did I break?

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Ken Barber at Dec 5, 2013 at 8:25 pm
    I responded to this in ask, but I'll answer here also.

    In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and
    ssl-port must be set to listen on the SSL port (8081). However, if
    your ssl certs aren't yet configured this may fail for you. Usually
    puppetdb-ssl-setup is a good way to set these up automatically, so try
    this first. For ssl-host I usually recommend something like ::1 or
    0.0.0.0 to listen on all ports for simplicity, but you can make this
    explicit if you like.

    ken.


    On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers wrote:
    I did `yum update` on my puppet server about a week ago. Up to that point I
    had puppet and puppetdb running on the same machine. Since the update
    puppetdb doesn't appear to be listening on port 8081 anymore.

    When I run `puppet agent --test` on a client I get this error:

    err: Could not retrieve catalog from remote server: Error 400 on SERVER:
    Failed to submit 'replace facts' command for plugpc-005.client to PuppetDB
    at puppet.server:8081: Connection refused - connect(2)

    Looking at `nmap -P0 puppet.server` shows that port 8081 isn't open. Trying
    `telnet puppet.server 8081` confirms this.

    My configs are all set using the values from
    [here].(http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).

    `ps -ax` shows that the processes are running:

    2040 ? Ss 4:55 /usr/sbin/openvpn --daemon --writepid
    /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn
    --script-security 2
    29737 ? Sl 0:37 /usr/bin/java -XX:OnOutOfMemoryError=kill -9
    %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError
    -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
    /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
    29924 ? Sl 0:01 Passenger AppPreloader:
    /usr/share/puppet/rack/puppetmasterd
    29963 ? Sl 0:00 Passenger RackApp:
    /usr/share/puppet/rack/puppetmasterd


    The output of `netstat -nap | grep 8081` is empty.

    Turning off iptables doesn't make any difference. (not that it would -
    nobody is listening at the port anyway)

    NOTE: This system was working ok before the update. I could download configs
    to clients and query the db for the results.

    So - what did I break?

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAE4bNT%3DfF77%3DfzN3U_qphxLzRpCvXwx%2Bj2zX9X7kk0BVS9i6Kw%40mail.gmail.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Jon Yeargers at Dec 5, 2013 at 9:15 pm
    I used 'puppetdb-ssl-setup' (after removing the ssl folder) to no avail.

    (sorry about cross posting - I thought I had removed the 'ask' entry)
    On Thursday, December 5, 2013 12:25:24 PM UTC-8, Ken Barber wrote:

    I responded to this in ask, but I'll answer here also.

    In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and
    ssl-port must be set to listen on the SSL port (8081). However, if
    your ssl certs aren't yet configured this may fail for you. Usually
    puppetdb-ssl-setup is a good way to set these up automatically, so try
    this first. For ssl-host I usually recommend something like ::1 or
    0.0.0.0 to listen on all ports for simplicity, but you can make this
    explicit if you like.

    ken.


    On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers wrote:
    I did `yum update` on my puppet server about a week ago. Up to that point I
    had puppet and puppetdb running on the same machine. Since the update
    puppetdb doesn't appear to be listening on port 8081 anymore.

    When I run `puppet agent --test` on a client I get this error:

    err: Could not retrieve catalog from remote server: Error 400 on SERVER:
    Failed to submit 'replace facts' command for plugpc-005.client to PuppetDB
    at puppet.server:8081: Connection refused - connect(2)

    Looking at `nmap -P0 puppet.server` shows that port 8081 isn't open. Trying
    `telnet puppet.server 8081` confirms this.

    My configs are all set using the values from
    [here].(
    http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).
    `ps -ax` shows that the processes are running:

    2040 ? Ss 4:55 /usr/sbin/openvpn --daemon --writepid
    /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn
    --script-security 2
    29737 ? Sl 0:37 /usr/bin/java -XX:OnOutOfMemoryError=kill -9
    %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError
    -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
    /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
    29924 ? Sl 0:01 Passenger AppPreloader:
    /usr/share/puppet/rack/puppetmasterd
    29963 ? Sl 0:00 Passenger RackApp:
    /usr/share/puppet/rack/puppetmasterd


    The output of `netstat -nap | grep 8081` is empty.

    Turning off iptables doesn't make any difference. (not that it would -
    nobody is listening at the port anyway)

    NOTE: This system was working ok before the update. I could download configs
    to clients and query the db for the results.

    So - what did I break?

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to puppet-users...@googlegroups.com <javascript:>.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6e94f3ef-4320-4b49-b430-10f646f220cc%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Ken Barber at Dec 5, 2013 at 9:18 pm
    Can you show your jetty.ini? And the results of running
    puppetdb-ssl-setup ... the more information the better in these kinds
    of cases.

    Also - is PuppetDB listening to port 8080?
    On Thu, Dec 5, 2013 at 9:15 PM, Jon Yeargers wrote:
    I used 'puppetdb-ssl-setup' (after removing the ssl folder) to no avail.

    (sorry about cross posting - I thought I had removed the 'ask' entry)

    On Thursday, December 5, 2013 12:25:24 PM UTC-8, Ken Barber wrote:

    I responded to this in ask, but I'll answer here also.

    In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and
    ssl-port must be set to listen on the SSL port (8081). However, if
    your ssl certs aren't yet configured this may fail for you. Usually
    puppetdb-ssl-setup is a good way to set these up automatically, so try
    this first. For ssl-host I usually recommend something like ::1 or
    0.0.0.0 to listen on all ports for simplicity, but you can make this
    explicit if you like.

    ken.


    On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers wrote:
    I did `yum update` on my puppet server about a week ago. Up to that
    point I
    had puppet and puppetdb running on the same machine. Since the update
    puppetdb doesn't appear to be listening on port 8081 anymore.

    When I run `puppet agent --test` on a client I get this error:

    err: Could not retrieve catalog from remote server: Error 400 on
    SERVER:
    Failed to submit 'replace facts' command for plugpc-005.client to
    PuppetDB
    at puppet.server:8081: Connection refused - connect(2)

    Looking at `nmap -P0 puppet.server` shows that port 8081 isn't open.
    Trying
    `telnet puppet.server 8081` confirms this.

    My configs are all set using the values from

    [here].(http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).

    `ps -ax` shows that the processes are running:

    2040 ? Ss 4:55 /usr/sbin/openvpn --daemon --writepid
    /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn
    --script-security 2
    29737 ? Sl 0:37 /usr/bin/java -XX:OnOutOfMemoryError=kill
    -9
    %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError
    -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
    /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
    29924 ? Sl 0:01 Passenger AppPreloader:
    /usr/share/puppet/rack/puppetmasterd
    29963 ? Sl 0:00 Passenger RackApp:
    /usr/share/puppet/rack/puppetmasterd


    The output of `netstat -nap | grep 8081` is empty.

    Turning off iptables doesn't make any difference. (not that it would -
    nobody is listening at the port anyway)

    NOTE: This system was working ok before the update. I could download
    configs
    to clients and query the db for the results.

    So - what did I break?

    --
    You received this message because you are subscribed to the Google
    Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an
    email to puppet-users...@googlegroups.com.
    To view this discussion on the web visit

    https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/puppet-users/6e94f3ef-4320-4b49-b430-10f646f220cc%40googlegroups.com.

    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAE4bNT%3DWEPeDpGX%2B8kWh8FebSgLjpYVDR6V8Evk2d_f%3DHqMeCQ%40mail.gmail.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Jon Yeargers at Dec 5, 2013 at 9:26 pm
    Setting the 'ssl_host=' param to 0.0.0.0 turned the trick (so to speak). I
    kept trying variations on what the ssl cert was created for.

    Thank you for clearing this up for me.
    On Thursday, December 5, 2013 1:17:51 PM UTC-8, Ken Barber wrote:

    Can you show your jetty.ini? And the results of running
    puppetdb-ssl-setup ... the more information the better in these kinds
    of cases.

    Also - is PuppetDB listening to port 8080?
    On Thu, Dec 5, 2013 at 9:15 PM, Jon Yeargers wrote:
    I used 'puppetdb-ssl-setup' (after removing the ssl folder) to no avail.

    (sorry about cross posting - I thought I had removed the 'ask' entry)

    On Thursday, December 5, 2013 12:25:24 PM UTC-8, Ken Barber wrote:

    I responded to this in ask, but I'll answer here also.

    In the file /etc/puppetdb/conf.d/jetty.ini, the settings ssl-host and
    ssl-port must be set to listen on the SSL port (8081). However, if
    your ssl certs aren't yet configured this may fail for you. Usually
    puppetdb-ssl-setup is a good way to set these up automatically, so try
    this first. For ssl-host I usually recommend something like ::1 or
    0.0.0.0 to listen on all ports for simplicity, but you can make this
    explicit if you like.

    ken.


    On Thu, Dec 5, 2013 at 7:48 PM, Jon Yeargers wrote:
    I did `yum update` on my puppet server about a week ago. Up to that
    point I
    had puppet and puppetdb running on the same machine. Since the update
    puppetdb doesn't appear to be listening on port 8081 anymore.

    When I run `puppet agent --test` on a client I get this error:

    err: Could not retrieve catalog from remote server: Error 400 on
    SERVER:
    Failed to submit 'replace facts' command for plugpc-005.client to
    PuppetDB
    at puppet.server:8081: Connection refused - connect(2)

    Looking at `nmap -P0 puppet.server` shows that port 8081 isn't open.
    Trying
    `telnet puppet.server 8081` confirms this.

    My configs are all set using the values from

    [here].(
    http://docs.puppetlabs.com/puppetdb/latest/connect_puppet_master.html).
    `ps -ax` shows that the processes are running:

    2040 ? Ss 4:55 /usr/sbin/openvpn --daemon --writepid
    /var/run/openvpn/puppet.pid --config puppet.conf --cd /etc/openvpn
    --script-security 2
    29737 ? Sl 0:37 /usr/bin/java
    -XX:OnOutOfMemoryError=kill
    -9
    %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError
    -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
    /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
    29924 ? Sl 0:01 Passenger AppPreloader:
    /usr/share/puppet/rack/puppetmasterd
    29963 ? Sl 0:00 Passenger RackApp:
    /usr/share/puppet/rack/puppetmasterd


    The output of `netstat -nap | grep 8081` is empty.

    Turning off iptables doesn't make any difference. (not that it would
    -
    nobody is listening at the port anyway)

    NOTE: This system was working ok before the update. I could download
    configs
    to clients and query the db for the results.

    So - what did I break?

    --
    You received this message because you are subscribed to the Google
    Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it,
    send
    an
    email to puppet-users...@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/puppet-users/f4f93c97-a763-40c4-96c6-6c341893fc74%40googlegroups.com.
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to puppet-users...@googlegroups.com <javascript:>.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/puppet-users/6e94f3ef-4320-4b49-b430-10f646f220cc%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ebec75a1-e06c-4931-9b31-b1955908cd02%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedDec 5, '13 at 7:48p
activeDec 5, '13 at 9:26p
posts5
users2
websitepuppetlabs.com

2 users in discussion

Jon Yeargers: 3 posts Ken Barber: 2 posts

People

Translate

site design / logo © 2022 Grokbase