Puppet client port to be open

8,512 views
Skip to first unread message

Namrata

unread,
Nov 29, 2011, 1:19:40 PM11/29/11
to Puppet Users
Hi,

Just a quick question. In order for puppet run to execute successfully
on puppet client (ubuntu 10.04), the port 8139 on puppet client should
be open and listening correct? Do we also require that port 8140 be
open and running on puppet client?

Thanks.

Nan Liu

unread,
Nov 29, 2011, 1:24:10 PM11/29/11
to puppet...@googlegroups.com

You don't need that port unless you plan to enable listen and use
puppet kick. 8140 is the default puppet master port and not for the
agent.

Nan

Namrata

unread,
Nov 29, 2011, 1:29:32 PM11/29/11
to Puppet Users
Thanks Nan.

So, my puppetmaster should be able to install modules on puppet client
if the port 8139 is open?

On Nov 29, 10:24 am, Nan Liu <n...@puppetlabs.com> wrote:

Denmat

unread,
Nov 29, 2011, 3:18:53 PM11/29/11
to puppet...@googlegroups.com
Hi,

Just further clarifying what Nan has already said, the client initiates the connection to the master when it polls in. The master listens on 8140 for those connections. This is all you need for puppet to compile and apply the manifest on the client.

If you use the 'puppet kick' command (where the master initiates the connection to the client) then you need 1839 open on the client. Otherwise you don't need 1839 open on the client at all.

Den

> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>

jcbollinger

unread,
Nov 29, 2011, 3:31:07 PM11/29/11
to Puppet Users

On Nov 29, 12:29 pm, Namrata <namratakulka...@gmail.com> wrote:
> Thanks Nan.
>
> So, my puppetmaster should be able to install modules on puppet client
> if the port 8139 is open?

In short, you don't even need 8139 open.

In long:
The puppetmaster does not under any circumstances install modules on
the client, regardless of what ports are open where. Instead, the
client initiates one or more connections to the server, pulls down
instructions and data, and performs whatever system modifications are
required. The client does all that either on demand at regular
intervals, depending on how it is set up. No ports need to be open in
the client's firewall for this to work, but that firewall must not
interfere with traffic on connections that the client initiates.

The puppet agent also has a feature, disabled by default, where it
listens on port 8139 for "kick" messages. Such messages trigger the
agent to perform the same operations already described above (i.e.
this is a special case of on-demand runs). Only for that feature to
work does the client need port 8139 to be open.

On the other side, the puppetmaster's firewall must leave the
puppmaster port open for clients to be able to connect. That port is
8140 by default.


John

Craig White

unread,
Nov 29, 2011, 3:57:20 PM11/29/11
to puppet...@googlegroups.com
I hope that you were having a dyslexic moment and really meant to say 8139 instead of 1839 because then I would have to wonder how it's been working for me the past few months.

Craig

--
Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig...@ttiltd.com
1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com

Need help communicating between generations at work to achieve your desired success? Let us help!

Namrata

unread,
Nov 29, 2011, 5:00:57 PM11/29/11
to Puppet Users
Thanks everyone for the clarifications to a puppet newbie aka me :)
It is much clear now.

It is just that one of my puppet client is a cloud server on Rackspace
and while it can connect to the puppetmaster and apply basic
configurations(like write a file) from puppetmaster manifest but
unable configure things (such as install apache/tomcat etc.)


On Nov 29, 12:57 pm, Craig White <craig.wh...@ttiltd.com> wrote:
> I hope that you were having a dyslexic moment and really meant to say 8139 instead of 1839 because then I would have to wonder how it's been working for me the past few months.
>
> Craig
>
> On Nov 29, 2011, at 1:18 PM, Denmat wrote:
>
>
>
>
>
>
>
>
>
> > Hi,
>
> > Just further clarifying what Nan has already said, the client initiates the connection to the master when it polls in. The master listens on 8140 for those connections. This is all you need for puppet to compile and apply the manifest on the client.
>
> > If you use the 'puppet kick' command (where the master initiates the connection to the client) then you need 1839 open on the client. Otherwise you don't need 1839 open on the client at all.
>
> > Den
>

> > On 30/11/2011, at 5:29, Namrata <namratakulka...@gmail.com> wrote:
>
> >> Thanks Nan.
>
> >> So, my puppetmaster should be able to install modules on puppet client
> >> if the port 8139 is open?
>
> >> On Nov 29, 10:24 am, Nan Liu <n...@puppetlabs.com> wrote:
> >>> On Tue, Nov 29, 2011 at 6:19 PM, Namrata <namratakulka...@gmail.com> wrote:
> >>>> Just a quick question. In order for puppet run to execute successfully
> >>>> on puppet client (ubuntu 10.04), the port 8139 on puppet client should
> >>>> be open and listening correct? Do we also require that port 8140 be
> >>>> open and running on puppet client?
>
> >>> You don't need that port unless you plan to enable listen and use
> >>> puppet kick. 8140 is the default puppet master port and not for the
> >>> agent.
>
> >>> Nan
>
> >> --
> >> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> >> To post to this group, send email to puppet...@googlegroups.com.
> >> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.

> >> For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.


>
> > --
> > You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> > To post to this group, send email to puppet...@googlegroups.com.
> > To unsubscribe from this group, send email to puppet-users...@googlegroups.com.

> > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.
>
> --
> Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.wh...@ttiltd.com
> 1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~www.ttiassessments.com

Denmat

unread,
Nov 29, 2011, 5:25:57 PM11/29/11
to puppet...@googlegroups.com
Oh dear ... Yes.

jcbollinger

unread,
Nov 30, 2011, 8:52:37 AM11/30/11
to Puppet Users

On Nov 29, 4:00 pm, Namrata <namratakulka...@gmail.com> wrote:
> Thanks everyone for the clarifications to a puppet newbie aka me :)
> It is much clear now.
>
> It is just that one of my puppet client is a cloud server on Rackspace
> and while it can connect to the puppetmaster and apply basic
> configurations(like write a file) from puppetmaster manifest but
> unable configure things (such as install apache/tomcat etc.)


Well that sure doesn't sound like a problem with the client's
firewall.

You don't give us much to go on, but it is possible that the problem
is with retrieving files from the master's built-in file server. Or
it might be that the manifests themselves are wrong in some way. You
really should look at both the master's and the client's log output to
get a better handle on what is breaking. We can probably help you
there, if you wish.


John

Reply all
Reply to author
Forward
0 new messages