Posted on February 21, 2016 5:05 pm
 |  Asked by Gabriele Gerbino
 |  1351 views
0
0
Print Friendly, PDF & Email

Hi there,

I’m experiencing some issue with the Puppet agent installation on a vEOS switch running on VirtualBox. I’m following this (http://puppet-eos.readthedocs.org/en/master/installation.html).

When it comes to the Agent installation, I’ve downloaded the two All-in-One packeges from the above link (puppet-agent-1.2.7-1.eos4.i386.swix and rbeapi-puppet-aio-0.4.0.swix).

Then, the guide suggests to do some tests to verify that everything is fine. Anyway, any test return the same error:

“/bin/bash: puppet: command not found”

I tried to switch to the root user. Here, after I configured proper path (PATH=/opt/puppetlabs/bin:$PATH;export PATH), the puppet command start to work and I can now verify Puppet version:

-bash-4.1# puppet –version
4.2.3
-bash-4.1# facter –version
3.1.1 (commit 30d2dfd3ede25be8a02cdb5b0811d84c5c92c709)

Anyway, if I try to execute puppet agent –test, it doesn’t work:

Error: Could not find user puppet
Error: /File[/opt/puppetlabs/puppet/cache]/owner: change from root to puppet failed: Could not find user puppet
Error: Could not find user puppet
Error: /File[/var/log/puppetlabs/puppet]/owner: change from root to puppet failed: Could not find user puppet
Notice: /File[/opt/puppetlabs/puppet/cache/state]: Dependency File[/opt/puppetlabs/puppet/cache] has failures: true
Warning: /File[/opt/puppetlabs/puppet/cache/state]: Skipping because of failed dependencies
Error: Could not find user puppet
Error: /File[/var/run/puppetlabs]/owner: change from root to puppet failed: Could not find user puppet
Notice: /File[/opt/puppetlabs/puppet/cache/lib]: Dependency File[/opt/puppetlabs/puppet/cache] has failures: true
Warning: /File[/opt/puppetlabs/puppet/cache/lib]: Skipping because of failed dependencies
Notice: /File[/opt/puppetlabs/puppet/cache/preview]: Dependency File[/opt/puppetlabs/puppet/cache] has failures: true
Warning: /File[/opt/puppetlabs/puppet/cache/preview]: Skipping because of failed dependencies
Error: Could not find user puppet
Error: /File[/etc/puppetlabs/puppet/ssl]/owner: change from root to puppet failed: Could not find user puppet
Notice: /File[/etc/puppetlabs/puppet/ssl/certs]: Dependency File[/etc/puppetlabs/puppet/ssl] has failures: true
Warning: /File[/etc/puppetlabs/puppet/ssl/certs]: Skipping because of failed dependencies
Notice: /File[/etc/puppetlabs/puppet/ssl/public_keys]: Dependency File[/etc/puppetlabs/puppet/ssl] has failures: true
Warning: /File[/etc/puppetlabs/puppet/ssl/public_keys]: Skipping because of failed dependencies
Notice: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]: Dependency File[/etc/puppetlabs/puppet/ssl] has failures: true
Warning: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]: Skipping because of failed dependencies
Notice: /File[/etc/puppetlabs/puppet/ssl/private_keys]: Dependency File[/etc/puppetlabs/puppet/ssl] has failures: true
Warning: /File[/etc/puppetlabs/puppet/ssl/private_keys]: Skipping because of failed dependencies
Notice: /File[/etc/puppetlabs/puppet/ssl/private]: Dependency File[/etc/puppetlabs/puppet/ssl] has failures: true
Warning: /File[/etc/puppetlabs/puppet/ssl/private]: Skipping because of failed dependencies
Notice: /File[/opt/puppetlabs/puppet/cache/client_yaml]: Dependency File[/opt/puppetlabs/puppet/cache] has failures: true
Warning: /File[/opt/puppetlabs/puppet/cache/client_yaml]: Skipping because of failed dependencies
Notice: /File[/opt/puppetlabs/puppet/cache/client_data]: Dependency File[/opt/puppetlabs/puppet/cache] has failures: true
Warning: /File[/opt/puppetlabs/puppet/cache/client_data]: Skipping because of failed dependencies
Notice: /File[/opt/puppetlabs/puppet/cache/clientbucket]: Dependency File[/opt/puppetlabs/puppet/cache] has failures: true
Warning: /File[/opt/puppetlabs/puppet/cache/clientbucket]: Skipping because of failed dependencies
Notice: /File[/opt/puppetlabs/puppet/cache/state/graphs]: Dependency File[/opt/puppetlabs/puppet/cache] has failures: true
Warning: /File[/opt/puppetlabs/puppet/cache/state/graphs]: Skipping because of failed dependencies
Notice: /File[/opt/puppetlabs/puppet/cache/facts.d]: Dependency File[/opt/puppetlabs/puppet/cache] has failures: true
Warning: /File[/opt/puppetlabs/puppet/cache/facts.d]: Skipping because of failed dependencies
Error: Could not prepare for execution: Got 4 failure(s) while initializing: File[/opt/puppetlabs/puppet/cache]: change from root to puppet failed: Could not find user puppet; File[/var/log/puppetlabs/puppet]: change from root to puppet failed: Could not find user puppet; File[/var/run/puppetlabs]: change from root to puppet failed: Could not find user puppet; File[/etc/puppetlabs/puppet/ssl]: change from root to puppet failed: Could not find user puppet

