1

I have puppet agent daemonized

# service puppet status
 * agent is running

And can confirm that it is retrieving the configurations from the master

# cat /var/lib/puppet/state/last_run_summary.yaml | grep last
    last_run: 1385262693
# date --date @1385262693
Sun Nov 24 03:11:33 UTC 2013

However changes I made to configurations hours since the last_run are not being applied. They are only applied if I run

# puppet agent --test

Why are the configurations not being applied when puppet is daemonized?

Here are the contents of /etc/puppet/puppet.conf on my puppet client

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
pluginsync=true

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

[agent]
server = puppetmaster.website.com
user784637
  • 1,542
  • 7
  • 35
  • 52
  • paste ur puppet.conf on the client.... you may have the wrong value for puppet server – nandoP Nov 24 '13 at 03:39
  • I've pasted the contents of `/etc/puppet/puppet.conf`. The address of the server the agent is contacting is a FQDN which requires DNS to resolve. – user784637 Nov 24 '13 at 04:17
  • I am a bit confused why you have a `[master]` section on your clients. Are you seeing anything getting logged into your puppet logs on the client? – Zoredache Nov 24 '13 at 06:02
  • run "puppet agent -t --server=puppetmaster.website.com" to make sure that entry is correct.... – nandoP Nov 24 '13 at 06:23
  • moderator deleted my answer, but try specifying the puppet master on cli as per example above – nandoP Nov 24 '13 at 06:28
  • @nandoP: Your original 'answer' was converted to a comment. If you want you should be able to add another answer. – user9517 Nov 24 '13 at 06:32
  • i dont think theres really anything to add here... lets just wait for OP to verify puppet master and/or resolution – nandoP Nov 24 '13 at 06:36
  • @user784637 So that last run time is from a run within the daemon, not a manual `--test` run, right? Can you review your system logs for what's going on in those runs? – Shane Madden Nov 24 '13 at 07:18
  • @nandoP @Iain running `puppet agent -t --server=puppetmaster.website.com` via cli casuses everything to work correctly. @Zoredache the `[master]` section was there by default when I installed puppet on the puppet clients. Would removing it fix this problem? – user784637 Nov 24 '13 at 07:22
  • @ShaneMadden This is from `/var/log/syslog` whenever the daemon runs... `(/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate: SSL_CTX_use_PrivateKey:: key values mismatch` however it runs perfectly when I do it manually with `$ puppet agent --test`. Any ideas what I am doing wrong? – user784637 Nov 24 '13 at 07:52
  • @user784637 Ahh - what user is the daemon running as, and what user are you when you run `puppet agent --test`? – Shane Madden Nov 24 '13 at 07:54
  • @ShaneMadden The daemon is running as root as `ps auxf | grep puppet` shows `root 27284 0.1 11.4 151576 57448 ? Ss Nov22 2:58 /usr/bin/ruby1.8 /usr/bin/puppet agent` I always run `puppet agent --test` as root – user784637 Nov 24 '13 at 08:38
  • @user784637 That seems very strange. Is the time synced fairly decently between the master and agent? Maybe nuke and regenerate the client's SSL certificate? – Shane Madden Nov 24 '13 at 08:46
  • 1
    yes, agreed..... strange puppet client issues can be solved by "puppet cert clean fqdn" on master, and "rm -fv /path/to/cert/file" on client..... then run puppet agent, and its as if you are doing so for first time – nandoP Nov 24 '13 at 09:31
  • @ShaneMadden @nandoP The issue was solved by by removing the puppetmaster cert on the puppet master `puppetca clean puppetmaster.website.com` which removed the puppetmaster ssl .pem key. After that I regenerated the puppet master cert `sudo puppet master --no-daemonize --verbose`, cleared/regenerated the client cert and everything worked out =). – user784637 Nov 25 '13 at 03:56

0 Answers0