Ask Your Question
0

Unable to connect to Enterprise Puppet server using Windows agent

asked 2016-12-26 23:00:46 -0500

Garbageyard gravatar image

updated 2016-12-28 22:35:06 -0500

I have setup Puppet Enterprise server on CentOS Linux 7 (Core).

# /opt/puppetlabs/bin/puppetserver --version
puppetserver version: 2016.5.0.11

I have installed Puppet Enterprise agent on Win Server 2008 R2 Enterprise (64-bit).

C:\Users\Administrator>puppet --version
4.8.1

When i try connecting to the Puppet server, i get only the following output:

C:\Windows\system32>puppet agent --test
Exiting; no certificate found and waitforcert is disabled

On server, if i check for any pending cert signing request, i see nothing:

# puppet cert --list

I have verified that i am able to telnet to Puppet server on port 8140 from my Win agent box.

Also shown below is the Puppet service running as Local System user.

image description

My Puppet server has the following entry in /etc/puppetlabs/puppet/puppet.conf

[main]
certname = gc.abc.com
server = gc.abc.com
user = pe-puppet
group = pe-puppet
environment_timeout = 0
app_management = true
module_groups = base+pe_only
environmentpath = /etc/puppetlabs/code/environments
codedir = /etc/puppetlabs/code

[agent]
graph = true

[master]
node_terminus = classifier
storeconfigs = true
storeconfigs_backend = puppetdb
reports = puppetdb
certname = gc.abc.com
always_cache_features = true

On Win agent, i have specified the Puppet server name in host file:

xx.yy.zz.zzz puppet-server

On Win agent, I have also mentioned the server name in C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf file

[main]
server=puppet-server
autoflush=true
environment=production

Any pointers?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-12-29 01:19:23 -0500

Garbageyard gravatar image

From IRC (@binford2k), i got help.

"Exiting; no certificate found and waitforcert is disabled" means that the client has already generated a CSR. If it's got a CSR, then it won't try to generate another. However, if somehow the CSR didn't make it to the master, then the master won't know about it and the agent won't try again because it's got a CSR already. To resolve the above, remove the SSL dir on the agent and then try running puppet again.

When i removed the SSL dir (C:\ProgramData\PuppetLabs\puppet\etc\ssl) as per above suggestion, it worked. :)

C:\Windows\system32>puppet agent --test --server=puppet-server
Info: Creating a new SSL key for gc.abc.com
Info: Caching certificate for ca
Info: csr_attributes file loading from C:/ProgramData/PuppetLabs/puppet/etc/csr_
attributes.yaml
Info: Creating a new SSL certificate request for gc.abc.com
Info: Certificate Request fingerprint (SHA256): 99:02:46:D1:A4:32:6F:A5:CE:06:39
:3E:A4:35:D2:88:C1:9A:D1:2E:58:27:B0:ED:24:F9:DC:77:D9
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-12-26 23:00:46 -0500

Seen: 36 times

Last updated: Dec 29 '16