When trying to run the following command from puppet agent node:
puppet agent --test --verbose
The following error was prompted
Error: certificate verify failed [unable to get local issuer certificate for CN=puppetmaster.example.com]
I have already added FQDN to my hosts in /etc/hosts file.
I deleted the SSL folder in puppet directory and everything worked fine then after.
rm -rf /etc/puppetlabs/puppet/ssl/
puppet agent --test --verbose
You can check your logs using the command
journalctl -u puppet
I went round in circles on this - i was using the standard Ubuntu repo and just installed puppet on my client machines....
My docker puppetmaster is running 6.14 but the agent I pulled from standard Ubuntu world was version 5. The bellow as I am sure you will know will add puppetlabs to your repos and then install the upto date version 6 agent.
wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
sudo dpkg -i puppet6-release-bionic.deb
sudo apt update
sudo apt install puppet-agent
All the answers I have seen to any puppet cerficate type errors just say regenerate your certificate and I could find nothing that offered any further help.
I would suggest check your server and client versions match after my experiance!
To add to #shubham-singh answer, on some system the ssl directory may not be in /etc/puppetlabs/puppet/.
You can run:
sudo find / -name puppet.conf
to find puppet.conf file and look for the value of ssldir property in puppet.conf and then delete/rename the ssl directory and rerun:
puppet agent --test
The rerun may give you error and ask to run additional commands at server and agent to clear the certificate.
Follow the commands and then rerun:
puppet agent --test
and it should work now.
Edit:
If you are still having issue, it may be due to different versions of puppet on server and agent. Check the puppet version using below command on master and agent and make sure the versions are matching.
puppet --version
Related
I am trying to build a centos image, then run basic yum commands from a company network with no internet access. After successfully grabbing the centos artifact in step 1, next comes RUN yum update where the container tries to load plugins using http://mirrorlist.centos.org, and that obviously will not work. It cannot resolve that host because no web access. So, I get the error:
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
..."Could not resolve host http://mirrorlist.centos.org; Unknown error"
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=<repoid> ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable <repoid>
or
subscription-manager repos --disable=<repoid>
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64
The command '/bin/sh -c yum update' returned a non-zero code: 1
I have a repo file in /etc/yum.repos.d that contains content described here. In that file, I have multiple local repo URLs. An [updates] entry has a baseurl for /updates. Is this entry supposed to be used by the container when I do a RUN yum update in my Dockerfile? How does the container know where to look for a local mirror repo or other repo?
Is there also an issue regarding localhost on the host vs. localhost in the container?
I have researched a dozen S.O. entries with no luck.
UPDATE: Dockerfile so far...
FROM path.to.repo/centos
RUN yum update
So, it errors upon yum update.
When you're creating images that can't reach the web but only internal network, you must change tools configuration before trying to use them.
With yum, you have to remove existing repos and replacing them with yours before RUN yum update, something like that :
FROM path.to.repo/centos
RUN rm -rf /etc/yum.repos.d/*.repo
COPY myprivate.repo /etc/yum.repos.d/
RUN yum update
File myprivate.repo must be defined in the same folder as your Dockerfile and must declares your repos.
Furthermore, this created image can now be used as a base image for all others images you need to create.
I have to install Argo Tunnel on my server, VM on Compute Engine (Image Debian, Debian GNU/Linux, 10 (buster), amd64 built on 20200902, supports Shielded VM features), but cannot pass the cloudflared installation step.
I followed the instructions on the developers portal:https://developers.cloudflare.com/argo-tunnel/downloads
And downloaded amd64 / x86-64 package for Linux,
I also used this code and installed cloudflared on my VM
git clone
https://github.com/cloudflare/cloudflared.git
cd cloudflared/
go clean
go get
github.com/cloudflare/cloudflared/cmd/cloudflared
make cloudflared
I see the directory, but I cannot check the version to verify if I install everything properly (documentation).
changerz_critical#cloudshell:~/cloudflared (global-
road-289110)$ cloudflared --version
-bash: cloudflared: command not found
I honestly read through all available docs and could not find anything that could help to solve this issue.
