Ask Your Question

Failed to run PE installer

asked 2017-05-12 21:18:15 -0500

JeremyCanfield gravatar image

updated 2017-05-13 17:56:25 -0500

I am getting Failed to run PE installer when attempting to install Puppet Enterprise. I have a clean install of Linux CentOS 7. I downloaded and extracted the puppet-enterprise-2017.1.1-el-7-x86_64.tar.gz tarball, started the guided installation, and then used the web installer.

All test pass at the third screen of the puppet web installer.

image description

During the installtion, Failed to run PE installer is displayed.

image description

There are two errors in the /var/log/puppetlabs/installer.log file.

[2017-05-12 00:14:48.832 UTC] INFO 2017-05-11 19:14:48,822 - [Error]: /opt/puppetlabs/puppet/bin/puppet certificate find puppet1 --ca-location remote --ca_server returned 1 instead of one of 0.
[2017-05-12 00:14:48.832 UTC] INFO 2017-05-11 19:14:48,822 - [Error]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[retrieve cert for puppet1]/returns: change from notrun to 0 failed: /opt/puppetlabs/puppet/bin/puppet certificate find puppet1 --ca-location remote --ca_server returned 1 instead of one of 0.

These errors suggest that there is some issue with the Certificate Authority (CA) on host I am not sure what needs to be done to resolve this issue.


Here are the contents of my /etc/puppetlabs/puppet/puppet.conf file.

certname = puppet1
server =
user = pe-puppet
group = pe-puppet

graph = true
edit retag flag offensive close merge delete


Is it safe to assume that is the local server?

smarlow gravatar imagesmarlow ( 2017-05-13 13:39:18 -0500 )edit

Indeed - in a local CentOS server in the LAN. nslookup resolves to

JeremyCanfield gravatar imageJeremyCanfield ( 2017-05-13 13:44:04 -0500 )edit

Is puppet1 currently running as a Puppet master/CA?

smarlow gravatar imagesmarlow ( 2017-05-13 14:14:28 -0500 )edit

Perhaps this is the missing piece. I am not certain if puppet1 is running as a Puppet master/CA. Would you know how I would check or configure puppet1 to be a Puppet master/CA? I guess I assumed the web installer would take care of this requirement.

JeremyCanfield gravatar imageJeremyCanfield ( 2017-05-13 14:16:28 -0500 )edit

Sorry, I may have misunderstood. Are you installing PE on puppet1? Or is that some other server?

smarlow gravatar imagesmarlow ( 2017-05-13 14:42:21 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2017-05-13 18:49:40 -0500

smarlow gravatar image

updated 2017-05-13 18:52:13 -0500

I dug into the code, and found the problem I think. The PE module is checking if the CA server is on the local machine, which it does by comparing the values of the certname (in puppet.conf) and the fqdn.

In your case certname is puppet1 and the fqdn is, which do not match. Consequently it's trying to retrieve the certificate from a remote CA which isn't yet set up.

If you change the value of certname in puppet.conf to and rerun the installer I believe that it should work correctly.

Additionally you may want to wipe out any files under /etc/puppetlabs/puppet/ssl, since this may contain a certificate or CSR with the wrong certname.

edit flag offensive delete link more


Much appreciation for your assistance in debugging this issue! This will definitely help me as we build our production Puppet server for deployment in the LAN. I am very much looking forward to managing the infrastructure using Puppet instead of SSH into machines one by one.

JeremyCanfield gravatar imageJeremyCanfield ( 2017-05-13 19:17:37 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-05-12 21:18:15 -0500

Seen: 152 times

Last updated: May 13