24

I'm new to puppet, but picking it up quickly. Today, I'm running into an issue when trying to run the following:

$ puppet agent --no-daemonize --verbose --onetime

**err: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled**

It would appear the agent doesn't know what server to connect to. I could just specify --server on the command line, but that will be of no use to me when this runs as a daemon in production, so instead, I specify the server name in /etc/puppet/puppet.conf like so:

[main]
    server = puppet.<my domain>

I do have a DNS entry for puppet.<my domain> and if I dig puppet.<my domain>, I see that the name resolves correctly.

All puppet documentation I have read states that the agent tries to connect to a puppet master at puppet by default and your options are host file trickery or do the right thing, create a CNAME in DNS, and edit the puppet.conf accordingly, which I have done.

So what am I missing? Any help is greatly appreciated!

Kent Rancourt
  • 1,555
  • 1
  • 11
  • 19
  • Playing with this more, I'm beginning to wonder if puppet.conf is even read when executed in this manor. I've put garbage in puppet.conf and even tried deleting it and neither seems to impact the results when the agent is run from the command line. It does, however, prevent clean startup and shutdown when run as a service. Could it be this simple? – Kent Rancourt May 23 '12 at 23:48

5 Answers5

57

D'oh! Need to sudo to do this! Then everything works.

Philip Kirkbride
  • 21,381
  • 38
  • 125
  • 225
Kent Rancourt
  • 1,555
  • 1
  • 11
  • 19
  • 10
    Ah - when you're not using sudo, Puppet will only read ~/.puppet/puppet.conf rather than /etc/puppet/puppet.conf. Puppet can run without root privileges, but obviously can't install system packages or manage services etc. – Dominic Cleal May 24 '12 at 05:54
  • 1
    Caught me out too. Thanks :) – Igor Zevaka Jan 09 '13 at 06:38
  • A small note. When Puppet is installed with special user like `puppet` on CentOS, then you have to run it with that user and provide `--server` parameter like this: `sudo -u puppet puppet agent --server=puppet.my-domain.com` – Anton Babenko Jun 03 '13 at 15:24
  • spent 30 minutes, and then I found gold! :P – TeaCupApp Aug 08 '13 at 13:02
  • 1
    i had this question, answer, *and* the first comment upvoted and still ended up back here... – castis Jun 16 '15 at 17:25
3

I had to use the --server flag:

sudo puppet agent --server=puppet.example.org
bmaupin
  • 14,427
  • 5
  • 89
  • 94
  • i ran without noop, but with the --server option `puppet agent -t --server=puppet-server` – tkjef Apr 18 '18 at 23:34
0

I actually had the same error but I was using the two learning puppet vm and trying run the 'puppet agent --test' command.

I solved the problem by opening the file /etc/hosts on both the master and the agent vm and the line 

***.***.***.*** learn.localdomain learn puppet.localdomain puppet

The ip address (the asterisks) was originally some random number. I had to change this number on both vm so that it was the ip address of the master node.

So I guess for experienced users my advice is to check the /etc/hosts file to make sure that the ip addresses in here for the master and agent not only match but are the same as the ip address of the master.

for other noobs like me my advice is to read the documentation more clearly. This was a step in the 'setting up an agent vm' process the I totally missed xD

scottysseus
  • 1,922
  • 3
  • 25
  • 50
0

In my case I was getting same error but it was due to the cert which should been signed to node on puppetmaster server.

to check pending certs run following:

puppet cert list

"node.domain.com" (SHA256) 8D:E5:8A:2*******"

sign the cert to node:

puppet cert sign node.domain.com

Community
  • 1
  • 1
Vadim Sluzky
  • 259
  • 1
  • 2
0

Had the same issue today on puppet 2.6 on CentOS 6.4 All I did to resolve the issue was to check the usual stuff such as hosts and resolv.conf to ensure they were as expected (compared with a working server) and then;

  1. Removed /var/lib/puppet directory rm -rf /var/lib/puppet
  2. Cleared the certificate on the puppet master puppetca --clean servername
  3. Restarted the network service network restart
  4. Re-ran puppet

Even though the resolv.conf was identical to the working server, puppet updated resolv.conf and immediately re-signed the certificate and replaced all the puppet lib files.

Everything was fine after that.

Chris Gillatt
  • 1,026
  • 8
  • 13