—————

Any suggestion?

0
Posted by Jere Julian
Answered on February 23, 2016 4:42 am

There are several issues with the early releases of the 2015.2 puppet agent on EOS which have been resolved in the 2015.3 release (puppet-agent-1.3.5-1.eos4.i386.swix).  This is the recommended minimum version for EOS.

With regard to the puppet binary not being in the path, when the extension is initially installed, the binary is placed in the new path for used by PuppetLabs, /opt/puppetlabs/bin/.  It is not until the agent has completed a run that a symlink is created in /usr/bin which is in the default PATH.  I generally recommend creating an alias in EOS which maps ’puppet’ to ’bash sudo /opt/puppetlabs/bin/puppet’.

One outstanding challenge is that the Puppet agent attempts to run as user ’puppet’ and normally falls back to ’root’, if necessary.  This fallback does not occur on EOS, however.  This may be resolved using one of the 2 options, below:

A) Create flash:rc.eos containing the following and gets run on each reload:

#!/bin/bash
sudo useradd puppet

OR

B) When bootstrapping the Puppet agent, configure puppet.conf such that the agent always runs as root:

Arista# bash sudo /opt/puppetlabs/bin/puppet config set user root

I will ensure the documentation gets updated to reflect this information.

0
Posted by Gabriele Gerbino
Answered on February 23, 2016 3:40 pm

Hi Jere,
many thanks for your helpful reply! :)

I did like you said and now that problem is solved. Now I have Puppet 4.3.2 on both Master (an Ubuntu VM) and Agent (the vEOS device).

Anyway, now I receive this error:


my-switch#puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: gabriele-virtualbox.homenet.telecomitalia.it]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: gabriele-virtualbox.homenet.telecomitalia.it]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: gabriele-virtualbox.homenet.telecomitalia.it]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: gabriele-virtualbox.homenet.telecomitalia.it]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: gabriele-virtualbox.homenet.telecomitalia.it]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: gabriele-virtualbox.homenet.telecomitalia.it]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: gabriele-virtualbox.homenet.telecomitalia.it]
'sudo /opt/puppetlabs/bin/puppet agent --test' returned error code:1

I’ve tried to remove all the cert requests and then starting the agent test with –waitforcert 30 and signing the CA from the Master:


gabriele@gabriele-VirtualBox:~$ puppet cert sign gabriele-virtualbox.homenet.telecomitalia.it
Error: Could not find certificate request for gabriele-virtualbox.homenet.telecomitalia.it

0
Posted by Jere Julian
Answered on February 23, 2016 8:37 pm

See: https://ask.puppetlabs.com/question/4610/ssl-cert-self-signed-error/

Try the following:

Arista#bash sudo /opt/puppetlabs/bin/puppet config print ssldir
/etc/puppetlabs/puppet/ssl
Arista#bash sudo rm -rf /etc/puppetlabs/puppet/ssl

Then try to start the agent, again.  I also encourage you to use sudo or ensure you are root when starting the puppet agent.

0
Posted by Gabriele Gerbino
Answered on February 24, 2016 12:15 am

Awesome, that worked!
I don’t know how to thank you :)

Now I’m proceeding to install the eos module. Anyway, I think that the content inside the documentation is not updated, since if I run sudo puppet module install puppet-eos I obtain:

Notice: Preparing to install into /home/gabriele/.puppetlabs/etc/code/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Error: Could not install 'puppet-eos' (latest)
  No releases are available from https://forgeapi.puppetlabs.com
    Does 'puppet-eos' have at least one published release?

Then, I searched for any EOS related module using puppet module search eos and I’ve found and installed two of them:

gabriele@gabriele-VirtualBox:/etc/puppet$ puppet module list
/home/gabriele/.puppetlabs/etc/code/modules
├── aristanetworks-eos (v1.4.0)
├── aristanetworks-netdev_stdlib_eos (v1.1.1)
└── puppetlabs-netdev_stdlib (v0.11.1)

Then, I re-run the test on the agent and show available resource, but it seems that the module is not loaded:

my-switch#puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for my-switch.example.com
Info: Applying configuration version '1456268628'
Notice: Applied catalog in 0.01 seconds
my-switch#
my-switch#puppet resource --types
augeas
computer
cron
exec
file
filebucket
group
host
interface
k5login
macauthorization
mailalias
maillist
mcx
mount
nagios_command
nagios_contact
nagios_contactgroup
nagios_host
nagios_hostdependency
nagios_hostescalation
nagios_hostextinfo
nagios_hostgroup
nagios_service
nagios_servicedependency
nagios_serviceescalation
nagios_serviceextinfo
nagios_servicegroup
nagios_timeperiod
notify
package
resources
router
schedule
scheduled_task
selboolean
selmodule
service
ssh_authorized_key
sshkey
stage
tidy
user
vlan
whit
yumrepo
zfs
zone
zpool

I hope this is the last time I annoy you with this :)

0
Posted by Gabriele Gerbino
Answered on February 24, 2016 12:32 pm

Okay I fixed the issue and now it works:

my-switch#puppet resource eos_vlan
eos_vlan { '1':
  ensure    => 'present',
  enable    => 'true',
  vlan_name => 'default',
}

But if I try puppet resource -t it fails:

