Help: OpenSource Puppet DB install on RedHat 6
130 views
Skip to first unread message
GregC
Jun 10, 2014, 4:18:23 PM6/10/14
to puppet...@googlegroups.com
I cannot get around the problem of connecting my Puppet Master 3.6 to PuppetDB 2.0.1 THis is the opensource version.
I installed the puppet and puppetdb from rpm packages.
I continually get this error:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Could not retrieve facts for xxx.com: Failed to submit 'replace facts' command for xxx.com to PuppetDB at xxx.com:8081: Connection refused - connect(2)
Warning: Error 400 on SERVER: Could not retrieve facts for xxx.com: Failed to submit 'replace facts' command for xxx.com to PuppetDB at xxx.com:8081: Connection refused - connect(2)
I've done all of the ssl-setup steps but no matter what I cannot get it to connect.
Any pointers would be appreciated,
Also I'm a bit confused on the environment settings. seems no matter what I do the Puppet Master wants to have an environment setup, IS THERE ANYWAY TO DIABLE it? which I have an environments/production directory with the mani
Here is the output of my error, is there anyway to disable or work around this issue.
José Luis Ledesma
Jun 10, 2014, 4:41:22 PM6/10/14
to puppet...@googlegroups.com
Hi
Are you sure puppetdb is listening in 8081? Is there any firewall?
Have you tried from the puppet master to do a telnet to puppetdb port 8081?
Regards
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/067ce46c-40ce-442f-af73-1a9207d56afe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
jcbollinger
Jun 11, 2014, 9:22:47 AM6/11/14
to puppet...@googlegroups.com
On Tuesday, June 10, 2014 3:18:23 PM UTC-5, GregC wrote:
I cannot get around the problem of connecting my Puppet Master 3.6 to PuppetDB 2.0.1 THis is the opensource version.I installed the puppet and puppetdb from rpm packages.I continually get this error:Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Could not retrieve facts for xxx.com: Failed to submit 'replace facts' command for xxx.com to PuppetDB at xxx.com:8081: Connection refused - connect(2)
This looks like the puppetdb port is being blocked by a firewall.
I've done all of the ssl-setup steps but no matter what I cannot get it to connect.Any pointers would be appreciated,Also I'm a bit confused on the environment settings. seems no matter what I do the Puppet Master wants to have an environment setup, IS THERE ANYWAY TO DIABLE it? which I have an environments/production directory with the mani
Not as such, no. Every node is assigned to an environment, which provides a context for compilation of its catalog. The default environment name is "production"; this is used if the environment is not specified any other way. But if you are using only the default environment and you have not enabled "directory environments" then you don't need to do anything special. All settings in the [master] section of your puppet.conf apply to the default environment, with missing values filled in from the [main] section. This is the longtime standard Puppet configuration style (albeit now deprecated; see http://docs.puppetlabs.com/puppet/latest/reference/environments_classic.html).
John
Ken Barber
Jun 11, 2014, 9:36:14 AM6/11/14
to Puppet Users
+1 ... the key error here is "connection refused". Which is a pretty
common networking error, and as an admin should you get to know about
this error intimately, it happens everywhere (not just PuppetDB).
What it implies is that you've received back an ICMP response from the
host implying that the port is not listening. Firewalls also drop
packets in this manner as well, but most well-configured ones just
silently drop packets (so usually you get "connection timed out"
instead).
So if you don't have any firewalls in the path (and that means
iptables based firewalls on the PDB host - check this with 'iptables
-vnL'), the main reason for this error is commonly: "its not listening
on the port or IP address you think it is". Try telnetting from the
master to the hostname and port that was specified in the message,
also - check on the PDB host that its even listening on port 8081 (a
netstat -anp | grep 8081 would be good for us to see, if you can't
work it out). Check your /etc/puppetdb/conf.d/jetty.ini file, and make
sure that ssl-host is set to listen on the IP you expect - setting it
to 0.0.0.0 (and restarting) usually solves this. And if none of this
helps, make sure the PDB box you are trying to telnet into here is
what you think it is, I've seen people make typos and all kinds of
strange things in this case :-).
ken.
