I have been wrestling with getting collective installed for the bast week or so, and its just not working. My biggest problems are the fact that...
1) All the instructions and modules seem to be referencing the paths from puppet3. I can't find 1 tutorial that uses mcollectve that is part of puppet-agent.
2) I can't get a good handle on the correct configurations for the server,m the notes, and the individual users and which certs to use in which configuration file.
Here is my layout. I have a host, puppetmaster, that is running puppet server, activemq, and should be the collective admin host (collective client). I have 2 hosts that will be administered by puppet (collective servers), and I have tried to make myself the admin.
Here is my client config on puppetmaster:
# /etc/puppetlabs/mcollective/client.cfg
# ActiveMQ connector settings:
connector = activemq
direct_addressing = 1
plugin.activemq.pool.size = 1
plugin.activemq.pool.1.host = puppetmaster.myco.com
plugin.activemq.pool.1.port = 61614
plugin.activemq.pool.1.user = mcollective
plugin.activemq.pool.1.password = collective
plugin.activemq.pool.1.ssl = 1
plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/puppet/ssl/certs/ca.pem
plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/puppet/ssl/certs/puppetmaster.myco.com.pem
plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.myco.com.pem
plugin.activemq.pool.1.ssl.fallback = 0
# SSL security plugin settings:
securityprovider = ssl
plugin.ssl_server_public = /etc/puppetlabs/mcollective/server_public.pem
plugin.ssl_client_private = /etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.myco.com.pem
plugin.ssl_client_public = /etc/puppetlabs/puppet/ssl/certs/puppetmaster.myco.com.pem
# Interface settings:
default_discovery_method = mc
direct_addressing_threshold = 10
ttl = 60
color = 1
rpclimitmethod = first
# No additional subcollectives:
collectives = mcollective
main_collective = mcollective
# Platform defaults:
# These settings differ based on platform; the default config file created
# by the package should include correct values or omit the setting if the
# default value is fine.
libdir = /opt/puppetlabs/mcollective/plugins/
# Logging:
logger_type = console
loglevel = warn
On my hosts, it-lnx-01, for example, the server.cfg is:
# /etc/puppetlabs/mcollective/server.cfg
# ActiveMQ connector settings:
connector = activemq
direct_addressing = 1
plugin.activemq.pool.size = 1
plugin.activemq.pool.1.host = puppetmaster.myco.com
plugin.activemq.pool.1.port = 61614
plugin.activemq.pool.1.user = mcollective
plugin.activemq.pool.1.password = mcollective
plugin.activemq.pool.1.ssl = 1
plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/puppet/ssl/certs/ca.pem
plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/puppet/ssl/certs/it-lnx-01.myco.com.pem
plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/puppet/ssl/private_keys/it-lnx-01.myco.com.pem
plugin.activemq.pool.1.ssl.fallback = 0
# SSL security plugin settings:
securityprovider = ssl
plugin.ssl_client_cert_dir = /etc/puppetlabs/mcollective/clients
plugin.ssl_server_private = /etc/puppetlabs/mcollective/server_private.pem
plugin.ssl_server_public = /etc/puppetlabs/mcollective/server_public.pem
# Facts, identity, and classes:
identity = it-lnx-01.myco.com
factsource = yaml
plugin.yaml = /etc/puppetlabs/mcollective/facts.yaml
classesfile = /opt/puppetlabs/puppet/cache/state/classes.txt
# No additional subcollectives:
collectives = mcollective
main_collective = mcollective
# Registration:
# We don't configure a listener, and only send these messages to keep the
# Stomp connection alive. This will use the default "agentlist" registration
# plugin.
registerinterval = 600
# Auditing (optional):
# If you turn this on, you must arrange to rotate the log file it creates.
rpcaudit = 1
rpcauditprovider = logfile
plugin.rpcaudit.logfile = /var/log/puppetlabs/mcollective/mcollective-audit.log
# Authorization:
# If you turn this on now, you won't be able to issue most MCollective
# commands, although `mco ping` will work. You should deploy the
# ActionPolicy plugin before uncommenting this; see "Deploy Plugins" below.
# rpcauthorization = 1
# rpcauthprovider = action_policy
# plugin.actionpolicy.allow_unconfigured = 1
# Logging:
logger_type = file
loglevel = info
logfile = /var/log/puppetlabs/mcollective/mcollective.log
keeplogs = 5
max_log_size = 2097152
logfacility = user
# Miscellaneous settings:
color = 1
# Platform defaults:
# These settings differ based on platform; the default config file created by
# the package should include correct values. If you are managing settings as
# resources, you can ignore them, but with a template you'll have to account
# for the differences.
libdir = /opt/puppetlabs/mcollective/plugins/
daemonize = 1
The server configs on puppetmaster and it-lnx-02 are the same with the obvious name changes.
