I'm new at puppet. First I installed and configured puppet.
If I check my certs on my master:
+ "puppet" (SHA256) FB:57:B2:B7:18:99:0F:15:DB:F0:E1:E8:12:31:99:75:BF:05:46:8D:78:A9:C4:DD:68:9E:A4:xxx (alt names: "DNS:puppet", "DNS:puppetmaster.example.com")
+ "puppetclient.example.com" (SHA256) 64:4F:0C:B2:EA:53:6B:2D:E3:5B:11:DB:80:E3:DF:AD:A6:AF:B5:B9:DB:05:6F:79:5D:E5:8Exxx
I try to apply some site.pp.
Here is my init.pp
class apache2 {
package { 'apache2':
ensure => installed,
}
service { 'apache2':
ensure => true,
enable => true,
require => Package['apache2'],
}
}
Here is my site.pp
node 'puppetclient.example.com' {
include apache2
}
I try:
sudo puppet apply site.pp and I get the following error
Error: Could not find default node or by name with 'puppet, puppet.example.com, puppet.example' on node puppet
Error: Could not find default node or by name with 'puppet, puppet.example.com, puppet.example' on node puppet
It seems it tries to execute my .pp on a host which does not exist (probably default hostnames). What am I doing wrong. I want it to be executed on my puppetclient.example.com.
Thanks
The error and the hostname from your comment imply that you are using the apply command on a wrong host i.e. the master not the remote client.
If you want to execute the command on different host then the puppet-master (server) you would need to install puppet agent on the remote client and run the command on the client. i.e. sudo puppet agent -t this will require the agent to be configured.
Puppet uses data from the facter to determine the node name. And facter data is populated from the actual hostname, /etc/hosts as well as /etc/sysconfig/network plus other information. You can read more about it on Puppets facter page.
The easies way to check the hostname is to run hostname command or facter hostname or facter fqdn
Bellow is how Puppet check the node name from the official website:
A given node will only get the contents of one node definition, even if two node statements could match a node’s name. Puppet will do the following checks in order when deciding which definition to use:
If there is a node definition with the node’s exact name, Puppet will use it.
If there is a regular expression node statement that matches the node’s name, Puppet will use it. (If more than one regex node matches, Puppet will use one of them, with no guarantee as to which.)
If the node’s name looks like a fully qualified domain name (i.e. multiple period-separated groups of letters, numbers, underscores and dashes), Puppet will chop off the final group and start again at step 1. (That is, if a definition for www01.example.com isn’t found, Puppet will look for a definition matching www01.example.)
Puppet will use the default node.
Thus, for the node www01.example.com, Puppet would try the following, in order:
www01.example.com -- A regex that matches www01.example.com
www01.example -- A regex that matches www01.example
www01 -- A regex that matches www01
default
P.S.
If you are going to downgrade this please be kind enough to provide a reason.
The command puppet apply is for constructing a catalog from local manifest files and data and applying it to the local machine. You are running it on your master, and your site manifest does not provide a node block that can be matched to that machine, so Puppet errors out. If you want to use puppet apply then you must arrange for the needed manifests and data to be present on the machine you want to configure, and you must run puppet apply there.
If you want to use a master / agent configuration, then you must run the master service or the puppetserver service on some designated machine, and all the manifests and data must reside there. Other machines do not need to have manifests or data, and they configure themselves by running puppet agent (locally), not puppet apply. The agent is often run as a daemon, but it can also be run in one-off mode, which many people use to run it under control of a separate scheduler, such as cron.
Obviously, you cannot configure a remote machine simply by running a command on the master, without some form of cooperation from the remote machine -- neither with Puppet nor with any other system you might imagine. Nor would you want your machines to be susceptible to such unrestricted remote control.
If you're looking for bona fide remote control then you could consider Puppet's "MCollective" product. It requires cooperation from the machines to be controlled, just as Puppet does, but it provides for ad hoc and on-demand control, which Puppet does not do. Among many other things, you can use it to run puppet agent remotely, on demand.