> https://groups.google.com/d/msgid/puppet-users/CAF_B3dc6Sx3bFscCAsZaLqhqQGAM_DVW04HNiK7NfRF6Uactgw%40mail.gmail.com.
common networking error, and as an admin should you get to know about
this error intimately, it happens everywhere (not just PuppetDB).
What it implies is that you've received back an ICMP response from the
host implying that the port is not listening. Firewalls also drop
packets in this manner as well, but most well-configured ones just
silently drop packets (so usually you get "connection timed out"
instead).
So if you don't have any firewalls in the path (and that means
iptables based firewalls on the PDB host - check this with 'iptables
-vnL'), the main reason for this error is commonly: "its not listening
on the port or IP address you think it is". Try telnetting from the
master to the hostname and port that was specified in the message,
also - check on the PDB host that its even listening on port 8081 (a
netstat -anp | grep 8081 would be good for us to see, if you can't
work it out). Check your /etc/puppetdb/conf.d/jetty.ini file, and make
sure that ssl-host is set to listen on the IP you expect - setting it
to 0.0.0.0 (and restarting) usually solves this. And if none of this
helps, make sure the PDB box you are trying to telnet into here is
what you think it is, I've seen people make typos and all kinds of
strange things in this case :-).
ken.
GregC
Jun 12, 2014, 10:14:26 AM6/12/14
to puppet...@googlegroups.com
No issue with connection to puppetdb on port 8081. Overall connectivity looks good.
[root@hostname conf.d]# telnet puppetdb 8081
Trying XXX.XXX.XXX.XXX...
Connected to puppetdb.
Escape character is '^]'.
Trying XXX.XXX.XXX.XXX...
Connected to puppetdb.
Escape character is '^]'.
conf.d]# netstat -tpane|grep 80
tcp 0 0 127.0.0.1:5432 127.0.0.1:58512 ESTABLISHED 26 126802 19611/postgres
tcp 0 0 ::ffff:172.16.43.151:8080 :::* LISTEN 496 126760 19343/java
tcp 0 0 :::80 :::* LISTEN 0 12601 2537/httpd
tcp 0 0 :::8081 :::* LISTEN 496 126765 19343/java
tcp 0 0 ::ffff:127.0.0.1:58512 ::ffff:127.0.0.1:5432 ESTABLISHED 496 126801 19343/java
tcp 0 0 ::ffff:172.16.43.151:8081 ::ffff:172.16.43.151:33812 TIME_WAIT 0 0 -
tcp 0 0 127.0.0.1:5432 127.0.0.1:58512 ESTABLISHED 26 126802 19611/postgres
tcp 0 0 ::ffff:172.16.43.151:8080 :::* LISTEN 496 126760 19343/java
tcp 0 0 :::80 :::* LISTEN 0 12601 2537/httpd
tcp 0 0 :::8081 :::* LISTEN 496 126765 19343/java
tcp 0 0 ::ffff:127.0.0.1:58512 ::ffff:127.0.0.1:5432 ESTABLISHED 496 126801 19343/java
tcp 0 0 ::ffff:172.16.43.151:8081 ::ffff:172.16.43.151:33812 TIME_WAIT 0 0 -
I read about using this whitelist.txt file to resolve the 'replace facts' issue, but that does not seem to apply or work.
from /etc/puppetdb/conf.d/jetty.ini
certificate-whitelist = /etc/puppetdb/whitelist.txt
So my only remaining issue is reolving why it's throwing this error.
Ken Barber
Jun 12, 2014, 10:45:29 AM6/12/14
to Puppet Users
> No issue with connection to puppetdb on port 8081. Overall connectivity
> looks good.
>
> [root@hostname conf.d]# telnet puppetdb 8081
> Trying XXX.XXX.XXX.XXX...
> Connected to puppetdb.
> Escape character is '^]'.
I'm not sure this is the correct hostname, so I wouldn't trust these
> looks good.
>
> [root@hostname conf.d]# telnet puppetdb 8081
> Trying XXX.XXX.XXX.XXX...