Would be very thankful for any help.
To install cloudflared on your VM instance please follow steps below:
Create VM instance:
$ gcloud beta compute instances create instance-1 --zone=europe-west3-a --machine-type=e2-medium --image=debian-10-buster-v20200910 --image-project=debian-cloud
Connect to VM instance via SSH:
$ gcloud compute ssh instance-1
Download and install cloudflared by using .deb package:
instance-1:~$ wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
instance-1:~$ sudo dpkg --install cloudflared-stable-linux-amd64.deb
Check the version:
instance-1:~$ cloudflared --version
cloudflared version 2020.9.0 (built 2020-09-14-2204 UTC)
Follow the instructions:
instance-1:~$ Please open the following URL and log in with your Cloudflare account:
https://dash.cloudflare.com/argotunnel?callback=https%3A%2F%2Flogin.argotunnel.com%2Fkob9m8T0PaRAFrkYjXjAI4vH1X4sqQ6IRtd8-D_THmYMaAM%3D
Leave cloudflared running to download the cert automatically.
Unfortunately, I don't have a domain to check the full setup. For further instructions I'd recommend you to post a new question at Cloudflare community.
Solved with
git clone https://github.com/cloudflare/cloudflared.git cd cloudflared/ go clean go get github.com/cloudflare/cloudflared/cmd/cloudflared make cloudflared
Puppet Version: 3.8.7
I have been working on building some system monitoring boxes and have ran into an issue when it comes to installing group yum packages. The normal course of installing packages of course isn't working but I figured that I would at least be able to work around this by including an exec to run the install as a command (like below):
exec { "GNOME Desktop":
command => "/usr/bin/yum -y groups install 'GNOME Desktop'",
timeout => 600,
}
There is an available module on the puppet forge that seems to do what I want but it's not compatible with our version of puppet and we are not in a place to upgrade at this time.
I also tried the setup that was listed in the below server fault question but it also did not work for me:
https://serverfault.com/questions/127460/how-do-i-install-a-yum-package-group-with-puppet
I have also manually been able to run the following command but when I exec it as a puppet command, it fails:
/usr/bin/yum -y groups install "GNOME Desktop"
Why is this? I assumed that puppet is just issuing the command in the exact same way the terminal would?
Changing the time out (or removing it) had zero effect, the issue is with the version of puppet and the ability to install group packages. I ended up installing the desktop environment in my kickstart file and ran puppet for everything else.
I'm using the Azure Resource Manager Template to generate an Azure TeamCity server with an agent on the same Linux CoreOS Azure VM. All the tools are there for building .NET Core projects, but for Xamarin projects, I need the Visual Studio Build Tools enabled on the box.
Following the instructions on http://www.mono-project.com/download/vs/#download-lin, I tried logging onto the agent by connecting to the VM via SSH, and then running:
docker exec -it [container id] bash
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
apt install apt-transport-https
echo "deb https://download.mono-project.com/repo/ubuntu vs-xenial main" | tee /etc/apt/sources.list.d/mono-official-vs.list
apt update
apt install mono-devel #Also apt-install mono-complete
However, even after rebooting the TeamCity VM, there is still an unmet requirement, listed as "Mono4.5_x86 exists".
Installing Mono on the agent works; however, every time I restart the agent, the installation is removed.
How can I install Mono on the build agent so that it persists when I restart the agent?
This took ages to fix, but I managed to find the solution eventually.
By default, the Azure Resource Manager for TeamCity does not contain Mono in its Docker image. You can install Mono on the Docker image, but then as soon as you restart the agent, the changes are not persisted.
You have to customise it following the instructions in https://hub.docker.com/r/jetbrains/teamcity-agent/.
