Getting started - yikes
56 views
Skip to first unread message
ch...@freeranger.com
Jul 29, 2022, 12:00:55 AM7/29/22
to Puppet Users
I've been tasked to install puppet enterprise 2019.8.11 on centos 7. We have some licenses that I figure I can apply once puppet is installed.
The above errors seemed to crop up, in red, periodically during the install
More red:
[Error]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[generate ca cert]/returns: change from 'notrun' to ['0'] failed: '/opt/puppetlabs/bin/puppetserver ca setup --certname tm.sys-f.ecm --ca-name 'Puppet Enterprise CA generated at +2022-07-28 23:56:46 +0000' --subject-alt-names 'puppet'' returned 1 instead of one of [0]
Then lots of yellow warnings:
[Warning]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[generate node cert]: Skipping because of failed dependencies
[Warning]: /Stage[main]/Pe_install::Install::Ssldir/Exec[Set user/group of /etc/puppetlabs/puppet/ssl contents to pe-puppet:pe-puppet]: Skipping because of failed dependencies
I figured I could just fire up a centos 7 instance on AWS (derived from a self hardened AMI) and install a puppet enterprise master. What could go wrong... ;)
I proceeded to get things lined up and ran a wget of a centos 7 tar of Enterprise - 2019.8.11 LTS. Upzipped it, and in the folder which was created ran:
./puppet-enterprise-installer
I proceeded to get things lined up and ran a wget of a centos 7 tar of Enterprise - 2019.8.11 LTS. Upzipped it, and in the folder which was created ran:
./puppet-enterprise-installer
Things seemed to go fine for a bit, then...
in red:::
Error: Failed to initialize SSL: The CRL issued by 'CN=Puppet Enterprise CA' has expired, verify time is synchronized
Error: Run `puppet agent -t`
Error: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/ssl_provider.rb:278:in `raise_cert_verify_error'
in red:::
Error: Failed to initialize SSL: The CRL issued by 'CN=Puppet Enterprise CA' has expired, verify time is synchronized
Error: Run `puppet agent -t`
Error: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/ssl_provider.rb:278:in `raise_cert_verify_error'
The above errors seemed to crop up, in red, periodically during the install
More red:
[Error]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[generate ca cert]/returns: change from 'notrun' to ['0'] failed: '/opt/puppetlabs/bin/puppetserver ca setup --certname tm.sys-f.ecm --ca-name 'Puppet Enterprise CA generated at +2022-07-28 23:56:46 +0000' --subject-alt-names 'puppet'' returned 1 instead of one of [0]
Then lots of yellow warnings:
[Warning]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[generate node cert]: Skipping because of failed dependencies
[Warning]: /Stage[main]/Pe_install::Install::Ssldir/Exec[Set user/group of /etc/puppetlabs/puppet/ssl contents to pe-puppet:pe-puppet]: Skipping because of failed dependencies
[Warning]:/Stage[main]/Puppet_enterprise::Profile::Database/File[/opt/puppetlabs/server/data/postgresql/11/data/certs/_local.cert.pem]: Skipping because of failed dependencies
[Warning]:/Stage[main]/Puppet_enterprise::Profile::Orchestrator/Pe_hocon_setting[orchestration-services.authorization.version]: Skipping because of failed dependencies
[Warning]:/Stage[main]/Puppet_enterprise::Profile::Orchestrator/Pe_hocon_setting[orchestration-services.authorization.version]: Skipping because of failed dependencies
The tons of warnings with references to "Skipping because of failed dependencies"
I've obviously got some gaping hole in the dependencies.
Can anyone point me to what I missed in the instructions to provide the config that provisions the dependencies.
Also, I've looked for prerequisites of applications that should be loaded prior to install, like wget, or postgresql but haven't seen much of that except in random sites.
I've obviously got some gaping hole in the dependencies.
Can anyone point me to what I missed in the instructions to provide the config that provisions the dependencies.
Also, I've looked for prerequisites of applications that should be loaded prior to install, like wget, or postgresql but haven't seen much of that except in random sites.
Thanks in advance for any tips,
Chris.
Martin Alfke
Jul 29, 2022, 3:22:47 AM7/29/22
to puppet...@googlegroups.com
Hi Chris,
Please check the time synchronisation prior running the installer.
Also check the system requirements page: https://puppet.com/docs/pe/2019.8/system_requirements.html
Especially https://puppet.com/docs/pe/2019.8/supported_operating_systems.html#supported_operating_systems which will list also required packages.
Hth,
Martin
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e567b5e8-1395-4929-becb-4e38a24bf372n%40googlegroups.com.
ch...@freeranger.com
Jul 29, 2022, 2:27:52 PM7/29/22
to Puppet Users
Thank you, Martin,
I installed the specific package requirements
I installed the specific package requirements
I checked NTP services; all good
I re-ran the install - still the same issues
I uninstalled with: /opt/puppetlabs/bin/puppet-enterprise-uninstaller
Reinstalled with: ./puppet-enterprise-installer
## Puppet Enterprise configuration complete! - hooray!
Our hardened AMI had a pre-existing puppet agent so I think that might have been the source of some mismatch indicating an expired CA/time-sync issue. The uninstall might have removed the agent so the reinstall started more or less from a cleaner slate.
Our hardened AMI had a pre-existing puppet agent so I think that might have been the source of some mismatch indicating an expired CA/time-sync issue. The uninstall might have removed the agent so the reinstall started more or less from a cleaner slate.
Now to get it set up and configured...
Again, Thank you.
Chris.
Again, Thank you.
Chris.
Reply all
Reply to author
Forward
0 new messages