> Connected to puppetdb.
> Escape character is '^]'.
test results. Looking back at your original error:
Failed to submit 'replace facts' command forxxx.com to PuppetDB at
You obfuscate the hostname with xxx.com ... test with _that_ hostname
(whatever it is). If that hostname is wrong, make sure you reflect the
correct setting in /etc/puppet/puppetdb.conf ... perhaps setting
server = puppetdb if that is the true hostname you wish to use. You
need to be careful though, if the SSL certificate doesn't have a
'puppetdb' alias you will get SSL errors.
> conf.d]# netstat -tpane|grep 80
> tcp 0 0 127.0.0.1:5432 127.0.0.1:58512
> ESTABLISHED 26 126802 19611/postgres
> tcp 0 0 ::ffff:172.16.43.151:8080 :::*
> LISTEN 496 126760 19343/java
> tcp 0 0 :::80 :::*
> LISTEN 0 12601 2537/httpd
> tcp 0 0 :::8081 :::*
> LISTEN 496 126765 19343/java
> tcp 0 0 ::ffff:127.0.0.1:58512 ::ffff:127.0.0.1:5432
> ESTABLISHED 496 126801 19343/java
> tcp 0 0 ::ffff:172.16.43.151:8081 ::ffff:172.16.43.151:33812
> TIME_WAIT 0 0 -
about replacing this with 0.0.0.0 in jetty.ini might make a
difference.
> I read about using this whitelist.txt file to resolve the 'replace facts'
> issue, but that does not seem to apply or work.
> from /etc/puppetdb/conf.d/jetty.ini
>
> certificate-whitelist = /etc/puppetdb/whitelist.txt
While setting a certificate-whitelist is a good idea, I would undo it
for now until we find the issue to make sure it doesn't cause other
problems.
> So my only remaining issue is reolving why it's throwing this error.
ken.
Ken Barber
Jun 12, 2014, 10:47:33 AM6/12/14
to Puppet Users
>> conf.d]# netstat -tpane|grep 80
>> tcp 0 0 127.0.0.1:5432 127.0.0.1:58512
>> ESTABLISHED 26 126802 19611/postgres
>> tcp 0 0 ::ffff:172.16.43.151:8080 :::*
>> LISTEN 496 126760 19343/java
>> tcp 0 0 :::80 :::*
>> LISTEN 0 12601 2537/httpd
>> tcp 0 0 :::8081 :::*
>> LISTEN 496 126765 19343/java
>> tcp 0 0 ::ffff:127.0.0.1:58512 ::ffff:127.0.0.1:5432
>> ESTABLISHED 496 126801 19343/java
>> tcp 0 0 ::ffff:172.16.43.151:8081 ::ffff:172.16.43.151:33812
>> TIME_WAIT 0 0 -
>
> So specifically here, its listening on 172.16.43.151 ... my suggestion
> about replacing this with 0.0.0.0 in jetty.ini might make a
> difference.
Actually I'm wrong - it is listening on 0.0.0.0 already. I just had
>> tcp 0 0 127.0.0.1:5432 127.0.0.1:58512
>> ESTABLISHED 26 126802 19611/postgres
>> tcp 0 0 ::ffff:172.16.43.151:8080 :::*
>> LISTEN 496 126760 19343/java
>> tcp 0 0 :::80 :::*
>> LISTEN 0 12601 2537/httpd
>> tcp 0 0 :::8081 :::*
>> LISTEN 496 126765 19343/java
>> tcp 0 0 ::ffff:127.0.0.1:58512 ::ffff:127.0.0.1:5432
>> ESTABLISHED 496 126801 19343/java
>> tcp 0 0 ::ffff:172.16.43.151:8081 ::ffff:172.16.43.151:33812
>> TIME_WAIT 0 0 -
>
> So specifically here, its listening on 172.16.43.151 ... my suggestion
> about replacing this with 0.0.0.0 in jetty.ini might make a
> difference.
trouble reading the lines :-).
ken.
Reply all
Reply to author
Forward
0 new messages