I am trying to integrate this (https://github.com/shamil/puppet-zabbix-reports/) custom reporting module with puppet 5 master-agent setup. But only the Puppet agent process item is showing (after changing the regular expression in tempalte). Other fields are coming blank. These are my configurations:
I am using a zabbix server box: zabbix.localdomain
A puppet agent box: puppetagent.localdomain
A puppet master box: pupmaster.localdomain
On Master: /etc/puppetlabs/puppet/puppet.conf
[master]
reports=zabbix
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
autosign=true
environmentpath=/etc/puppetlabs/code/environments
dns_alt_names=pupmaster,pupmaster.localdomain
storeconfigs = true
storeconfigs_backend = puppetdb
[agent]
report=true
server=localhost
environment=devl
On agent:
[main]
report=true
server=pupmaster.localdomain
[agent]
environment=devl
On master and agent I have placed the zabbix.yaml file: /etc/puppetlabs/puppet/zabbix.yaml
---
# specify zabbix servers to send to
:zabbix_hosts:
- address: zabbix.localdomain
port: 10051
Zabbix agent is running on all the machines and working.
What could be the issue??
Related
I Have installed influxdb on a linux distro running on a raspberrypi...
pi#raspberrypi:~ $ influx -version
InfluxDB shell version: 1.1.1
Then i create a DB, followed by an Admin user with
CREATE USER admin WITH PASSWORD 'password' WITH ALL PRIVILEGES
After this i edit the influx.conf file located at:
/etc/influxdb/influxdb.conf
As i want the influxdb to ask for user auth when it is accessed (http external or internal and console?is it possible console?) i browse and look for the [[http]] block on the file.... this is what i have.
###
### [http]
###
### Controls how the HTTP endpoints are configured. These are the primary
### mechanism for getting data into and out of InfluxDB.
###
# [http]
# Determines whether HTTP endpoint is enabled.
enabled = true
# The bind address used by the HTTP service.
# bind-address = ":8086"
# Determines whether HTTP authentication is enabled.
auth-enabled = true
# The default realm sent back when issuing a basic auth challenge.
# realm = "InfluxDB"
# Determines whether HTTP request logging is enable.d
# log-enabled = true
# Determines whether detailed write logging is enabled.
# write-tracing = false
# Determines whether the pprof endpoint is enabled. This endpoint is used for
# troubleshooting and monitoring.
pprof-enabled = true
# Determines whether HTTPS is enabled.
https-enabled = false
# The SSL certificate to use when HTTPS is enabled.
https-certificate = "/etc/ssl/influxdb.pem"
# Use a separate private key location.
https-private-key = ""
# The JWT auth shared secret to validate requests using JSON web tokens.
shared-sercret = ""
# The default chunk size for result sets that should be chunked.
# max-row-limit = 10000
# The maximum number of HTTP connections that may be open at once. New connections that
# would exceed this limit are dropped. Setting this value to 0 disables the limit.
# max-connection-limit = 0
# Enable http service over unix domain socket
# unix-socket-enabled = false
# The path of the unix domain socket.
# bind-socket = "/var/run/influxdb.sock"
Changing the 1st and 3rd sub-group entries.
Finnaly i restart the influxdb service with:
sudo service influxdb restart
Problems
1 - Creating a database from another computer on the network (without login tokens) is successful (and it shouldn't):
http://192.168.7.125:8086/query?q=CREATE DATABASE test
returns:
{
"results": [
{}
]
}
calling influxdb on raspberry cmdline does not ask for auth:
pi#raspberrypi:~ $ influx
Visit https://enterprise.influxdata.com to register for updates, InfluxDB server management, and monitoring.
Connected to http://localhost:8086 version 1.1.1
InfluxDB shell version: 1.1.1
>
Does anyone know what am i doing wrong?
EDIT
Furthermore, checking the /var/log/syslog i can see that:
1- It is loading the file from the currect directory
[run] 2017/01/17 11:27:36 InfluxDB starting, version 1.1.1, branch master, commit e47c
f1f2e83a02443d7115c54f838be8ee959644
Jan 17 11:27:36 raspberrypi influxd[901]: [run] 2017/01/17 11:27:36 Go version go1.7.4, GOMAXPROCS set to 4
Jan 17 11:27:36 raspberrypi influxd[901]: [run] 2017/01/17 11:27:36 Using configuration at: /etc/influxdb/influxdb.conf
Jan 17 11:27:36 raspberrypi influxd[901]: [store] 2017/01/17 11:27:36 Using data dir: /var/lib/influxdb/data
2- It fails in starting with authentication (auth is deactivated)
Jan 17 11:27:37 raspberrypi influxd[901]: [httpd] 2017/01/17 11:27:37 Starting HTTP service
Jan 17 11:27:37 raspberrypi influxd[901]: [httpd] 2017/01/17 11:27:37 Authentication enabled: false
Jan 17 11:27:37 raspberrypi influxd[901]: [httpd] 2017/01/17 11:27:37 Listening on HTTP: [::]:8086
The culprit is on the [http] here:
