Ask Your Question
1

Failed to run PE installer

asked 2017-05-12 21:18:15 -0500

JeremyCanfield gravatar image

updated 2017-05-13 17:56:25 -0500

I am getting Failed to run PE installer when attempting to install Puppet Enterprise. I have a clean install of Linux CentOS 7. I downloaded and extracted the puppet-enterprise-2017.1.1-el-7-x86_64.tar.gz tarball, started the guided installation, and then used the web installer.

All test pass at the third screen of the puppet web installer.

image description

During the installtion, Failed to run PE installer is displayed.

image description

There are two errors in the /var/log/puppetlabs/installer.log file.

[2017-05-12 00:14:48.832 UTC] INFO 2017-05-11 19:14:48,822 - [Error]: /opt/puppetlabs/puppet/bin/puppet certificate find puppet1 --ca-location remote --ca_server puppet1.software.eng.us returned 1 instead of one of 0.
[2017-05-12 00:14:48.832 UTC] INFO 2017-05-11 19:14:48,822 - [Error]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[retrieve cert for puppet1]/returns: change from notrun to 0 failed: /opt/puppetlabs/puppet/bin/puppet certificate find puppet1 --ca-location remote --ca_server puppet1.software.eng.us returned 1 instead of one of 0.

These errors suggest that there is some issue with the Certificate Authority (CA) on host puppet1.software.eng.us. I am not sure what needs to be done to resolve this issue.

EDIT

Here are the contents of my /etc/puppetlabs/puppet/puppet.conf file.

[main]
certname = puppet1
server = puppet1.software.eng.us
user = pe-puppet
group = pe-puppet

[agent] 
graph = true
edit retag flag offensive close merge delete

Comments

Is it safe to assume that puppet1.software.eng.us is the local server?

smarlow gravatar imagesmarlow ( 2017-05-13 13:39:18 -0500 )edit

Indeed - puppet1.software.eng.us in a local CentOS server in the LAN. nslookup puppet1.software.eng.us resolves to 192.168.0.26.

JeremyCanfield gravatar imageJeremyCanfield ( 2017-05-13 13:44:04 -0500 )edit

Is puppet1 currently running as a Puppet master/CA?

smarlow gravatar imagesmarlow ( 2017-05-13 14:14:28 -0500 )edit

Perhaps this is the missing piece. I am not certain if puppet1 is running as a Puppet master/CA. Would you know how I would check or configure puppet1 to be a Puppet master/CA? I guess I assumed the web installer would take care of this requirement.

JeremyCanfield gravatar imageJeremyCanfield ( 2017-05-13 14:16:28 -0500 )edit

Sorry, I may have misunderstood. Are you installing PE on puppet1? Or is that some other server?

smarlow gravatar imagesmarlow ( 2017-05-13 14:42:21 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted
1

answered 2017-05-13 18:49:40 -0500

smarlow gravatar image

updated 2017-05-13 18:52:13 -0500

I dug into the code, and found the problem I think. The PE module is checking if the CA server is on the local machine, which it does by comparing the values of the certname (in puppet.conf) and the fqdn.

In your case certname is puppet1 and the fqdn is puppet1.software.eng.us, which do not match. Consequently it's trying to retrieve the certificate from a remote CA which isn't yet set up.

If you change the value of certname in puppet.conf to puppet1.software.eng.us and rerun the installer I believe that it should work correctly.

Additionally you may want to wipe out any files under /etc/puppetlabs/puppet/ssl, since this may contain a certificate or CSR with the wrong certname.

edit flag offensive delete link more

Comments

Much appreciation for your assistance in debugging this issue! This will definitely help me as we build our production Puppet server for deployment in the LAN. I am very much looking forward to managing the infrastructure using Puppet instead of SSH into machines one by one.

JeremyCanfield gravatar imageJeremyCanfield ( 2017-05-13 19:17:37 -0500 )edit
0

answered 2017-08-08 00:03:29 -0500

Romiko gravatar image

Hey,

The issue with me for Puppet Enterprise 2017.2.2 was low memory, it was then even trying to contact SSL Cert on 4433. So always use at minimum a t2.Medium or t2.Large.

I wrote an article here: https://romikoderbynew.com/2017/08/08...

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-05-12 21:18:15 -0500

Seen: 298 times

Last updated: May 13