Related
I need to execute ikeyman on an IBM HTTP Server. Since I don't want to install a full blown UI on the server, I used MobaXterm with x forwarding for the Windows workstations. When executed as regular user (e.g. /opt/IBM/HTTPServer/bin/ikeyman) it works. For corresponding permissions in certain folders, ikeyman need to run as root:
sudo -i
/opt/IBM/HTTPServer/bin/ikeyman
Exception in thread "main" java.awt.HeadlessException:
No X11 DISPLAY variable was set, but this program performed an operation which requires it.
at java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:217)
at java.awt.Window.<init>(Window.java:547)
at java.awt.Frame.<init>(Frame.java:431)
at java.awt.Frame.<init>(Frame.java:396)
at javax.swing.JFrame.<init>(JFrame.java:200)
at com.ibm.gsk.ikeyman.gui.KeymanFrame.<init>(KeymanFrame.java)
at com.ibm.gsk.ikeyman.gui.KeymanFrame.<init>(KeymanFrame.java)
at com.ibm.gsk.ikeyman.Ikeyman.main(Ikeyman.java)
Not working:
sudo DISPLAY=localhost:10.0 /opt/IBM/HTTPServer/bin/ikeyman (the DISPLAY value was copied from the regular user)
xauth add $(xauth -f /home/user/.Xauthority list | tail -1 )
export DISPLAY=localhost:10.0
/opt/IBM/HTTPServer/bin/ikeyman```
Trying to install Virtualmin in my new Ubuntu Xenial vps, executing install.sh, I get the following error:
[... up to here all fine..]
Processing triggers for dovecot-core (1:2.2.22-1ubuntu2.2) ...
Job for dovecot.service failed because the control process exited with error cod e. See "systemctl status dovecot.service" and "journalctl -xe" for details.
invoke-rc.d: initscript dovecot, action "restart" failed.
dpkg: error processing package dovecot-core (--configure):
subprocess installed post-installation script returned error exit status 1
Processing triggers for libapache2-mod-php7.0 (7.0.8-0ubuntu0.16.04.3) ...
Errors were encountered while processing:
dovecot-core
FATAL - Fatal Error Occurred: Something went wrong during installation: 0
FATAL - Cannot continue installation.
FATAL - Attempting to remove virtualmin repository configuration, so the install ation can be
FATAL - re-attempted after any problems have been resolved.
FATAL - Removing temporary directory and files.
FATAL - If you are unsure of what went wrong, you may wish to review the log
FATAL - in /root/virtualmin-install.log
I have installed virtualmin in other vps and did not have such issue before. I meet the same issue in this vps also if I change operating system. What could I do to solve? Thanks
I wanted to install virtualmin on Ubuntu 16.04; I met same issues (as in your log); the error is quite cryptic and unexpected; virtualmin setup worked flawlessly in other vps.
A particular thing of my new vps is that ipv6 is not supported; it is probably the same in your case. Working on this information I made virtualmin work as expected, with the following steps:
fresh install of Ubuntu 16.04
apt-get install dovecot-common dovecot-imapd dovecot-pop3d
(these packages are the part related to dovecot for Ubuntu, taken from virtualmin install.sh). This gave issues.
Then edited: /etc/dovecot/dovecot.conf file.. uncommenting the line "listen = *, ::" and setting it to "listen = *" (listen just to ipv4 instead of also ipv6)
then again "apt-get install dovecot-common dovecot-imapd dovecot-pop3d", to check that installation finely completes.
install virtualmin: "/bin/sh install.sh"
service apache2 restart
In /etc/hosts comment the rows related to ipv6 (those with ::)
remove the "ipv6=1" line from /etc/webmin/miniserv.conf
/etc/init.d/webmin restart (now webmin should be up and working at https://yourip:10000)
I've tried these steps to install VirtualMin on my VPS Ubuntu 16.04. I am damn sure it will work for you.
Here are some prerequisites of the VirtualMin on Ubuntu:
-> You must have a new Ubuntu VPS or system with at 1 GB RAM.
-> You must have root access or access to a user with Sudo privileges.
-> A valid hostname set on your server’s primary IP address.
-> Two registered custom nameservers for Virtualmin.
Steps:
Step 1: Update your system with the latest available version:
Linux command: apt-get update
Step 2: Set Hostname and FQDN:
For Virtualmin to work properly, you need to configure the hostname and FQDN on the server itself by editing the /etc/hostname and /etc/hosts files, as well as update your DNS settings so DNS lookups resolve properly.
Linux command: hostname
To change the hostname for your server, open the file /etc/hostname in your editor:
Linux command: sudo nano /etc/hostname
Delete the current hostname and replace it with your hostname:
Use just the hostname, not the entire FQDN, in this file. For example, if your FQDN is demo.yourdomainname.com, enter demo in this file.
Save the file and exit the editor.
Next, add both the hostname and FQDN in the /etc/hosts file:
Linux command: sudo nano /etc/hosts
Modify the line that starts with 127.0.0.1 to use your FQDN and hostname, in that order:
127.0.1.1 your_hostname.your_domain.com your_hostname
127.0.0.1 localhost
...
Remember to replace your_hostname and your_domain.com with your own hostname and domain name. Save the file and exit the editor.
To check if the name has been changed correctly, reboot your server.
Linux command: sudo reboot
Step 3: Download and install Virtualmin
To install Virtualmin, download and run the official Virtualmin installation script, which will install Virtualmin, and Webmin, along with a LAMP stack, BIND, and Postfix.
Use wget to download the script:
Linux command: wget http://software.virtualmin.com/gpl/scripts/install.sh -O /tmp/virtualmin-install.sh
After the Virtualmin script has been downloaded successfully, we will go for the execution of the script. For that, first we will have to make the script file executable by running the following chmod command:
Linux command: chmod +x /tmp/virtualmin-install.sh
Once the file is made executable, we will go further towards running it using a shell. Enter the following command in the terminal to install Virtualmin through script.
Linux command: sh /tmp/virtualmin-install.sh
The script will give a warning message about existing data and compatible operating systems. Press y to confirm that you want to continue the installation.
The installation process may take a few minutes to complete all the steps as it installs various software packages and components.
Step 4: Configuring Webmin Using The Post-Installation Wizard
To configure Webmin, we'll use its web-based Post-Installation Wizard. Open your web browser and navigate to https://your_server_ip:10000. You can also use your fully-qualified domain name to access the site.
Note: Your browser may show a "Your connection is not secure" or "Your connection is not private" warning since Virtualmin uses a self-signed certificate. This warning is normal. You can ignore it.
Next, we'll need to enter the root username and password which is same as of the Linux system's to get access to the Web-based Control Panel of VirtualMin.
Once you have logged in, you'll see the Introduction screen stating that you are going through the steps to configure Virtualmin. Press Next to continue.
On the Memory use screen, select No for Preload Virtual Libraries, because you don't need to run the Virtual User interface all the time. Select Yes for Run email domain lookup server to enable faster mail processing. Press Next to continue.
On the Virus scanning screen, select No for Run ClamAV server scanner so you'll use less RAM. Press Next to continue.
On the Spam filtering screen, select No for Run SpamAssassin server filter and press Next to continue.
On the Database servers screen, select Yes to Run MySQL database server because MySQL server is widely used and supported by most applications, and no to Run PostgreSQL database server. Press Next to continue.
On the MySQL password screen, enter your desired MySQL root password. It should be different from the root password you used to log in to Webmin.
Select Yes if you’d like to remove the test MySQL database
Select Yes if you’d like to remove the anonymous MySQL user
On the MySQL database size screen, select the RAM option that matches the amount of RAM your server has. For a 1GB server, select Large system (1G) on which MySQL is heavily used. Press Next to continue.
On the Nameserver screen, Enter your primary and secondary nameservers which you configured in the prerequisites. If you haven't set these up, check the Skip check for resolvability box to avoid error message and proceed. Press Next to continue.
On the Password storage mode screen, select Store plain-text passwords if you must support password recovery. Otherwise, choose Only store hashed passwords. Here we have chosen plain-text passwords as an example. Press Next to continue.
you will see the All done screen. Click Next to end.
You may see a message stating that Virtualmin's configuration has not been checked. Click the Re-check and refresh the configuration button to check your Virtualmin configuration. Address any errors that the check reports. This process may take a few minutes to complete.
Congratulations! Your server is now configured.
I'm not very familiar with ansible.
The problem I have at the moment is the following:
I have a master - nodes environment with multiple nodes.
My ansible needs to access my nodes but can't access them.
SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I'm able to SSH from my master to each node but only by using a key:
ssh -i key-to-node.pem centos#ec2...
Is it possible to setup something to allow ansible to connect to the created hosts?
You can define your pem file in your ansible.cfg:
private_key_file=key-to-node.pem
If you don't have one, create one at the same location where you playbook is or in /etc/ansible/ansible.cfg.
If you have different keys for your hosts, you can also define the key in your inventory:
ansible_ssh_private_key_file=key-to-node.pem
Also, if you would have configured ssh to work without explicitly passing the private key file (in your .ssh/config) Ansible would automatically work.
Adding an example from the OpenShift page, as mentioned in the comments.
I personally have never configured it this way (as I have set up everything via ~/.ssh/config but according to the docs it should be working like this:
[masters]
master.example.com ansible_ssh_private_key_file=1.pem
# host group for nodes, includes region info
[nodes]
node1.example.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}" ansible_ssh_private_key_file=2.pem
Alternatively, since you have multiple nodes and maybe the same key for all of them, you can define a separate nodes:vars section
[nodes:vars]
ansible_ssh_private_key_file=2.pem
all. when I try 'rhc create-app demo python-2.7', I meet an issue not able to check out the git repo. system will ask for the password of the cartridge or something. but in fact I have upload the default key from openshift console.
here is what I have done:
install openshift from puppet
oo-diagnostics check pass
create app
then I remove the default files in /root/.ssh and remove the key file from openshift console, and recreate the ssh key, and run rhc setup again to upload key. then create app again, but failed again.
In the Broker Virtual Machine, while running - oo-register-dns -h node -d domainX.example.com XXX.XXX.XXX.XXX -k /var/named/domainX.example.com.key,
The proxy XXX.XXX.XXX.XXX should be your Node Virtual Machine's IP Address (as I think most probabily you have used Broker's IP Address. Change accordingly and run this command again,
It will work.
Can you try with a different (main) domain name instead of example.com? I think it might be the issue as per wikipedia explanation:
Example.com, example.net, example.org, and example.edu are second-level domain names reserved for documentation purposes and examples of the use of domain names.
Even if you've masked it with your hosts file or local DNS it still might be confusing the Openshift's DNS.
Got a weird Glassfish issue here. Here's how to reproduce it:
(1) Install Glassfish v3
(2) Start your default domain:
$GLASSFISH_HOME/bin/asadmin start-domain domain1
(3) Change the admin port (you'll need to enter admin uid & password, in our script we use the -u & -W parameters):
$GLASSFISH_HOME/bin/asadmin set configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.port=34848
(4) Shut down the domain:
$GLASSFISH_HOME/bin/asadmin stop-domain domain1
You'll see this doesn't work. You get:
CLI306 Warning - server is not running.
Command stop-domain executed successfully.
But your Glassfish process is still running. Worse, when you attempt to start the process you'll get a warning that some of your ports are already in use. Of course they are, the old process has still got 'em! Your only way out is killall -9 java
While some of the config changes are dynamic it seems this one isn't but the domain stop assumes it is dynamic and uses the new port to try and execute the command.
Possible solutions are:
(1) Use sed on domain.xml - would prefer not to as it's complicated & risky grepping through XML code. I've seen Glassfish change the order of attributes in this file so we can't just sed for port="4848"
(2) Use the scripted installer rather than the zip file and feed the parameters to the setup program as an answer file - this is problematic for our install scripts which are required to be idem potent.
(3) Use a custom crafted zip of the Glassfish install archive with domain.xml already changed - not an option as the port we are setting may change in the future.
This is almost the definition of a corner case but one we need to solve. For now we're going to sed domain.xml but it would be nice to know if there was a way that's possible via the CLI.
You might want to do the following instead...
install v3 by unzipping
delete domain1
create a new domain1 using the ports that you prefer.
The man page for the create-domain subcommand will have all the details
start this new domain...
No extra start or stop necessary (and you can skip step 2 if you are willing to remember to say 'asadmin start-domain mydomain' instead of 'asadmin start-domain'
Sed wasn't as bad as I thought it might be, here's what I did:
cd $GLASSFISH_HOME
sed -i.bak '/<network-listener[^>]*name="admin-listener"/s/port="4848"/port="34848"/g' glassfish/domains/domain1/config/domain.xml
It's still a bug that asadmin thinks the port change is dynamic when it isn't but I can live with this hack.