###
### [http]
###
### Controls how the HTTP endpoints are configured. These are the primary
### mechanism for getting data into and out of InfluxDB.
###
[http]
# Determines whether HTTP endpoint is enabled.
enabled = true
# The bind address used by the HTTP service.
# bind-address = ":8086"
# Determines whether HTTP authentication is enabled.
auth-enabled = true
I want to configure puppet in a high availability environment. I have configured 2 Puppet masters but they are not able to sign each other by CA. When I try to test puppet agent --test, it gives me following error:
'Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: getaddrinfo: Name or service not known
Info: Retrieving pluginfacts
Error: /File[/home/clogeny/.puppet/var/facts.d]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
Error: /File[/home/clogeny/.puppet/var/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppet/pluginfacts: getaddrinfo: Name or service not known
Wrapped exception:
getaddrinfo: Name or service not known
Info: Retrieving plugin
Error: /File[/home/clogeny/.puppet/var/lib]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
Error: /File[/home/clogeny/.puppet/var/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppet/plugins: getaddrinfo: Name or service not known
Wrapped exception:
getaddrinfo: Name or service not known
Error: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: getaddrinfo: Name or service not known'
Could anyone help me out?
Puppet.conf:
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
hiera_config=/etc/puppet/hiera.yml
catalog_format = yaml
certname=puppet
pluginsync=false
dns_alt_names=puppetmaster01,puppet.sencha.com
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
manifest=$confdir/manifests/site.pp
modulepath=$confdir/environments/$environment/modules:/home/clogeny/Desktop/puppet-kitchen-example/modules
There is missing server value in [main] section of puppet.conf. The server value should point to the Puppet master server. Name of the Puppet master server must be reachable from puppet agent. Check the following articles how to properly connect Puppet agent to puppet master:
http://shapeshed.com/connecting-clients-to-a-puppet-master/
https://docs.puppetlabs.com/guides/install_puppet/post_install.html
Seems like a name resolution issue? Both system( master & agent ) able to communicate using their FQDN? You can add their FQDN on /etc/hosts file if you don't/won't bother to use DNS server.
eg: /etc/host
root#puppet-master-kasun:~# cat /etc/hosts
127.0.0.1 localhost
192.168.1.1 puppet puppet-master
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
use puppet agent -t --DEBUG to Debug
Debug: Starting connection for https://toto.local:8140
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
There https://toto.local:8140 is unreachable
I am setting up Puppet on a few test servers: bruno is the puppet master and oppenheimer is the agent. When I start the server on bruno I get this output:
bruno$ sudo puppet cert list
"oppenheimer.home" (SHA256) D4:**:**:**:0B:2A
bruno$ sudo puppet master --verbose --no-daemonize
Notice: Starting Puppet master version 3.4.3
I then go to start the agent on oppenheimer:
oppenheimer$ sudo puppet agent --test --server=bruno
Exiting; no certificate found and waitforcert is disabled
And when I look over at bruno again:
Info: access[^/catalog/([^/]+)$]: allowing 'method' find
Info: access[^/catalog/([^/]+)$]: allowing $1 access
Info: access[^/node/([^/]+)$]: allowing 'method' find
Info: access[^/node/([^/]+)$]: allowing $1 access
Info: access[/certificate_revocation_list/ca]: allowing 'method' find
Info: access[/certificate_revocation_list/ca]: allowing * access
Info: access[^/report/([^/]+)$]: allowing 'method' save
Info: access[^/report/([^/]+)$]: allowing $1 access
Info: access[/file]: allowing * access
Info: access[/certificate/ca]: adding authentication any
Info: access[/certificate/ca]: allowing 'method' find
Info: access[/certificate/ca]: allowing * access
Info: access[/certificate/]: adding authentication any
Info: access[/certificate/]: allowing 'method' find
Info: access[/certificate/]: allowing * access
Info: access[/certificate_request]: adding authentication any
Info: access[/certificate_request]: allowing 'method' find
Info: access[/certificate_request]: allowing 'method' save
Info: access[/certificate_request]: allowing * access
Info: access[/]: adding authentication any
Info: Inserting default '/status' (auth true) ACL
Info: Not Found: Could not find certificate oppenheimer.home
Info: Not Found: Could not find certificate oppenheimer.home
Info: Not Found: Could not find certificate oppenheimer.home
Info: Not Found: Could not find certificate oppenheimer.home
Info: Not Found: Could not find certificate oppenheimer.home
Notice that the server bruno does show the agent oppenheimer's cert before I start the server. So why can it not find the cert?
This is my config on the server:
bruno$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 bruno
10.0.0.7 bruno
10.0.0.10 oppenheimer
bruno$ cat /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
certificate_revocation=false
server=bruno
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
And here is the config on the agent:
oppenheimer$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 oppenheimer
10.0.0.7 bruno
10.0.0.10 oppenheimer
oppenheimer$ cat /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
certificate_revocation=false
server=bruno
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
[agent]
server=bruno
Both the machines are running Ubuntu Linux 14.04 with the latest updates.
