Configuration Management
Jump to navigation
Jump to search
Puppet
Puppet version 5 tends to get into defunct states where it will not work and will not provide any useful error messages.
Here are the steps I used to install version 5 (from Puppet's repository) on a master and a node that previously had version 3 installed (from Ubuntu repository).
Puppet repo:
- /etc/puppetlabs/{code,mcollective,puppet,puppetdb,puppetserver,pxp-agent}
Ubuntu repo:
- /etc/puppet/puppet/
- /var/lib/puppet/...
On the master:
root@server ~ $ puppet resource service puppetserver ensure=stopped root@server ~ $ mv /etc/puppet /etc/puppet_old root@server ~ $ mv /var/lib/puppet /var/lib/puppet_old root@server ~ $ wget 'https://apt.puppet.com/puppet5-release-xenial.deb' root@server ~ $ dpkg -i puppet5-release-xenial.deb root@server ~ $ apt-get update root@server ~ $ apt-get install puppet-agent puppetserver puppetdb root@server ~ $ puppet resource service puppetserver ensure=stopped root@server ~ $ rm -rf /opt/puppetlabs/puppet/ssl/ root@server ~ $ rm -rf /etc/puppetlabs/puppet/ssl/ root@server ~ $ puppet resource service puppetserver ensure=running root@server ~ $ puppet resource service puppetdb ensure=running root@server ~ $ tree /etc/puppetlabs/puppet/ssl/ /etc/puppetlabs/puppet/ssl/ ├── ca │ ├── ca_crl.pem │ ├── ca_crt.pem │ ├── ca_key.pem │ ├── ca_pub.pem │ ├── infra_crl.pem │ ├── infra_inventory.txt │ ├── infra_serials │ ├── inventory.txt │ ├── root_key.pem │ ├── serial │ └── signed │ └── puppetmaster.jeremybryansmith.com.pem ├── certs │ ├── ca.pem │ └── puppetmaster.jeremybryansmith.com.pem ├── crl.pem ├── private_keys │ └── puppetmaster.jeremybryansmith.com.pem └── public_keys └── puppetmaster.jeremybryansmith.com.pem 5 directories, 16 files
On the nodes:
root@node ~ $ puppet resource service puppet ensure=stopped # If previously installed root@node ~ $ mv /etc/puppet /etc/puppet_old root@node ~ $ mv /var/lib/puppet /var/lib/puppet_old root@node ~ $ wget 'https://apt.puppet.com/puppet5-release-xenial.deb' root@node ~ $ dpkg -i puppet5-release-xenial.deb root@node ~ $ apt-get update root@node ~ $ apt-get install puppet-agent root@node ~ $ puppet resource service puppet ensure=stopped root@node ~ $ puppet config print ssldir --section agent /etc/puppetlabs/puppet/ssl root@node ~ $ rm -rf /opt/puppetlabs/puppet/ssl/ root@node ~ $ rm -rf /etc/puppetlabs/puppet/ssl/ root@node ~ $ root@latitude:~# nmap puppetmaster.jeremybryansmith.com -p 8140 Starting Nmap 7.60 ( https://nmap.org ) at 2020-03-13 09:58 EDT Nmap scan report for puppetmaster.jeremybryansmith.com (104.131.32.175) Host is up (0.070s latency). PORT STATE SERVICE 8140/tcp open puppet root@node ~ $ echo "" | openssl s_client -servername puppetmaster.jeremybryansmith.com -connect puppetmaster.jeremybryansmith.com:8140 | grep 'CN =' depth=0 CN = puppetmaster.jeremybryansmith.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = puppetmaster.jeremybryansmith.com verify error:num=21:unable to verify the first certificate verify return:1 DONE 0 s:CN = puppetmaster.jeremybryansmith.com i:CN = Puppet CA: puppetmaster.jeremybryansmith.com subject=CN = puppetmaster.jeremybryansmith.com issuer=CN = Puppet CA: puppetmaster.jeremybryansmith.com CN = Puppet CA: puppetmaster.jeremybryansmith.com root@node ~ $ puppet agent --test --noop --waitforcert 60 Info: Creating a new SSL key for latitude.jbsnet.xyz Error: request https://puppetmaster.jeremybryansmith.com:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP connection to puppetmaster.jeremybryansmith.com:8140 (Connection refused - connect(2) for "puppetmaster.jeremybryansmith.com" port 8140) Error: request https://puppetmaster.jeremybryansmith.com:8140//puppet-ca/v1/certificate/ca failed: Failed to open TCP connection to puppetmaster.jeremybryansmith.com:8140 (Connection refused - connect(2) for "puppetmaster.jeremybryansmith.com" port 8140) ...
On the master:
root@server ~ $ puppetserver ca list Requested Certificates: latitude.jbsnet.xyz (SHA256) E2:4B:0C:3D:D7:DE:14:2A:A0:EC:93:E3:2E:8C:78:51:D4:07:FF:A0:BE:A6:FC:66:FF:7B:54:F4:D5:4A:B0:37 root@server ~ $ puppetserver ca sign --certname latitude.jbsnet.xyz Successfully signed certificate request for latitude.jbsnet.xyz
On the nodes:
root@node ~ $ puppet agent --test --noop
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 500 on SERVER: Server Error: Could not retrieve facts for latitude.jbsnet.xyz: Could not find terminus puppetdb for indirection facts
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Could not find terminus puppetdb for indirection facts
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run