Ask Your Question
0

Fresh install deployment fails via guided Install.

asked 2016-10-07 05:02:27 -0500

Del gravatar image

updated 2016-10-19 04:41:42 -0500

I'm trying to install puppet for the first time on a brand new VM running Ubuntu 1604 x64 server. I get right up to the point of starting deployment on the PE console web page but it fails and the log contains the following:

2016-10-06 18:30:24,938 - [Debug]: Processing report from lin1604puppet.localdomain with processor Puppet::Reports::Store
* /opt/puppetlabs/puppet/bin/puppet enterprise configure --debug
--detailed-exitcodes --modulepath /opt/puppetlabs/server/data/enterprise/modules
* returned: 6 2016-10-06 18:30:25,026 Running command: /opt/puppetlabs/puppet/bin/puppet agent --enable 2016-10-06 18:30:25,019 [ERROR]: !! There were problems during the application of the installation catalog. !! 2016-10-06 18:30:25,022 [ERROR]: !! Please review the logs at /var/log/puppetlabs/installer/2016-10-06T18.29.25+0100.install.log and resolve any issues you can find. !! 2016-10-06 18:30:25,024 [ERROR]: !! After fixing any errors, re-run the installer to complete the installation or upgrade. !!

It appears that the deployment fails because it is doing something with accessing a CA server via port 8140 but the connection is refused.

I have no firewall up and as I say I have a fresh installation of Ubuntu 1604. The only change I have made it that it is pointing to our internal repo mirror which I have confirmed is working.

Here is exactly what I did...

  1. Download Puppet Enterprise Master for Ubuntu 16.04 x64 from https://puppet.com/download-puppet-en...
  2. Create a new VM-ware image of Ubuntu 1604 server x64
  3. set new hostname under /etc/hostname and /etc/hosts (This test server will not be on a domain)
  4. update sources.list to point to our internal mirror
  5. sudo reboot now
  6. sudo apt-get update
  7. sudo apt-get upgrade
  8. copy puppet enterprise image to home folder
  9. Unzip the tar ball. tar -zxvf ./puppet-enterprise-2016.2.1-ubuntu-16.04-amd64.tar.gz
  10. cd ./puppet-enterprise-2016.2.1-ubuntu-16.04-amd64/
  11. sudo ./puppet-enterprise-installer
  12. select [1] Guided Install
  13. When it says the server is up access via browser from my Windows host machine on port 3000
  14. Click "Let's get started"
  15. select Monolithic deployment
  16. Set FQDN to hostname (This test server is not on a domain)
  17. Set a Console Admin user password
  18. Leave all other options as already defaulted and click Submit
  19. On the next page click Continue
  20. Wait for verification to succeed. The only warning I get is that /opt only has 73GB instead of 100GB but this should be OK for testing.
  21. Click "Deploy Now"
  22. Deployment fails with the error above.

I've obviously done something stupid or missed something but can anyone help me find out what that is please?

The only other bits I found in the log was this:

[2016-10-06 17:30:24.715 UTC] INFO 2016-10-06 18:30:24,714 - [Notice]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[retrieve cert for lin1604puppet.localdomain]/returns: Error: Could not call 'find' on 'certificate': Connection refused - connect(2) for "lin1604puppet" port 8140
[2016-10-06 17:30:24.715 UTC] INFO 2016-10-06 18:30:24,715 - [Notice]: /Stage[main]/Pe_install::Prepare::Certificates/Exec ...
(more)
edit retag flag offensive close merge delete

Comments

Can anyone at least tell me if a CA server is supposed to be setup automatically by the puppet installer? The installer seems to do everything else and the documentation does not mention that one is needed for a monolithic install.

Del gravatar imageDel ( 2016-10-19 04:38:42 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2016-11-20 15:58:45 -0500

I encountered this issue on 2016.2.1 and 2016.4, installing PE onto Centos 7 for personal use. Hope this helps other folk.

TL;DR

  1. install and enable nscd (name service cache daemon) and cache your server's DNS entries before installing.
  2. (possibly not needed) ensure the server you specify to install on matches the hostname set on the server.

Full explanation:

Cross posted to: https://tickets.puppetlabs.com/browse... https://ask.puppet.com/question/28319...

Puppet is installed using puppet, and the run would fail fairly quickly with dependency errors.

The first error being along the lines of:

Error: Could not call 'find' on 'certificate': Connection refused - connect(2) for "centosmaster" port 8140

This was odd, as I was installing a monolithic install, so why was it failing to connect to the CA on my local machine before it'd even installed the CA? It would appear the installer had got confused and concluded the CA was elsewhere, and so didn't need installing. However, it's trying to access it locally, and failed, as it's not installed yet.

I don't know the exact root cause, but for me it relates to resolving the hostname you specify for the installation. While investigating, I found that when I ran:

getent hosts myserver

.. it returned the /etc/hosts entry I'd put in. (as the fix seems to be to install nscd, this ought not to be needed).

Run

getent hosts myserver.mydomain

.. it hung for a while, and then returned

::1 myserver.mydomain localhost

I believe this relates to the fact that name resolution calls for IPv4 and IPv6 results. see the documentation for the "single-request" option in man resolv.conf

googling slow resolution issues relating to IPv6, a number of the 'solutions' related to disabling ipv6, but I'd already done this at install. The output from ifconfig -a doesn't show output relating to IPv6. That's a pretty good indication that it's disabled; all the stuff in google results about disabling kernel modules is not advisable, as since later releases of RHEL5 a good number of kernel modules now require ipv6 loaded.

In attempting to stop IPv6 interference, I added 'NETWORKING_IPV6=no' to /etc/sysconfig/network, though in my case, it was already adequately disabled.

I think the fix is nscd. This came up in some of the results around slow name resolution.

yum install nscd systemctl enable nscd systemctl start nscd getent hosts myserver getent hosts myserver.mydomain ping myserver.mydomain

The installer then worked.

Other things I did.

  • set the hostname (/etc/hostname) to myserver.mydomain, instead of myserver
  • specified myserver.mydomain as the name of the puppet server
  • to ensure the certificate had all the values I wanted, I specified myserver,puppet,myserver.mydomain,puppet.mydomain as the alternative names in the installer.
edit flag offensive delete link more

Comments

That was enough to get PE installed, but it doesn't fix the underlying issue - once the cached entries expire, resolving myhost.mydomain is slow again. That's for another day.

benprescott gravatar imagebenprescott ( 2016-11-20 16:26:11 -0500 )edit
0

answered 2017-01-04 02:59:14 -0500

BigD gravatar image

Hi there, I am not too sure whether you have resolved this issue, but here is what I have found in my case:

  • I configure hostA in /etc/hosts for the server hosing the installation.
  • I used puppet as FDN while running the installer, which I thought should work.
  • But it failed with the same issue as mention in above post.
  • After long time investigation noticed in the installer log file indicated in the web page view, it failed to connect and get the certificate. e.g. [Notice]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[retrieve cert for hostB.domain]/returns: ^[[1;31mError: Could not call 'find' on 'certificate': Connection refused - connect(2) for "hostA" port 8140
  • So, i changed to the exact name shown in the error message (hostB.domain), and create the record in /etc/hosts file.
  • After this, the process went through, at least for this step.

Hope this helps.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2016-10-07 05:02:27 -0500

Seen: 684 times

Last updated: Nov 20 '16