puppet client connection refused when I use puppet kick form puppet master

[Dilip Varma]

Hi,

I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e

class toolbox {

file { '/usr/local/sbin/puppetsimple.sh':
        owner => root,group => root,mode => 0755,content => "#!/bin/bash apt-get install zip\n"
     }
}
node 'admin.local' {
                     include toolbox
                    
                   }

Here admin.local is my PUPPET AGENT..

my job is to kick this job to puppet agent from puppet master.for this i have ran

ro...@puppetmaster.example.org#puppet kick admin.local
Triggering admin.local
Host admin.local failed: Connection refused - connect(2)
admin.local finished with exit code 2
Failed: admin.local

i got this error.
Additional Info:puppet master and agent are in the same network,pinging each other and configured password less logins also..

Please find the attachment regarding the puppet error mentioned above.

Thanks in advance
Dilip

[Sneha More]

Hi Dilip,
   Have you added listen = true in [main] section of puppet.conf?
And have you allowd access to runpath in auth.conf?
Please refer http://docs.puppetlabs.com/man/kick.html.
It may help you to solve this error.

Thanks & Regards,
Sneha More,
NTT DATA GTS, OSS Center, India (Pune). 

[Rahul Khengare]

HI Dilip,

    Can you provide the puppet,conf file.

Check the parameter server = puppetmaster.example.org under the [main]  section in puppet.conf file. Otherwise puppet client trying to connect default host puppet when puppet agent being kick.

Thanks and Regards,

Rahul Khengare

On Thursday, September 26, 2013 12:54:54 PM UTC+5:30, Dilip Varma wrote:

[Dilip Varma]

Hi

puppetmaster#vim /etc/puppet/puppet.conf

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
listen = true
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

puppetmaster#vim /etc/puppet/auth.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
listen = true
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

puppetmaster#vim /etc/puppet/auth.conf

# This is an example auth.conf file, it mimics the puppetmasterd defaults
#
# The ACL are checked in order of appearance in this file.
#
# Supported syntax:
# This file supports two different syntax depending on how
# you want to express the ACL.
#
# Path syntax (the one used below):
# ---------------------------------
# path /path/to/resource
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The path is matched as a prefix. That is /file match at
# the same time /file_metadat and /file_content.
#
# Regex syntax:
# -------------
# This one is differenciated from the path one by a '~'
#
# path ~ regex
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The regex syntax is the same as ruby ones.
#
# Ex:
# path ~ .pp$
# will match every resource ending in .pp (manifests files for instance)
#
# path ~ ^/path/to/resource
# is essentially equivalent to path /path/to/resource
#
# environment:: restrict an ACL to a specific set of environments
# method:: restrict an ACL to a specific set of methods
# auth:: restrict an ACL to an authenticated or unauthenticated request
# the default when unspecified is to restrict the ACL to authenticated requests
# (ie exactly as if auth yes was present).
#

### Authenticated ACL - those applies only when the client
### has a valid certificate and is thus authenticated

# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1

# allow nodes to retrieve their own node definition
path ~ ^/node/([^/]+)$
method find
allow $1

# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *

# allow all nodes to store their own reports
path ~ ^/report/([^/]+)$
method save
allow $1

# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file

Thanks,

Dilip

allow *

### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate; we allow authenticated users, too, because
### there isn't a great harm in letting that request through.

# allow access to the master CA
path /certificate/ca
auth any
method find
allow *

path /certificate/
auth any
method find
allow *

path /certificate_request
auth any
method find, save
allow *

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
#path /
path /run
auth any
        

These are my puppet.conf and auth.conf of puppet master...

Please find the solution..

--
You received this message because you are subscribed to a topic in the Google Groups "Puppet Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/OMJFUxP4XgM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to puppet-users...@googlegroups.com.
To post to this group, send email to puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Rahul Khengare]

    Have you try adding server parameter as i said in earlier post.

 

[Dilip Varma]

Thanks,

Dilip

[Dilip Varma]

Hi,

Please verify the following errors.

root@puppetmaster:~# puppet apply -v /etc/puppet/manifests/site.pp --debug
Could not find default node or by name with 'puppetmaster.example.org, puppetmaster.example, puppetmaster' on node puppetmaster.example.org
root@puppetmaster:~# puppet kick admin.local

Triggering admin.local
Host admin.local failed: Connection refused - connect(2)
admin.local finished with exit code 2
Failed: admin.local

Thanks,

Dilip

[Dilip Varma]

Hi,

it is working fine,Thank you..

Thanks,

Dilip

On Thu, Sep 26, 2013 at 3:08 PM, Rahul Khengare <rahul...@gmail.com> wrote:

[Dilip Varma]

I've created auth.conf file in puppet agent and in auth.conf file i've written

path /
  method find, search, save
  auth yes
  allow puppetmaster.example.org

path /run
auth any

allow *

finally i've restarted the puppet and puppet master then it's working well..

Thank you for supporting me..

Thanks,

Dilip