Troubleshooting cloud deployments
If you encounter issues with your PE cloud deployment, try these fixes.
Authentication fails with SSH username or credentials
Cloud providers vary in their support for SSH authentication.
AWS cloud deployments use cloud-init to provision an SSH key for the
puppetadmin user, but disable root
SSH access. You must specify a key pair when launching an AWS Marketplace image and connect it with
the matching private key. For example, you can run:
aws ec2 run-instance --key-name <KEYPAIR_NAME> …
ssh -i ~/.ssh/<KEYPAIR_PRIVATE>.pem puppetadmin@<PRIMARY_HOSTNAME>
Azure cloud deployments support authenticating with either an SSH key pair or a user name and password. The private key must be the pair of the public key specified when you created the image.
After 60 days, the
puppetadmin user account stops working
puppetadmin user’s password expires 60
days after the image is created. If you fail to reset the password, the account expires.
To prevent the password from expiring, run
chage -E -1 puppetadmin on
the primary server.
Agent run fails for non-root users
An agent run initiated by
puppetadmin or any other non-root user
fails when attempting to access certificates, packages, and services.
Always execute agent runs with super-user privileges:
sudo /usr/local/bin/puppet agent -t
Certificate-signing curl command has incorrect URL
The curl command on the console's Unsigned Certificates page contains a URL that uses your primary server's private hostname or internal DNS name, which won't work for nodes that can't resolve that name.
For example, the command might look like:
curl -k https://puppetmasterv2.liweionmsdnnwoe.xx.internal.cloudapp.net:8140/packages/current/install.bash | sudo bash
Change the private hostname or internal DNS name to the public hostname or externally qualified domain name.