Install and configure Puppet Client on Ubuntu
I hope you had fun installing the Puppet Master in our previous article. If you haven’t done that step, I highly recommend doing before attempting to install the client.
After we have configured our network and installed, configured and verified our Puppet Server (puppetmaster), it’s now time to install and configure puppet client, and set it up to receive a signed certificate and puppet recipes. Again, if you haven’t performed those prerequisite setups, please start with Setup Puppet to configure your servers.
Let’s first install puppet from the Ubuntu package:
# apt-get install puppet
Then we start our client
# puppetd --server puppet-server01.example.com --verbose --waitforcert 60
A peak at /var/log/syslog confirms our request for a certificate: Creating a new SSL certificate request for puppet-client01.example.com
And the same log on the server should contain: puppet-master[617]: puppet-client01.example.com has a waiting certificate request
If this state on the server is confirmed, it’s time to sign the certificate on the server:
# puppetca --list (and again we should see the hostname of our client that has requested the cert) # puppetca --sign puppet-client01.example.com
We should get confirmation as such: notice: Signed certificate request for puppet-client01.example.com. Anything else or errors will likely point towards network and/or dns configuration issues.
If you have followed our tutorial on how to setup puppetmaster, you should now have htop installed on your client. Also check /var/log/syslog for additional info.
Finally we should enable puppet to start on reboot. We do this by editing /etc/default/puppet and set START=yes.
How can I solve this problem???
The /var/log/syslog shows the following:
Nov 21 02:06:00 puppet-client puppet-agent[18255]: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
mdesales@puppet-client:~$ sudo puppetd –server puppet.localdomain –verbose –waitforcert 60 –test
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
I was trying to start it without setting the hostnames… Instead, I was using IP address… PLEASE let me know how I can delete the CA. Where is it?
Marcello
Depending on your OS (on Ubuntu it’s in your home folder) find .ssh/known_hosts and delete the line that matches the host name of your puppet server, which seems to be puppet.localdomain in your case.