Start off by creating a new image:
docker run -it -e SERVER_URL="http://<my-teamcity-server>.westeurope.cloudapp.azure.com" -v /mnt/data/teamcity-mono-agent:/data/teamcity_agent/conf --name="teamcity-mono-agent" jetbrains/teamcity-agent
Then start the agent using
docker start teamcity-mono-agent
Start a bash session in the agent with
docker exec -it teamcity-mono-agent bash
and in the bash terminal, install Mono using the sequence of instructions in the original question. (You may need to check the version of Linux that is running in the container, and modify these steps accordingly. There are detailed instructions on the Mono website.)
Once you have installed Mono, check the installation by typing mono, and then exit the bash session.
Commit the image using
docker commit teamcity-mono-agent mono-agent
And then restart the agent:
docker restart teamcity-mono-agent
In your TeamCity project, go to the build step and choose "MSBuild" from the dropdown. Choose "Mono xBuild 4.5" for the MSBuild version, "4.0" for the MSBuild Tools version, and x64 for the Platform.
Your new agent should now be able to pick up builds that require Mono.
I'm facing an issue with the yum command on a dedicated server (hosted by OVH):
[root#mail-server ~]# yum clean all
[root#mail-server ~]# yum update
Modules complémentaires chargés : fastestmirror
One of the configured repositories failed (Inconnu),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Disable the repository, so yum won't use it by default. Yum will then
just ignore the repository until you permanently enable it again or use
--enablerepo for temporary usage:
yum-config-manager --disable <repoid>
4. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64
After investigation, i found that the error bellow (the url return not ok from the dedicated server) :
KO From dedicated server :
[root#mail-server ~]# curl "http://mirrorlist.centos.org/?release=7.1.1503&arch=x86_64&repo=os"
Invalid release
[root#mail-server ~]#
OK From home (ADSL)
MacBook-Air-de-John:~ jjohn$ curl "http://mirrorlist.centos.org/?release=7.1.1503&arch=x86_64&repo=os"
http://mirror.ate.info/ftp.centos.org/7.1.1503/os/x86_64/
http://ftp.rezopole.net/centos/7.1.1503/os/x86_64/
http://distrib-coffee.ipsl.jussieu.fr/pub/linux/centos/7.1.1503/os/x86_64/
http://mirror0.babylon.network/centos/7.1.1503/os/x86_64/
http://centos.crazyfrogs.org/7.1.1503/os/x86_64/
http://centos.mirrors.ovh.net/ftp.centos.org/7.1.1503/os/x86_64/
http://mirrors.ircam.fr/pub/CentOS/7.1.1503/os/x86_64/
ftp://ftp.free.fr/mirrors/ftp.centos.org/7.1.1503/os/x86_64/
http://mirror.ibcp.fr/pub/Centos/7.1.1503/os/x86_64/
http://ftp.ciril.fr/pub/linux/centos/7.1.1503/os/x86_64/
MacBook-Air-de-John:~ jjohn$
I got the same issue after a fresh install and on a friend's dedicated server (hosted by OVH too).
I don't know if the error is coming from OVH network (DNS, ...) or mirrorlist.centos.org server.
I solved the problem by typing
# dhclient
Your DNS doesn't seem to resolve the centos mirror list
Use
# dhclient
or Add "nameserver 8.8.8.8" in "/etc/resolv.conf" file
# vi /etc/resolv.conf [press i] now you are in insert mode
nameserver 8.8.8.8 [press: Esc][press :wq]
#
hope it work's..!
first you have to go to the /etc/yum.repos.d directory and edit the CentOS-Base.repo using vi editor. look for following lines;
mirrorlist=
baseurl=
remove the # sign in the #baseurl if you have difficulties in accessing the baseurl/mirrorlist web address using yum then save and exit the vi editor.
goodluck and enjoy the yum package-management utility in linux.
Best Regards-KB