multiple Puppet masters with Foreman -- 'sproke
204 views
Skip to first unread message
Peter Berghold
Feb 24, 2015, 1:45:37 PM2/24/15
to puppet-users
Using crude ascii art, here is what I have set up so far in my lab..
--
[Foreman/Puppet Grand Master] <-- foreman-proxy here
^
|
V
[Puppet Remote Master] <-- foreman-proxy running here.
^
|
V
[Simulated Remote Client]
The Foreman/Puppet Grand Master seem to be working swimmingly so far. The Remote Master is getting its directions from the Grand Master. So far so good.
Add the client and things start getting sideways. When I run the Puppet agent on the remote client I get an error such that:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node FQDN: Failed to find FQDN via exec: Execution of '/etc/puppet/node.rb FQDN' returned 1:
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I went over to the Grand Master and ran the /etc/puppet/node.rb from the command line and it complains that it cannot find the yaml file in its proper place. OK so I went over to the remote master and sure enough it was there.
Needless to say Foreman has no idea the host is there.
What's the right electric acid Kool Aid foo to make this work correctly? It would seem the YAML file needs to be on the Grand Master and not the remote master... or does it? Is there a way the foreman-proxy can help here?
Peter L. Berghold Salty....@gmail.com
David Schmitt
Feb 24, 2015, 2:04:45 PM2/24/15
to puppet...@googlegroups.com
Hi Peter,
you might be running into http://projects.theforeman.org/issues/5925 .
I'm wondering whether subsequent runs work.
Also, the node.rb will run on the remote client's puppet master, so,
probably your "Remote Master". Since the default node.rb from foreman
requires this yaml file, it'll not work on your "Grand Master" unless
the agent has tried to contact that one too.
Regards, David
> Peter L. Berghold Salty....@gmail.com <mailto:Salty....@gmail.com>
>
> h <http://blog.berghold.net>ttp://science-fiction.berghold.net
> <http://science-fiction.berghold.net>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users...@googlegroups.com
> <mailto:puppet-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
* Always looking for people I can help with awesome projects *
Twitter: @dev_el_ops G+: https://plus.google.com/+DavidSchmitt
Blog: http://club.black.co.at/log/
LinkedIn: http://at.linkedin.com/in/davidschmitt
you might be running into http://projects.theforeman.org/issues/5925 .
I'm wondering whether subsequent runs work.
Also, the node.rb will run on the remote client's puppet master, so,
probably your "Remote Master". Since the default node.rb from foreman
requires this yaml file, it'll not work on your "Grand Master" unless
the agent has tried to contact that one too.
Regards, David
>
> h <http://blog.berghold.net>ttp://science-fiction.berghold.net
> <http://science-fiction.berghold.net>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users...@googlegroups.com
> <mailto:puppet-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
* Always looking for people I can help with awesome projects *
Twitter: @dev_el_ops G+: https://plus.google.com/+DavidSchmitt
Blog: http://club.black.co.at/log/
LinkedIn: http://at.linkedin.com/in/davidschmitt
Peter Berghold
Feb 24, 2015, 3:09:53 PM2/24/15
to puppet...@googlegroups.com
What it looks like to me is going on is the YML file for the host ends up on the Remote Master (which I can verify by looking for it) and the node.rb is running on the Grand Master. Since the YML files isn't on the Grand Master the lookup (of course) fails. So the real question is can we make the YML file go to the Grand Master.
To that end I played with a couple of settings
Here is a partial dump of what I have in the puppet.conf file for the Remote Master:
[master]
storeconfigs = true
storeconfigs_backend = puppetdb
inventory_server =<Grand Master FQDN>
autosign = $confdir/autosign.conf { mode = 664 }
reports = foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec
I found a reference to an inventory server in the Puppet docs but that seems to have had no effect on the problem. What I'm wondering about is the "external_node" and "node_terminus" settings. Are those correct for what I'm trying to do or should that be something else?
> Peter L. Berghold Salty....@gmail.com <mailto:Salty.Cowdawg@gmail.com>
>
> h <http://blog.berghold.net>ttp://science-fiction.berghold.net
> <http://science-fiction.berghold.net>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscribe@googlegroups.com
> <mailto:puppet-users+unsub...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
* Always looking for people I can help with awesome projects *
Twitter: @dev_el_ops G+: https://plus.google.com/+DavidSchmitt
Blog: http://club.black.co.at/log/
LinkedIn: http://at.linkedin.com/in/davidschmitt
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54EC84DD.8090400%40dasz.at.
David Schmitt
Feb 24, 2015, 3:41:57 PM2/24/15
to puppet...@googlegroups.com
On 2015-02-24 16:09, Peter Berghold wrote:
> What it looks like to me is going on is the YML file for the host ends
> up on the Remote Master (which I can verify by looking for it) and the
> node.rb is running on the Grand Master. Since the YML files isn't on the
> Grand Master the lookup (of course) fails. So the real question is can
> we make the YML file go to the Grand Master.
>
> To that end I played with a couple of settings
>
> Here is a partial dump of what I have in the puppet.conf file for the
> Remote Master:
>
> [master]
> storeconfigs = true
> storeconfigs_backend = puppetdb
> inventory_server =<Grand Master FQDN>
> autosign = $confdir/autosign.conf { mode = 664 }
> reports = foreman
> external_nodes = /etc/puppet/node.rb
> node_terminus = exec
>
> I found a reference to an inventory server in the Puppet docs but that
> seems to have had no effect on the problem. What I'm wondering about is
> the "external_node" and "node_terminus" settings. Are those correct for
> what I'm trying to do or should that be something else?