My personal .mcollective file is:
# ~/.mcollective
# ActiveMQ connector settings:
connector = activemq
direct_addressing = 1
plugin.activemq.pool.size = 1
plugin.activemq.pool.1.host = puppetmaster.myco.com
plugin.activemq.pool.1.port = 61614
plugin.activemq.pool.1.user = mcollective
plugin.activemq.pool.1.password = mcollective
plugin.activemq.pool.1.ssl = 1
plugin.activemq.pool.1.ssl.ca = /users/zdehnert/.mcollective.d/credentials/certs/ca.pem
plugin.activemq.pool.1.ssl.cert = /users/zdehnert/.mcollective.d/credentials/certs/zdehnert.pem
plugin.activemq.pool.1.ssl.key = /users/zdehnert/.mcollective.d/credentials/private_keys/zdehnert.pem
plugin.activemq.pool.1.ssl.fallback = 0
# SSL security plugin settings:
securityprovider = ssl
plugin.ssl_server_public = /users/zdehnert/.mcollective.d/credentials/certs/mcollective-servers.pem
plugin.ssl_client_private = /users/zdehnert/.mcollective.d/credentials/private_keys/zdehnert.pem
plugin.ssl_client_public = /users/zdehnert/.mcollective.d/credentials/certs/zdehnert.pem
# Interface settings:
default_discovery_method = mc
direct_addressing_threshold = 10
ttl = 60
color = 1
rpclimitmethod = first
# No additional subcollectives:
collectives = mcollective
main_collective = mcollective
# Platform defaults:
# These settings differ based on platform; the default config file created
# by the package should include correct values or omit the setting if the
# default value is fine.
libdir = /opt/puppetlabs/mcollective/plugins/
# Logging:
logger_type = console
loglevel = warn
My activemq.xml file is:
file:${activemq.base}/conf/credentials.properties ' The Marionette Collective 2.8.7 started logging at info level
I, [2016-03-03T10:26:08.800495 #21496] INFO -- : activemq.rb:211:in `initialize' ActiveMQ connector initialized. Using stomp-gem 1.3.3
I, [2016-03-03T10:26:08.807081 #21496] INFO -- : activemq.rb:313:in `connection_headers' Connecting without STOMP 1.1 heartbeats, if you are using ActiveMQ 5.8 or newer consider setting plugin.activem
q.heartbeat_interval
I, [2016-03-03T10:26:08.808858 #21496] INFO -- : activemq.rb:139:in `on_ssl_connecting' Establishing SSL session with stomp+ssl://mcollective@puppetmaster.myco.com:61614
I, [2016-03-03T10:26:08.968157 #21496] INFO -- : activemq.rb:144:in `on_ssl_connected' SSL session established with stomp+ssl://mcollective@puppetmaster.myco.com:61614
I, [2016-03-03T10:26:08.978046 #21496] INFO -- : activemq.rb:119:in `on_connected' Connected to stomp+ssl://mcollective@puppetmaster.myco.com:61614
When I start activemq, the only warning I see in the log file is this:
2016-03-03 10:34:17,798 | WARN | Failed startup of context o.e.j.w.WebAppContext@42530531{/admin,file:/opt/apache-activemq-5.13.0/webapps/admin/,null} | org.eclipse.jetty.webapp.WebAppContext | main
java.lang.IllegalStateException: Parent for temp dir not configured correctly: writeable=false
which looks like it's just a permission error. (I was able to fix that)
My collective log is giving me this:
I, [2016-03-03T10:51:19.045126 #24579] INFO -- : mcollectived:64:in `' The Marionette Collective 2.8.7 started logging at info level
I, [2016-03-03T10:51:19.059902 #24586] INFO -- : activemq.rb:211:in `initialize' ActiveMQ connector initialized. Using stomp-gem 1.3.3
I, [2016-03-03T10:51:19.060714 #24586] INFO -- : activemq.rb:313:in `connection_headers' Connecting without STOMP 1.1 heartbeats, if you are using ActiveMQ 5.8 or newer consider setting plugin.activemq.heartbeat_interval
I, [2016-03-03T10:51:19.065835 #24586] INFO -- : activemq.rb:139:in `on_ssl_connecting' Establishing SSL session with stomp+ssl://mcollective@puppetmaster.myco.com:61614
I, [2016-03-03T10:51:19.203184 #24586] INFO -- : activemq.rb:144:in `on_ssl_connected' SSL session established with stomp+ssl://mcollective@puppetmaster.myco.com:61614
I, [2016-03-03T10:51:19.206548 #24586] INFO -- : activemq.rb:119:in `on_connected' Connected to stomp+ssl://mcollective@puppetmaster.myco.com:61614
I worked through the documentation trying very hard to map the puppet3 paths to the puppet4 paths. U have checked and rechecked the keystone and truststore, but I still can't even ping the other hosts.
Any suggestions are more than welcome.
Thanks,
James "Zeke" Dehnert
--
mailto:zdehnert@gmail.com James "Zeke" Dehnert
-= Eschew Obfuscation =-
"Life is racing. Everything else is just waiting"
↧