my-switch#puppet resource -t
Error: Could not autoload puppet/provider/tacacs_server/eos: /opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: syntax error, unexpected tCONSTANT, expecting keyword_do or '{' or '('
...hostname] || fail ArgumentError, 'hostname required'
...                               ^
/opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: dynamic constant assignment
...ostname] || fail ArgumentError, 'hostname required'
...                               ^
/opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: syntax error, unexpected 'n', expecting :: or '[' or '.'
Error: Could not autoload puppet/type/tacacs_server: Could not autoload puppet/provider/tacacs_server/eos: /opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: syntax error, unexpected tCONSTANT, expecting keyword_do or '{' or '('
...hostname] || fail ArgumentError, 'hostname required'
...                               ^
/opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: dynamic constant assignment
...ostname] || fail ArgumentError, 'hostname required'
...                               ^
/opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: syntax error, unexpected 'n', expecting :: or '[' or '.'
Error: Could not parse application options: Could not autoload puppet/type/tacacs_server: Could not autoload puppet/provider/tacacs_server/eos: /opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: syntax error, unexpected tCONSTANT, expecting keyword_do or '{' or '('
...hostname] || fail ArgumentError, 'hostname required'
...                               ^
/opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: dynamic constant assignment
...ostname] || fail ArgumentError, 'hostname required'
...                               ^
/opt/puppetlabs/puppet/cache/lib/puppet/provider/tacacs_server/eos.rb:114: syntax error, unexpected 'n', expecting :: or '[' or '.'
'sudo /opt/puppetlabs/bin/puppet resource -t' returned error code:1
0
Posted by Jere Julian
Answered on February 24, 2016 7:24 pm
sudo puppet module install puppet-eos should be sudo puppet module install aristanetworks-eos Do you have the rbeapi rubygem loaded in Puppet's ruby install? There are several ways to do this manually or with puppet, but the most EOS-centric method is to install the swix for the puppet-aio agent on the switch. You can download the latest from https://github.com/arista-eosplus/rbeapi/releases
Arista#show extensions Name Version/Release Status extension ------------------------------------------ ------------------------- ------ ---- puppet-agent-1.3.5-1.eos4.i386.swix 1.3.5/1.eos4 A, I 1 rbeapi-puppet-aio-0.5.1-1.swix 0.5.1/1.eos4 A, I 4 A: available | NA: not available | I: installed | NI: not installed | F: forced
0
Posted by Roger Wilco
Answered on March 7, 2016 9:01 pm

Something I ran into was that, while my puppet server works great on the server in my topology, just adding the puppet and eapi swix files on them didn’t seem to work. When I tried installing puppet on the switches, I got errors about how the I need puppet >= 4.0.0 to the vEOs instance, any that version isn’t in the fc14 repos I tried.

Any idea what I’m doing wrong?

0
Posted by Jere Julian
Answered on March 21, 2016 3:55 pm

Roger,

From PuppetLabs download site, you can select the version of the Puppet agent for AristaEOS that you require.   If you are running a Puppet 4 (2015.x) master, I strongly suggest you get the latest at this point.   For all the details, see the Puppet_EOS Quickstart Guide.  While this package is basically a fedora package, it also ensures that certain persistent files are stored in a manner that will be restored upon a switch reload.

0
Posted by Martin
Answered on July 15, 2016 1:13 pm

Hi Jere,

I have downloaded the puppet-agent from the PuppetLabs Download site, everything works fine.

Except that the puppet-agent is not started after I rebooted the switch.

How could I enable that puppet-agent is started automatically after the switch is booted?

Best regards,

martin

0
Posted by Jere Julian
Answered on July 15, 2016 3:22 pm

Please let me know if you use VRFs and what version of EOS and Puppet agent you are using so I can investigate further.  If you could also send me the output of ’Arista# bash sudo puppet config print’ to jere@arista.com, I’d like to ensure it is picking up the correct options.

In the mean time, EOS has the option available to startup a linux process during boot several ways.   The following is one recommended way to address starting the puppet agent especially when using VRFs:

Arista#configure
Arista(config)#event-handler puppet
Arista(config-handler-puppet)#trigger on-boot 
Arista(config-handler-puppet)#action bash /opt/puppetlabs/bin/puppet agent

In a VRF, use the following, instead:

Arista(config-handler-puppet)#action bash ip netns exec <MGMT-VRF> /opt/puppetlabs/bin/puppet agent
0
Posted by Martin
Answered on July 18, 2016 8:49 am

Hi Jere,

yes we are using VRFs, we testet the suggested workaround.

It is working on this device:

Arista DCS-7060CX-32S-R
4.16.6FX-7060X
puppet-agent-1.5.2-1.eos4.i386.swix

But not an this one:

Arista DCS-7150S-24-R
4.16.6M
puppet-agent-1.5.2-1.eos4.i386.swix

Could you please advise us further how to solve this issue.

best regards,
martin

Post your Answer

You must be logged in to post an answer.