Failed to run PE installer

asked 2017-05-12

I am getting Failed to run PE installer when attempting to install Puppet Enterprise. I have a clean install of Linux CentOS 7. I downloaded and extracted the puppet-enterprise-2017.1.1-el-7-x86_64.tar.gz tarball, started the guided installation, and then used the web installer.

All test pass at the third screen of the puppet web installer.

image description

During the installtion, Failed to run PE installer is displayed.

image description

There are two errors in the /var/log/puppetlabs/installer.log file.

[2017-05-12 00:14:48.832 UTC] INFO 2017-05-11 19:14:48,822 - [Error]: /opt/puppetlabs/puppet/bin/puppet certificate find puppet1 --ca-location remote --ca_server returned 1 instead of one of 0.
[2017-05-12 00:14:48.832 UTC] INFO 2017-05-11 19:14:48,822 - [Error]: /Stage[main]/Pe_install::Prepare::Certificates/Exec[retrieve cert for puppet1]/returns: change from notrun to 0 failed: /opt/puppetlabs/puppet/bin/puppet certificate find puppet1 --ca-location remote --ca_server returned 1 instead of one of 0.

These errors suggest that there is some issue with the Certificate Authority (CA) on host I am not sure what needs to be done to resolve this issue.


Here are the contents of my /etc/puppetlabs/puppet/puppet.conf file.

certname = puppet1
server =
user = pe-puppet
group = pe-puppet

graph = true
Is it safe to assume that is the local server?

smarlow ( 2017-05-13 13:39:18 -0600 )

Indeed - in a local CentOS server in the LAN. nslookup resolves to

JeremyCanfield ( 2017-05-13 13:44:04 -0600 )

Is puppet1 currently running as a Puppet master/CA?

smarlow ( 2017-05-13 14:14:28 -0600 )

Perhaps this is the missing piece. I am not certain if puppet1 is running as a Puppet master/CA. Would you know how I would check or configure puppet1 to be a Puppet master/CA? I guess I assumed the web installer would take care of this requirement.

JeremyCanfield ( 2017-05-13 14:16:28 -0600 )

Sorry, I may have misunderstood. Are you installing PE on puppet1? Or is that some other server?

smarlow ( 2017-05-13 14:42:21 -0600 )

2 Answers

answered 2017-05-13

I dug into the code, and found the problem I think. The PE module is checking if the CA server is on the local machine, which it does by comparing the values of the certname (in puppet.conf) and the fqdn.

In your case certname is puppet1 and the fqdn is, which do not match. Consequently it's trying to retrieve the certificate from a remote CA which isn't yet set up.

If you change the value of certname in puppet.conf to and rerun the installer I believe that it should work correctly.

Additionally you may want to wipe out any files under /etc/puppetlabs/puppet/ssl, since this may contain a certificate or CSR with the wrong certname.

Much appreciation for your assistance in debugging this issue! This will definitely help me as we build our production Puppet server for deployment in the LAN. I am very much looking forward to managing the infrastructure using Puppet instead of SSH into machines one by one.

JeremyCanfield ( 2017-05-13 19:17:37 -0600 )

This doesn't work for me as this change gets overwritten upon re-runnting the install

pogo ( 2018-02-13 07:04:00 -0600 )

answered 2017-08-08

The issue with me for Puppet Enterprise 2017.2.2 was low memory, it was then even trying to contact SSL Cert on 4433. So always use at minimum a t2.Medium or t2.Large.

I wrote an article here:

