Unable to connect to Enterprise Puppet server using Windows agent

462 views Asked by At

I have setup Puppet server on CentOS Linux 7 (Core).

# /opt/puppetlabs/bin/puppetserver --version
puppetserver version: 2016.5.0.11

I have installed Enterprise Puppet agent on Win Server 2008 R2 Enterprise (64-bit).

C:\Users\Administrator>puppet --version
4.8.1

When i try connecting to the Puppet server, i get only the following output:

C:\Windows\system32>puppet agent --test
Exiting; no certificate found and waitforcert is disabled

On server, if i check for any pending cert signing request, i see nothing:

# puppet cert --list

I have verified that i am able to telnet to Puppet server on port 8140 from my Win agent box.

Also shown below is the Puppet service running as Local System user.

enter image description here

My Puppet server has the following entry in /etc/puppetlabs/puppet/puppet.conf

[main]
certname = gc.abc.com
server = gc.abc.com
user = pe-puppet
group = pe-puppet
environment_timeout = 0
app_management = true
module_groups = base+pe_only
environmentpath = /etc/puppetlabs/code/environments
codedir = /etc/puppetlabs/code

[agent]
graph = true

[master]
node_terminus = classifier
storeconfigs = true
storeconfigs_backend = puppetdb
reports = puppetdb
certname = gc.abc.com
always_cache_features = true

On Win agent, i have specified the Puppet server name in host file:

xx.yy.zz.zzz puppet-server

On Win agent, I have also mentioned the server name in C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf file

[main]
server=puppet-server
autoflush=true
environment=production

Any pointers?

1

There are 1 answers

0
Technext On BEST ANSWER

From IRC (@binford2k), i got the following suggestion:

"Exiting; no certificate found and waitforcert is disabled" means that the client has already generated a CSR. If it's got a CSR, then it won't try to generate another. However, if somehow the CSR didn't make it to the master, then the master won't know about it and the agent won't try again because it's got a CSR already. To resolve the above, remove the SSL dir on the agent and then try running puppet again.

When i removed the SSL dir (C:\ProgramData\PuppetLabs\puppet\etc\ssl) as per above suggestion and ran puppet command again, it worked. :)

C:\Windows\system32>puppet agent --test --server=puppet-server
Info: Creating a new SSL key for gc.abc.com
Info: Caching certificate for ca
Info: csr_attributes file loading from C:/ProgramData/PuppetLabs/puppet/etc/csr_
attributes.yaml
Info: Creating a new SSL certificate request for gc.abc.com
Info: Certificate Request fingerprint (SHA256): 99:02:46:D1:A4:32:6F:A5:CE:06:39
:3E:A4:35:D2:88:C1:9A:D1:2E:58:27:B0:ED:24:F9:DC:77:D9
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled