I’m getting started with puppet on ec2 using the following guide.
https://help.ubuntu.com/12.04/serverguide/puppet.html
In the very last step when I try to sign the puppet client from the puppet master I get the following error
root@ip-10-248-27-66:/home/ubuntu# puppetca --sign ec2-54-245-56-210.us-west-2.compute.amazonaws.com
err: Could not call sign: Could not find certificate request for ec2-54-245-56-210.us-west-2.compute.amazonaws.com
Here is the output of /etc/hosts on the puppetmaster
127.0.0.1 localhost puppetmaster
10.248.34.162 ec2-54-245-56-210.us-west-2.compute.amazonaws.com puppet
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Here is the output of /etc/hosts on the puppet client
127.0.0.1 localhost
10.248.27.66 ec2-50-112-220-110.us-west-2.compute.amazonaws.com puppetmaster
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
I followed the troubleshooting advice here https://serverfault.com/a/388973/85577
Is the master running?
root@ip-10-248-27-66:/home/ubuntu# service puppetmaster status
* master is running
Does the hostname ‘puppet’ or ‘puppet.abc.com’ resolve from the agent?
How would I check this? Do I simply telnet to puppetmaster on port 8140 (the host command does not resolve it but the telnet command does)?
root@ip-10-248-34-162:/home/ubuntu# host puppetmaster
Host puppetmaster not found: 3(NXDOMAIN)
Is TCP port 8140 on the master reachable from the agent (try: telnet puppet 8140)?
root@ip-10-248-34-162:/home/ubuntu# telnet puppetmaster 8140
Trying 10.248.27.66...
Connected to ec2-50-112-220-110.us-west-2.compute.amazonaws.com.
Escape character is '^]'.
What does syslog on the agent say?
Apr 11 17:57:41 ip-10-248-34-162 puppet-agent[3897]: Could not request certificate: getaddrinfo: Name or service not known
Try puppet agent —test on the agent, which will attempt to connect to the master and stay in foreground to show the output.
root@ip-10-248-34-162:/home/ubuntu# puppet agent --test
err: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled
EDIT
Thanks dawud so the entries in /etc/hosts are correct per this command
$ getent hosts puppetmaster
10.248.27.66 ec2-50-112-220-110.us-west-2.compute.amazonaws.com puppetmaster
however when I try this I get an error
$ puppet agent --test --waitforcert 5
err: Could not request certificate: Connection refused - connect(2)
err: Could not request certificate: Connection refused - connect(2)
Written by:
I’m new to puppet, but picking it up quickly. Today, I’m running into an issue when trying to run the following:
$ puppet agent --no-daemonize --verbose --onetime **err: Could not request certificate: getaddrinfo: Name or service not known Exiting; failed to retrieve certificate and waitforcert is disabled**
It would appear the agent doesn’t know what server to connect to. I could just specify --server on the command line, but that will be of no use to me when this runs as a daemon in production, so instead, I specify the server name in /etc/puppet/puppet.conf like so:
[main]
server = puppet.<my domain>
I do have a DNS entry for puppet.<my domain> and if I dig puppet.<my domain>, I see that the name resolves correctly.
All puppet documentation I have read states that the agent tries to connect to a puppet master at puppet by default and your options are host file trickery or do the right thing, create a CNAME in DNS, and edit the puppet.conf accordingly, which I have done.
So what am I missing? Any help is greatly appreciated!
D’oh! Need to sudo to do this! Then everything works.
I actually had the same error but I was using the two learning puppet vm and trying run the ‘puppet agent –test’ command.
I solved the problem by opening the file /etc/hosts on both the master and the agent vm and the line
***.***.***.*** learn.localdomain learn puppet.localdomain puppet
The ip address (the asterisks) was originally some random number. I had to change this number on both vm so that it was the ip address of the master node.
So I guess for experienced users my advice is to check the /etc/hosts file to make sure that the ip addresses in here for the master and agent not only match but are the same as the ip address of the master.
for other noobs like me my advice is to read the documentation more clearly. This was a step in the ‘setting up an agent vm’ process the I totally missed xD
I had to use the --server flag:
sudo puppet agent --noop --server=puppet.example.org
Article Number
000001626
Applies To
RSA Product Set: RSA NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: Puppet, Head Unit / NetWitness Server, NetWitness Appliances, NetWitness Virtual Machines
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
O/S Version: 6
Issue
When running `puppet agent -t`, the puppet agent produces the following error (which can also be found in /var/log/messages):
Error: Could not request certificate: getaddrinfo: Temporary failure in name resolution
Cause
This error is produced on hosts where the puppetmaster server has not been correctly defined in either /etc/puppet/puppet.conf or /etc/hosts.
Note: This issue is most likely to occur when attempting to reprovision a host to re-add it to the puppet-based trust model.
- In /etc/puppet/puppet.conf, the line is in the ‘agent’ section and starts with ‘server’:
[agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig server = puppetmaster.local
- In /etc/hosts, ensure that puppetmaster.local is defined.
- On the NetWitness Server which hosts the puppetmaster service, /etc/hosts should start with the following lines where the puppetmaster.local is defined in the IPv4 loopback (shown in green)
# cat /etc/hosts
# Created by NetWitness Installer on Mon Dec 28 23:14:57 UTC 2015
127.0.0.1 <nw_server_hostname> localhost localhost.localdomain localhost4 localhost4.localdomain4 puppetmaster.local
::1 <nw_server_hostname> localhost localhost.localdomain localhost6 localhost6.localdomain6
-
On the other NetWitness Hosts (whether appliances or virtual), a static entry needs to be present in /etc/hosts to resolve puppetmaster.local
<IP_of_nw_server> puppetmaster.local
Resolution
To resolve the issue, follow the steps below.
- SSH to the host where the issue is being seen.
- Determine if puppetmaster.local is missing from /etc/puppet/puppet.conf or /etc/hosts. Run the following commands to examine these files:
cat /etc/hosts cat /etc/puppet/puppet.conf
- If puppetmaster.local is not present in /etc/hosts, add an entry.
- If /etc/puppet/puppet.conf is missing the server line, edit the file using: vi /etc/puppet/puppet.conf
- Add «server = puppetmaster.local» as per below screenshot if this is missing (doesn’t need to be the last line but does need to be under the [agent] section)
Image description
- Run puppet agent -t
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
Notes
This issue does not occur in RSA NetWitness Platform v11.x (as puppet has been replaced by salt and chef).
Я новичок в кукольном деле, но быстро схватываю. Сегодня я столкнулся с проблемой при попытке запустить следующее:
$ puppet agent --no-daemonize --verbose --onetime
**err: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled**
Создается впечатление, что агент не знает, к какому серверу подключаться. Я мог бы просто указать --server в командной строке, но мне это бесполезно, когда он работает как демон в производственной среде, поэтому вместо этого я указываю имя сервера в /etc/puppet/puppet.conf следующим образом:
[main]
server = puppet.<my domain>
I do иметь запись DNS для puppet.<my domain> и если я dig puppet.<my domain>, я вижу, что имя разрешается правильно.
Во всей документации по puppet, которую я прочитал, говорится, что агент пытается подключиться к мастеру puppet на puppet по умолчанию, и ваши варианты — обман с файлом хоста или сделать правильно, создать CNAME в DNS и соответствующим образом отредактировать puppet.conf, что я и сделал.
Итак, что мне не хватает? Любая помощь приветствуется!