On 06/21/2009 10:32 AM, Todd Zullinger wrote:
Robert L Cochran wrote:
If you have local DNS setup, you can add puppet as a CNAME for your
server. If not, you could add it to /etc/hosts. I've always done the
former.
Okay, so that would work like this:
puppet. CNAME deafeng3.signtype.info.
deafeng3.signtype.info A 192.168.4.75
You _may_ not want the . at the end of puppet., as that will make the
fqdn puppet, rather than puppet.signtype.info.
I'm not positive that it will matter or not. You just want to be sure
that the certificate names match, otherwise puppet will fail to verify
those certificates and you'll get new errors when you try to connect
to the puppetmaster. :)
I left my puppetmaster server and puppet client running with 'puppet.'
in the CNAME record instead 'puppet' in hopes of seeing what happens
when the client tries to connect to the puppet master. Look at these
messages in /var/log/messages that I got just now. What do you think of
these?
Jun 21 10:52:32 deafeng3 puppetmasterd[3281]: Compiled catalog for
deafeng3.signtype.info in 0.02 seconds
Jun 21 10:52:32 deafeng3 puppetd[3339]: Starting catalog run
Jun 21 10:52:32 deafeng3 puppetd[3339]: Finished catalog run in 0.02 seconds
Does this indicate success?
Look at what happens when I try to ping 'puppet':
[rlc@deafeng3 ~]$ ping -c3 puppet
PING deafeng3.signtype.info (192.168.1.46) 56(84) bytes of data.
64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=1 ttl=64
time=0.101 ms
64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=2 ttl=64
time=0.106 ms
64 bytes from deafeng3.signtype.info (192.168.1.46): icmp_seq=3 ttl=64
time=0.103 ms
To get the above result I did one other thing. I edited /etc/hosts to
indicate that puppet is an alias for this machine. However I have not
restarted networking yet. Here is the edit I made:
192.168.1.46 deafeng3.signtype.info deafeng3 puppet
I'm at the very start of the puppet tutorial where I just try to get the
puppet client on the same machine as the puppetmaster to work with the
sudo.pp class. I haven't yet tried to get a puppet client on a different
machine to connect to the server.
It looks like each time the puppet client tries to connect to the
server, it possibly issues an ifconfig. I haven't looked at the source
to confirm that. Look at these messages from Selinux:
Jun 21 10:52:33 deafeng3 setroubleshoot: SELinux is preventing ifconfig
(ifconfig_t) "read" security_t. For complete SELinux messages. run
sealert -l 0c1fa1a8-f807-4016-947c-ffbb64975302
Jun 21 10:52:33 deafeng3 setroubleshoot: SELinux is preventing ifconfig
(ifconfig_t) "read" security_t. For complete SELinux messages. run
sealert -l 0c1fa1a8-f807-4016-947c-ffbb64975302
Feel free to correct me if I'm wrong. I'll give it a try pending
confirmation. This would be very helpful material in the
reductivelabs.com tutorial for puppet.
I imagine generalizing it to note that the name of the puppetmaster
defaults to puppet and that a CNAME or host entry should be present
prior to starting the puppetmaster might be good. That and the
alternative of setting the server parameter in the config file. It's
been a while since I read through the docs from the beginning, so I
don't know where the best location is for this or whether it's in
there somewhere.
It is a wiki though, so if you're reading along and find places that
could be improved, feel free to add them. (It's probably good to make
notes locally and them come back to them after you've got things
working to see which things still need improvement and which parts are
actually clear once you've read through all the docs. :)
Yes, taking notes is extremely important. I totally agree.
Bob
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines