[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Getting Puppetd To Work




On 06/21/2009 10:32 AM, Todd Zullinger wrote:
Robert L Cochran wrote:
If you have local DNS setup, you can add puppet as a CNAME for your
server.  If not, you could add it to /etc/hosts.  I've always done the
former.

Okay, so that would work like this:


puppet.                              CNAME     deafeng3.signtype.info.
deafeng3.signtype.info     A               192.168.4.75

You _may_ not want the . at the end of puppet., as that will make the
fqdn puppet, rather than puppet.signtype.info.

I'm not positive that it will matter or not.  You just want to be sure
that the certificate names match, otherwise puppet will fail to verify
those certificates and you'll get new errors when you try to connect
to the puppetmaster. :)

I left my puppetmaster server and puppet client running with 'puppet.' in the CNAME record instead 'puppet' in hopes of seeing what happens when the client tries to connect to the puppet master. Look at these messages in /var/log/messages that I got just now. What do you think of these?

Jun 21 10:52:32 deafeng3 puppetmasterd[3281]: Compiled catalog for deafeng3.signtype.info in 0.02 seconds
Jun 21 10:52:32 deafeng3 puppetd[3339]: Starting catalog run
Jun 21 10:52:32 deafeng3 puppetd[3339]: Finished catalog run in 0.02 seconds


Does this indicate success?

Look at what happens when I try to ping 'puppet':

[rlc deafeng3 ~]$ ping -c3 puppet
PING deafeng3.signtype.info (192.168.1.46) 56(84) bytes of data.
64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=1 ttl=64 time=0.101 ms 64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=2 ttl=64 time=0.106 ms 64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=3 ttl=64 time=0.103 ms

To get the above result I did one other thing. I edited /etc/hosts to indicate that puppet is an alias for this machine. However I have not restarted networking yet. Here is the edit I made:

192.168.1.46    deafeng3.signtype.info deafeng3 puppet

I'm at the very start of the puppet tutorial where I just try to get the puppet client on the same machine as the puppetmaster to work with the sudo.pp class. I haven't yet tried to get a puppet client on a different machine to connect to the server.

It looks like each time the puppet client tries to connect to the server, it possibly issues an ifconfig. I haven't looked at the source to confirm that. Look at these messages from Selinux:

Jun 21 10:52:33 deafeng3 setroubleshoot: SELinux is preventing ifconfig (ifconfig_t) "read" security_t. For complete SELinux messages. run sealert -l 0c1fa1a8-f807-4016-947c-ffbb64975302 Jun 21 10:52:33 deafeng3 setroubleshoot: SELinux is preventing ifconfig (ifconfig_t) "read" security_t. For complete SELinux messages. run sealert -l 0c1fa1a8-f807-4016-947c-ffbb64975302




Feel free to correct me if I'm wrong. I'll give it a try pending
confirmation. This would be very helpful material in the
reductivelabs.com tutorial for puppet.

I imagine generalizing it to note that the name of the puppetmaster
defaults to puppet and that a CNAME or host entry should be present
prior to starting the puppetmaster might be good.  That and the
alternative of setting the server parameter in the config file.  It's
been a while since I read through the docs from the beginning, so I
don't know where the best location is for this or whether it's in
there somewhere.

It is a wiki though, so if you're reading along and find places that
could be improved, feel free to add them.  (It's probably good to make
notes locally and them come back to them after you've got things
working to see which things still need improvement and which parts are
actually clear once you've read through all the docs. :)

Yes, taking notes is extremely important. I totally agree.

Bob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]