Getting Puppetd To Work

Robert L Cochran cochranb at speakeasy.net
Sun Jun 21 15:07:38 UTC 2009 

On 06/21/2009 10:32 AM, Todd Zullinger wrote:
> Robert L Cochran wrote:
>    
>>> If you have local DNS setup, you can add puppet as a CNAME for your
>>> server.  If not, you could add it to /etc/hosts.  I've always done the
>>> former.
>>>
>>>        
>> Okay, so that would work like this:
>>
>>
>> puppet.                              CNAME     deafeng3.signtype.info.
>> deafeng3.signtype.info     A               192.168.4.75
>>      
>
> You _may_ not want the . at the end of puppet., as that will make the
> fqdn puppet, rather than puppet.signtype.info.
>
> I'm not positive that it will matter or not.  You just want to be sure
> that the certificate names match, otherwise puppet will fail to verify
> those certificates and you'll get new errors when you try to connect
> to the puppetmaster. :)
>    

I left my puppetmaster server and puppet client running with 'puppet.' 
in the CNAME record instead 'puppet' in hopes of seeing what happens 
when the client tries to connect to the puppet master. Look at these 
messages in /var/log/messages that I got just now. What do you think of 
these?

Jun 21 10:52:32 deafeng3 puppetmasterd[3281]: Compiled catalog for 
deafeng3.signtype.info in 0.02 seconds
Jun 21 10:52:32 deafeng3 puppetd[3339]: Starting catalog run
Jun 21 10:52:32 deafeng3 puppetd[3339]: Finished catalog run in 0.02 seconds


Does this indicate success?

Look at what happens when I try to ping 'puppet':

[rlc at deafeng3 ~]$ ping -c3 puppet
PING deafeng3.signtype.info (192.168.1.46) 56(84) bytes of data.
64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=1 ttl=64 
time=0.101 ms
64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=2 ttl=64 
time=0.106 ms
64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=3 ttl=64 
time=0.103 ms

To get the above result I did one other thing. I edited /etc/hosts to 
indicate that puppet is an alias for this machine. However I have not 
restarted networking yet. Here is the edit I made:

192.168.1.46    deafeng3.signtype.info deafeng3 puppet

I'm at the very start of the puppet tutorial where I just try to get the 
puppet client on the same machine as the puppetmaster to work with the 
sudo.pp class. I haven't yet tried to get a puppet client on a different 
machine to connect to the server.

It looks like each time the puppet client tries to connect to the 
server, it possibly issues an ifconfig. I haven't looked at the source 
to confirm that. Look at these messages from Selinux:

Jun 21 10:52:33 deafeng3 setroubleshoot: SELinux is preventing ifconfig 
(ifconfig_t) "read" security_t. For complete SELinux messages. run 
sealert -l 0c1fa1a8-f807-4016-947c-ffbb64975302
Jun 21 10:52:33 deafeng3 setroubleshoot: SELinux is preventing ifconfig 
(ifconfig_t) "read" security_t. For complete SELinux messages. run 
sealert -l 0c1fa1a8-f807-4016-947c-ffbb64975302




>    
>> Feel free to correct me if I'm wrong. I'll give it a try pending
>> confirmation. This would be very helpful material in the
>> reductivelabs.com tutorial for puppet.
>>      
>
> I imagine generalizing it to note that the name of the puppetmaster
> defaults to puppet and that a CNAME or host entry should be present
> prior to starting the puppetmaster might be good.  That and the
> alternative of setting the server parameter in the config file.  It's
> been a while since I read through the docs from the beginning, so I
> don't know where the best location is for this or whether it's in
> there somewhere.
>
> It is a wiki though, so if you're reading along and find places that
> could be improved, feel free to add them.  (It's probably good to make
> notes locally and them come back to them after you've got things
> working to see which things still need improvement and which parts are
> actually clear once you've read through all the docs. :)
>    

Yes, taking notes is extremely important. I totally agree.

Bob

More information about the fedora-list mailing list