I have set up a puppet master and puppet agent server in one network. I have signed the puppet agent's cert request from the puppet master server. I am trying to run a manifest from Puppet Master against the Puppet agent server, but it is failing. The newManifest.pp on both Puppet Master servers calls the Puppet Agent through its FQDN. The /etc/hosts file on both servers has the entries of the FQDN of both servers and their IP addresses. I can ping each server from the other. I can SSH from each server to the other.
I have set up a puppet master and puppet agent server in a second network. I have signed the puppet agent's cert request from the puppet master server. I am trying to run a manifest from Puppet Master against the Puppet agent server, but it is failing. The newManifest.pp on both Puppet Master servers calls the Puppet Agent through its FQDN. The /etc/hosts file on both servers has the entries of the FQDN of both servers and their IP addresses. I can ping each server from the other. I can SSH from each server to the other.
All four of these servers in both networks have CentOS 7 as the OS with open source Puppet version 3.8.4. The firewalls are turned off on all four machines. These ports are not blocked on any intermediate path: 22, 443, 8140, and 61610 on either network between the Puppet Master and Puppet Agent servers.
In network one, I expect manifests to compile. They never have.
I tried this with sshd_config to use ports 22, 443, 8140, and 61610 on both the Puppet Master and Puppet agent. When I use this from the puppet master:
puppet agent -t newManifest.pp --server='foobar.acme.com'
I get an error: "Unable to fetch my node definition, but the agent will continue: Warning: Connection refused - connect(2)."
I tried again with sshd_config to not use any ports specifically. I recycled the sshd_config services. I run the same command:
puppet agent -t newManifest.pp --server='foobar.acme.com'
I get a different error: "Unable to fetch my node definition, but the agent run will continue: connection refused - connect(2)."
I then tried this command (with no explicit server designation):
puppet agent -t newManifest.pp
This time, I get this error:
"Unable to fetch my node definition, but the agent will continue: Network is unreachable."
In network two, I expect manifests to work. They never have.
I tried this with sshd_config to use ports 22, 443, 8140, and 61610 on both the Puppet Master and Puppet agent. When I use this from the puppet master:
puppet agent -t newManifest.pp --server='foobar.acme.com'
I get a different error: "Unable to fetch my node definition, but the agent run will continue: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol."
I tried again with sshd_config to not use any ports specifically. I recycled the sshd_config services. I run the same command:
puppet agent -t newManifest.pp --server='foobar.acme.com'
I get a different error: "Unable to fetch my node definition, but the agent run will continue: connection refused - connect(2)."
I then tried this command (with no explicit server designation):
puppet agent -t newManifest.pp
This time, I get this error:
"Unable to fetch my node definition, but the agent will continue: No route to host - connect(2)."
The errors between network one and two are different except when sshd_config is not using any specific ports and the command to compile the manifest explicitly sets the FQDN. Why is this? What is wrong? I have tried to set up Puppet twice just to fix the first instance. I cannot completely reproduce the specific problems in the first network.
How do I get the Puppet Master server to compile a manifest? The puppet agents have signed certificates. I don't understand why the compilation of the manifests always fails.
↧