Re: [Puppet Users] Puppet client not listening on port 8139
576 views
Skip to first unread message
Gabriel Filion
Oct 10, 2012, 11:50:07 AM10/10/12
to puppet...@googlegroups.com, Pondy
On 2012-10-10 02:35, Pondy wrote:
> Hi everyone,
>
> Please help, I have built a new server and installed puppet (2.6.17)
> running on RHEL 6.3. It seems that it is not listening on port 8139.
By default, puppet listens on 8140, not 8139. And your configuration
doesn't seem to be specifying an alternative port.
maybe that's what you ought to looking for?
tcp 0 0 0.0.0.0:8140 0.0.0.0:*
LISTEN 18794/ruby1.8
> iptables -L:
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> /etc/puppet/puppet.conf:
> [main]
> # The Puppet log directory.
> # The default value is '$vardir/log'.
> logdir = /var/log/puppet
>
> # Where Puppet PID files are kept.
> # The default value is '$vardir/run'.
> rundir = /var/run/puppet
>
> # Where SSL certificates are kept.
> # The default value is '$confdir/ssl'.
> ssldir = $vardir/ssl
>
> [agent]
> # The file in which puppetd stores a list of the classes
> # associated with the retrieved configuratiion. Can be loaded in
> # the separate ``puppet`` executable using the ``--loadclasses``
> # option.
> # The default value is '$confdir/classes.txt'.
> classfile = $vardir/classes.txt
>
> # Where puppetd caches the local configuration. An
> # extension indicating the cache format is added automatically.
> # The default value is '$confdir/localconfig'.
> localconfig = $vardir/localconfig
> listen = true
> server = mypuppet server.fqdn
>
> /etc/puppet/namespaceauth.conf:
> [puppetmaster]
> allow mypuppet server.fqdn
>
> /etc/puppet/auth.conf:
> # This is an example auth.conf file, it mimics the puppetmasterd defaults
> #
> # The ACL are checked in order of appearance in this file.
> #
> # Supported syntax:
> # This file supports two different syntax depending on how
> # you want to express the ACL.
> #
> # Path syntax (the one used below):
> # ---------------------------------
> # path /path/to/resource
> # [environment envlist]
> # [method methodlist]
> # [auth[enthicated] {yes|no|on|off|any}]
> # allow [host|ip|*]
> # deny [host|ip]
> #
> # The path is matched as a prefix. That is /file match at
> # the same time /file_metadat and /file_content.
> #
> # Regex syntax:
> # -------------
> # This one is differenciated from the path one by a '~'
> #
> # path ~ regex
> # [environment envlist]
> # [method methodlist]
> # [auth[enthicated] {yes|no|on|off|any}]
> # allow [host|ip|*]
> # deny [host|ip]
> #
> # The regex syntax is the same as ruby ones.
> #
> # Ex:
> # path ~ .pp$
> # will match every resource ending in .pp (manifests files for instance)
> #
> # path ~ ^/path/to/resource
> # is essentially equivalent to path /path/to/resource
> #
> # environment:: restrict an ACL to a specific set of environments
> # method:: restrict an ACL to a specific set of methods
> # auth:: restrict an ACL to an authenticated or unauthenticated request
> # the default when unspecified is to restrict the ACL to authenticated
> requests
> # (ie exactly as if auth yes was present).
> #
>
> ### Authenticated ACL - those applies only when the client
> ### has a valid certificate and is thus authenticated
>
> # allow nodes to retrieve their own catalog (ie their configuration)
> path ~ ^/catalog/([^/]+)$
> method find
> allow $1
>
> # allow all nodes to access the certificates services
> path /certificate_revocation_list/ca
> method find
> allow *
>
> # allow all nodes to store their reports
> path /report
> method save
> allow *
>
> # Puppetrun settings
> path /run
> allow mypuppet server fqdn
>
> # inconditionnally allow access to all files services
> # which means in practice that fileserver.conf will
> # still be used
> path /file
> allow *
>
> ### Unauthenticated ACL, for clients for which the current master doesn't
> ### have a valid certificate
>
> # allow access to the master CA
> path /certificate/ca
> auth no
> method find
> allow *
>
> path /certificate/
> auth no
> method find
> allow *
>
> path /certificate_request
> auth no
> method find, save
> allow *
>
> # this one is not stricly necessary, but it has the merit
> # to show the default policy which is deny everything else
> path /
> auth any
>
> It seems as though the puppet is running:
> 4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd
> --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log
>
> But I cant even telnet to port 8139 on the localhost to test that the
> port is open.
>
> Can any one please help?
>
> Any suggestions welcome, I have copied the /etc/puppet/*.conf files from
> another working server.
>
> Please Help!
--
Gabriel Filion
> Hi everyone,
>
> Please help, I have built a new server and installed puppet (2.6.17)
> running on RHEL 6.3. It seems that it is not listening on port 8139.
By default, puppet listens on 8140, not 8139. And your configuration
doesn't seem to be specifying an alternative port.
maybe that's what you ought to looking for?
tcp 0 0 0.0.0.0:8140 0.0.0.0:*
LISTEN 18794/ruby1.8
> iptables -L:
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> /etc/puppet/puppet.conf:
> [main]
> # The Puppet log directory.
> # The default value is '$vardir/log'.
> logdir = /var/log/puppet
>
> # Where Puppet PID files are kept.
> # The default value is '$vardir/run'.
> rundir = /var/run/puppet
>
> # Where SSL certificates are kept.
> # The default value is '$confdir/ssl'.