You have to sign the certificate. If the certificate was signed already then it would not show up in the output of puppet cert list.
# puppet cert sign oppenheimer.home
Then puppet agent should run successfully.
Hope this helps.
I can login by
sqlplus / as sysdba
then I start the intance using startup, I also can start PDB using
startup pluggable database pdborcl
In the terminal, echo $ORACLE_SID gets ora12cr1
But I cannot login by using
sqlplus /#ora12cr1 as sysdba
I got ORA-01017: invalid username/password; logon denied. Below is my tnsnames.ora:
ORA12CR1=
(DESCRIPTION=
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost.localdomain)(PORT = 1521))
(CONNECT_DATA=
(SERVER = DEDICATED)
(SERVICE_NAME = orcl.cn.oracle.com)
)
)
PDBORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost.localdomain)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = pdborcl.cn.oracle.com)
)
)
The oracle 12cr1 is install in my local machine.
lsnrctl status gets:
LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 11-SEP-2013 23:02:57
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 11-SEP-2013 22:40:09
Uptime 0 days 0 hr. 22 min. 48 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/db_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/localhost/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost.localdomain)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost.localdomain)(PORT=5500))(Security=(my_wallet_directory=/u01/app/oracle/admin/orcl/xdb_wallet))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "orcl.cn.oracle.com" has 1 instance(s).
Instance "ora12cr1", status READY, has 1 handler(s) for this service...
Service "orclXDB.cn.oracle.com" has 1 instance(s).
Instance "ora12cr1", status READY, has 1 handler(s) for this service...
Service "pdborcl.cn.oracle.com" has 1 instance(s).
Instance "ora12cr1", status READY, has 1 handler(s) for this service...
The command completed successfully
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
3 PDBORCL READ WRITE NO
and
alter session set container = pdborcl
also works.
Try
sqlplus /#localhost.localdomain/orcl.cn.oracle.com as sysdba
if that's the service you want to log on to (not sure if I understand your question entirely).
using / AS SYSDBA will work as it did in previous releases at the container database level (CDB). but It's NOT able to connect to the pluggable database (PDB) without password by sqlplus.
The simplest way to achieve this is to continue to connect using "/ as SYSDBA", but to set the specific container in your script using the ALTER SESSION SET CONTAINER command.
sqlplus / as sysdba <<EOF
ALTER SESSION SET CONTAINER = pdb1;
-- Perform actions as before...
SHOW CON_NAME;
EXIT;
EOF
you also can refer this article for more information Multitenant : Running Scripts Against Container Databases (CDBs) and Pluggable Databases (PDBs) in Oracle Database 12c Release 1 (12.1)
I am using
sqlplus sys#pdborcl as sysdba
and entering the password.
show con_name;
yields the value
CON_NAME
------------------------------
PDBORCL
We are running puppet 2.7.11-1ubuntu2.4 (Ubuntu 12.04) on our clients and master. The clients don't seem to update automatically, but when I run:
sudo puppet agent --test
Everything works fine.
Current running processes on the client:
root 1764 1 0 Sep10 ? 00:00:05 /usr/bin/ruby1.8 /usr/bin/puppet agent
/etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
pluginsync=true
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
[agent]
server=<URL_REMOVED>
configtimeout=300
/var/log/syslog.log
Sep 11 16:12:48 <HOSTNAME_REMOVED> puppet-agent[1764]: Did not receive certificate
Sep 11 16:14:48 <HOSTNAME_REMOVED> puppet-agent[1764]: Did not receive certificate
Sep 11 16:16:49 <HOSTNAME_REMOVED> puppet-agent[1764]: Did not receive certificate
Sep 11 16:18:49 <HOSTNAME_REMOVED> puppet-agent[1764]: Did not receive certificate
Sep 11 16:20:49 <HOSTNAME_REMOVED> puppet-agent[1764]: Did not receive certificate
/etc/default/puppet
# Defaults for puppet - sourced by /etc/init.d/puppet
# Start puppet on boot?
START=yes
# Startup options
DAEMON_OPTS=""
Does someone have an idea what could be wrong?
We actually recently found the cause of this problem.
Some nodes had a hostname in their puppet.conf that didn't match the hostname in the certificate of the server.
Also some nodes didn't use their FQDN when they contacted the server, which caused mismatches with the client certificates. We fixed that by adding the FQDN to /etc/hosts:
127.0.1.1 hostename.domain.edu hostename
Take a look at this Troubleshooting page. Not sure about your problem exactly, but I saw similar errors in my log: "Did not receive certificate". In my case these steps have helped me:
on master run
puppet cert clean <NODE NAME>
on agent:
rm -rf $(puppet agent --configprint ssldir)
puppet agent --test