https://www.puppet.com/community logo
Join Slack
Powered by
# puppet
  • l
    ok.. will work on this and check back in
  • l
    thank you @natemccurdy you're amazing
    🍻 1
  • d
    the more you know 🧑‍🏫PE Console is about to start up in #CFD8Z9A4T
  • s
    This message was deleted.
    t
    n
    • 3
    • 6
  • n
  • c
    Hi, I need some assistance please. My Mac agent is running but port 8140 is closed. Nmap scan results of Mac agent Port State Service 8140 tcp/closed puppet
  • s
    This message was deleted.
    b
    c
    b
    • 4
    • 9
  • b
    can you confirm the port is open in listening state 
    ss -tnl  grep :8140
    , (or 
    netstat -tnl | grep :8140
    if ss is not avasilable) and that your ca_server setting is set appropriately 
    puppet config print ca_server
  • s
    This message was deleted.
    u
    s
    • 3
    • 3
  • a
    I've been searching for a good forum - not saying this isn't but .... - I'm having an issue on an agent and can't fix it - obviously. PE v2019.8, agent v6.22. I have other agents working so I'm pretty sure it's only this one agent. It's uniqeness is that it has selinux in enforcing and it's a custom RHEL 8 OS. When I look at the pxp-agent.log, it shows 8142 connection failing. tcpdump on the agent shows ip:randomhi > puppetserver:8142 [S] then immediately puppetserver:8142 > ip:randomhi [R]. So it's being reset. BUT, tcpdump on the puppet server looking at just port 8142 showing this agent NOT connecting. Need to know what log or other steps I can take to find what is blocking. BTW, the same agent DOES work for puppet agent --test which is port 8140 so I can eliminate layers 1-4. It's just 8142. Tried flushing iptables and turning off firewalld service.
  • v
    pxp agent normally runs unconfined, is it still the case for you?
  • v
    Copy code
    # ps -efZ|grep pxp-agent
system_u:system_r:unconfined_service_t:s0 root 1022    1  0 Jun16 ?        00:00:00 /opt/puppetlabs/puppet/bin/pxp-agent --foreground
  • v
    if not, you might need to create a custom policy
  • v
    port 8142 is not in a standard policy
  • v
    Copy code
    # semanage port -l|grep 814
puppet_port_t                  tcp      8140
  • l
    you might also make sure the firewall is allowing the connection
  • l
    try nc to the puppetserver on 8142
  • a
    Thanks! 8142 is a standard port for the orchestration services. My understanding is that's the connection for when the agent needs to make a backup of a changing file. My config is archive_files=true and archive_file_server=puppetserver.domain. Again, have other hosts on this server and I can see their 8142 connections - as well as the 8140.
  • s
    This message was deleted.
    v
    l
    +2
    • 5
    • 22
  • j
    when I run 
    facter -p puppet_settings.main.environment
    I get 
    production
    but the 
    puppet.conf
    settings for 
    environment
    under 
    [agent]
    is set to 
    dev
    .... why would there be a discrepancy between these values?
  • c
    what on earth? I don’t have those keys in Facter anywhere. What version are you running? I’ve got 5,6,7 here, and none of them have “puppet_settings” anything
  • c
    is that a custom fact?
  • c
    It sounds like you’re setup old-school on environments. Those aren’t set that way (too often) in the puppet.conf any more
  • j
    puppet --version
    shows 6.25.1
  • c
    Check /opt/puppetlabs/facter/facts.d/ /etc/puppetlabs/facter/facts.d/ /etc/facter/facts.d/ for that custom fact
  • c
    It may also live in a module applied to your node in the <moduledir>/facts.d directory as well
  • c
    you would have a “puppet_settings” fact in one of those locations
  • j
    only the first directory exists and it's empty
  • c
    hmmm
  • c
    I just checked two different PE instances and those don’t have that key either. I’m rather certain that’s custom.
1...676869...428Latest