> ssldir = $vardir/ssl
>
> [agent]
> # The file in which puppetd stores a list of the classes
> # associated with the retrieved configuratiion. Can be loaded in
> # the separate ``puppet`` executable using the ``--loadclasses``
> # option.
> # The default value is '$confdir/classes.txt'.
> classfile = $vardir/classes.txt
>
> # Where puppetd caches the local configuration. An
> # extension indicating the cache format is added automatically.
> # The default value is '$confdir/localconfig'.
> localconfig = $vardir/localconfig
> listen = true
> server = mypuppet server.fqdn
>
> /etc/puppet/namespaceauth.conf:
> [puppetmaster]
> allow mypuppet server.fqdn
>
> /etc/puppet/auth.conf:
> # This is an example auth.conf file, it mimics the puppetmasterd defaults
> #
> # The ACL are checked in order of appearance in this file.
> #
> # Supported syntax:
> # This file supports two different syntax depending on how
> # you want to express the ACL.
> #
> # Path syntax (the one used below):
> # ---------------------------------
> # path /path/to/resource
> # [environment envlist]
> # [method methodlist]
> # [auth[enthicated] {yes|no|on|off|any}]
> # allow [host|ip|*]
> # deny [host|ip]
> #
> # The path is matched as a prefix. That is /file match at
> # the same time /file_metadat and /file_content.
> #
> # Regex syntax:
> # -------------
> # This one is differenciated from the path one by a '~'
> #
> # path ~ regex
> # [environment envlist]
> # [method methodlist]
> # [auth[enthicated] {yes|no|on|off|any}]
> # allow [host|ip|*]
> # deny [host|ip]
> #
> # The regex syntax is the same as ruby ones.
> #
> # Ex:
> # path ~ .pp$
> # will match every resource ending in .pp (manifests files for instance)
> #
> # path ~ ^/path/to/resource
> # is essentially equivalent to path /path/to/resource
> #
> # environment:: restrict an ACL to a specific set of environments
> # method:: restrict an ACL to a specific set of methods
> # auth:: restrict an ACL to an authenticated or unauthenticated request
> # the default when unspecified is to restrict the ACL to authenticated
> requests
> # (ie exactly as if auth yes was present).
> #
>
> ### Authenticated ACL - those applies only when the client
> ### has a valid certificate and is thus authenticated
>
> # allow nodes to retrieve their own catalog (ie their configuration)
> path ~ ^/catalog/([^/]+)$
> method find
> allow $1
>
> # allow all nodes to access the certificates services
> path /certificate_revocation_list/ca
> method find
> allow *
>
> # allow all nodes to store their reports
> path /report
> method save
> allow *
>
> # Puppetrun settings
> path /run
> allow mypuppet server fqdn
>
> # inconditionnally allow access to all files services
> # which means in practice that fileserver.conf will
> # still be used
> path /file
> allow *
>
> ### Unauthenticated ACL, for clients for which the current master doesn't
> ### have a valid certificate
>
> # allow access to the master CA
> path /certificate/ca
> auth no
> method find
> allow *
>
> path /certificate/
> auth no
> method find
> allow *
>
> path /certificate_request
> auth no
> method find, save
> allow *
>
> # this one is not stricly necessary, but it has the merit
> # to show the default policy which is deny everything else
> path /
> auth any
>
> It seems as though the puppet is running:
> 4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd
> --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log
>
> But I cant even telnet to port 8139 on the localhost to test that the
> port is open.
>
> Can any one please help?
>
> Any suggestions welcome, I have copied the /etc/puppet/*.conf files from
> another working server.
>
> Please Help!
--
Gabriel Filion
Jo Rhett
Oct 10, 2012, 2:30:03 PM10/10/12
to puppet...@googlegroups.com
On Oct 9, 2012, at 11:35 PM, Pondy wrote:
Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139.
...
It seems as though the puppet is running:4074 ? Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log
That's the puppet client. You want to start the puppetmaster with "service puppetmaster start" to get the server.
As per the other replier, default port is 8140 unless you've changed it in the config.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.Pondy
Oct 10, 2012, 6:37:43 PM10/10/12
to puppet...@googlegroups.com
Hi All, thanks for your input. So, I am talking about the puppet client. The puppet master server and all other clients seem to be working ok. I am also unable to telnet locally to port 8139 or 8140.
Gabriel Filion
Oct 10, 2012, 7:46:07 PM10/10/12
to puppet...@googlegroups.com
On 2012-10-10 18:37, Pondy wrote:
> Hi All, thanks for your input. So, I am talking about the puppet client.
ah oops sorry, I'm not used to dealing with this option :\ my bad
> Hi All, thanks for your input. So, I am talking about the puppet client.
> The puppet master server and all other clients seem to be working ok. I
> am also unable to telnet locally to port 8139 or 8140.
no iptables rules, and you do have "listen = true" in your puppet.conf.
do you see the port as open and listening with netstat?
--
Gabriel Filion
Pondy
Oct 10, 2012, 9:58:42 PM10/10/12
to puppet...@googlegroups.com
Hi Gabrielle,
Yes, I have listen = true and I cannot see that port open with netstat... I am truly confused, theres not much showing in the logs either.
Thanks!
Josh Cooper
Oct 11, 2012, 11:06:56 AM10/11/12
to puppet...@googlegroups.com
Hi,
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Try running with --debug. Note you'll need to provide an auth.conf on the client otherwise no one will be allowed to connect, and puppet will ignore the listen setting.
Josh
Reply all
Reply to author
Forward
0 new messages