Ask Your Question

Puppet out of sync in foreman

asked 2016-07-06 03:43:44 -0600

Imagin0s gravatar image


I am managing a certain number of nodes in foreman and I have some issues with certain nodes which are out of sync after a certain moment.

The certificate is OK, date is correctly synced and the agent is running :

Have you got an idea why after the puppet_interval, the node went out of sync ? Which log do I have to look at ?


edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2016-07-07 03:41:27 -0600

domcleal gravatar image

The phrase "Out of sync" in Foreman means that no config management reports have been received within the past puppet_interval (30 mins or so). You should be trying to determine if reports are being sent and that they're showing in Foreman, and if not, whether there's an error or config issue on either the agent or master preventing their upload.

Remember: reports are sent from the agent to the master at the end of a run, then from the master to Foreman via a report processor (script).

  1. Are reports listed for the host? When was the last report? Are new reports being stored, but under a different hostname? Look at incoming reports under Monitor > Reports > Config management in the UI, and deselect the default eventful = true search at the top to see all reports.
  2. Is the Puppet agent running? Is it actually applying a catalog every 30 minutes? Check its log file, usually syslog (/var/log/messages, /var/log/syslog etc.) to check it's running regularly. Does it report in if you run puppet agent -t?
  3. Is the agent logging any errors that may prevent a report being uploaded?
  4. Are any report upload requests reaching Foreman? tail -f /var/log/foreman/production.log during an agent run and look for POST "/api/reports", which should finish with Completed 201 Created.
  5. Does the master log any errors? The Puppet master typically logs to syslog again, or if using Puppet Server, under /var/log/puppetlabs/.
edit flag offensive delete link more

answered 2017-01-10 10:08:22 -0600

Imagin0s gravatar image


Thanks for your answer domcleal. I am in case 3.. For several servers, when I get the service status on the puppet client, I got the following errors :

pufrm002 ssl :( # service puppet status โ— puppet.service - (null) Loaded: loaded (/etc/init.d/puppet) Active: active (running) since mar. 2017-01-03 15:42:33 CET; 6 days ago CGroup: /system.slice/puppet.service โ””โ”€951 /usr/bin/ruby /usr/bin/puppet agent

janv. 10 09:29:08 pufrm002 puppet-agent[951]: Did not receive certificate janv. 10 09:31:09 pufrm002 puppet-agent[951]: Did not receive certificate janv. 10 09:33:09 pufrm002 puppet-agent[951]: Did not receive certificate janv. 10 09:35:09 pufrm002 puppet-agent[951]: Did not receive certificate

I have deleted the certificates on client and master, and I have regenerated and signed them but it still doesn't work.

Would you please advise ?


edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-07-06 03:43:44 -0600

Seen: 1,685 times

Last updated: Jan 10 '17