Those are correct and will cause this process to locally (on the master)
> What it looks like to me is going on is the YML file for the host ends
> up on the Remote Master (which I can verify by looking for it) and the
> node.rb is running on the Grand Master. Since the YML files isn't on the
> Grand Master the lookup (of course) fails. So the real question is can
> we make the YML file go to the Grand Master.
>
> To that end I played with a couple of settings
>
> Here is a partial dump of what I have in the puppet.conf file for the
> Remote Master:
>
> [master]
> storeconfigs = true
> storeconfigs_backend = puppetdb
> inventory_server =<Grand Master FQDN>
> autosign = $confdir/autosign.conf { mode = 664 }
> reports = foreman
> external_nodes = /etc/puppet/node.rb
> node_terminus = exec
>
> I found a reference to an inventory server in the Puppet docs but that
> seems to have had no effect on the problem. What I'm wondering about is
> the "external_node" and "node_terminus" settings. Are those correct for
> what I'm trying to do or should that be something else?
execute the node.rb to receive ENC information.
Please re-test whether running node.rb on the master having the right
YML file still fails.
Regards, David
> http://projects.theforeman.__org/issues/5925
> <mailto:Salty....@gmail.com>>
> >
> > h <http://blog.berghold.net>ttp:__//science-fiction.berghold.net
> <http://science-fiction.berghold.net>
> > <http://science-fiction.__berghold.net
> <http://science-fiction.berghold.net>>
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to puppet-users+unsubscribe@__googlegroups.com
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> <mailto:puppet-users%2Bunsu...@googlegroups.com>
> > <mailto:puppet-users+...@googlegroups.com
> <mailto:puppet-users%2Bunsu...@googlegroups.com>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/__msgid/puppet-users/__CAArvnv2Hnia87teGgq8Wt%__3DpzSJOvUTgesHH1F7mkvFy1WTsGFA__%40mail.gmail.com
> >
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com>
> >
> <https://groups.google.com/d/__msgid/puppet-users/__CAArvnv2Hnia87teGgq8Wt%__3DpzSJOvUTgesHH1F7mkvFy1WTsGFA__%40mail.gmail.com?utm_medium=__email&utm_source=footer
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv2Hnia87teGgq8Wt%3DpzSJOvUTgesHH1F7mkvFy1WTsGFA%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
> > For more options, visit https://groups.google.com/d/__optout
> <https://groups.google.com/d/optout>.
>
>
> --
> * Always looking for people I can help with awesome projects *
> Twitter: @dev_el_ops G+: https://plus.google.com/+__DavidSchmitt
>
> --
> * Always looking for people I can help with awesome projects *
> LinkedIn: http://at.linkedin.com/in/__davidschmitt
> <http://at.linkedin.com/in/davidschmitt>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to puppet-users+unsubscribe@__googlegroups.com
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it,
> <mailto:puppet-users%2Bunsu...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/__msgid/puppet-users/54EC84DD.__8090400%40dasz.at
> <https://groups.google.com/d/msgid/puppet-users/54EC84DD.8090400%40dasz.at>.
> For more options, visit https://groups.google.com/d/__optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users...@googlegroups.com
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> <mailto:puppet-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAArvnv0pgT7XvZQktxxVMb-SMNP53AA4eQQ0bz5_DPkmL6GU7Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv0pgT7XvZQktxxVMb-SMNP53AA4eQQ0bz5_DPkmL6GU7Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Peter Berghold
Feb 24, 2015, 5:43:48 PM2/24/15
to puppet...@googlegroups.com
FOUND IT!
It was a comedy of errors. The perms on the node.rb script were wrong (not sure how they got that way, but...) and not only that there was some residual configuration issues from an experiment I did two weeks ago that was pointing to the hostname pocforman.<domain> instead of the FQDN of the Foreman host which caused a mismatch on the cert names.
It was a comedy of errors. The perms on the node.rb script were wrong (not sure how they got that way, but...) and not only that there was some residual configuration issues from an experiment I did two weeks ago that was pointing to the hostname pocforman.<domain> instead of the FQDN of the Foreman host which caused a mismatch on the cert names.
Once I got those two things corrected (found out through running the remote server in debug mode) it all started to work correctly.
on to the next thing... I'm working towards a demo of the infrastructure second week in March. Will be the "go/no go" for putting this in production.
> <mailto:Salty.Cowdawg@gmail.com> <mailto:Salty.Cowdawg@gmail.__com
> <mailto:Salty.Cowdawg@gmail.com>>
> >
> > h <http://blog.berghold.net>ttp:__//science-fiction.berghold.net
> <http://science-fiction.berghold.net>
> > <http://science-fiction.__berghold.net
> <http://science-fiction.berghold.net>>
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to puppet-users+unsubscribe@__googlegroups.com
> <mailto:puppet-users%2Bunsu...@googlegroups.com>
> > <mailto:puppet-users+__unsub...@googlegroups.com
> an email to puppet-users+unsubscribe@googlegroups.com
> <mailto:puppet-users+unsub...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAArvnv0pgT7XvZQktxxVMb-SMNP53AA4eQQ0bz5_DPkmL6GU7Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv0pgT7XvZQktxxVMb-SMNP53AA4eQQ0bz5_DPkmL6GU7Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
* Always looking for people I can help with awesome projects *
Twitter: @dev_el_ops G+: https://plus.google.com/+DavidSchmitt
Blog: http://club.black.co.at/log/
LinkedIn: http://at.linkedin.com/in/davidschmitt
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54EC9BAE.9060205%40dasz.at.
Reply all
Reply to author
Forward
0 new messages