Any open signing requests should be listed in puppet cert list
on the master. If they don't show up there, there's no use trying to sign them. Once signed, they disappear from the list and will only show up in puppet cert list --all
.
It appears your master is not receiving signing requests from the agent, since your list is empty There is a number of things that could be wrong. Let's start with these:
- Is the master running?
- Does the hostname 'puppet' or 'puppet.abc.com' resolve from the agent?
- Is TCP port 8140 on the master reachable from the agent (try:
telnet puppet 8140
)?
- What does syslog on the agent say?
- Try
puppet agent --test
on the agent, which will attempt to connect to the master and stay in foreground to show the output.
You can name your classes as you want, but you need to use the right name for resources. In this case, the resource you want to use is user
.
There is a very simple way to know how a resource should look:
$ puppet resource user dawud
user { 'dawud':
ensure => 'present',
comment => 'David Sastre Medina,,,',
gid => '1001',
groups => ['sudo', 'audio', 'src', 'video', 'libvirt'],
home => '/home/dawud',
shell => '/bin/bash',
uid => '1001',
}
That code, inside a class would look:
class foo {
user { 'dawud':
ensure => 'present',
comment => 'David Sastre Medina,,,',
gid => '1001',
groups => ['sudo', 'audio', 'src', 'video', 'libvirt'],
home => '/home/dawud',
shell => '/bin/bash',
uid => '1001',
}
}
Puppetlabs have a very good documentation on the resource abstraction layer, RAL for short.
Best Answer
For exported resources to function properly you need to set up PuppetDB. They won't work without PuppetDB. Also, you often need two Puppet runs for resources to get applied.
What happens behind the scenes is:
puppet agent requests catalog from master
master compiles catalog (fetching exported resources from PuppetDB, and storing newly found exported resources back to PuppetDB)
master delivers catalog to agent
Of course having exported resources within the manifest for a single node isn't really useful. The idea behind them is that individual nodes can report some of their resources which are later collected by another node on which you want them to be applied.
Here's an example: if want to insert Nagios checks into each and every one of your services, you don't want to apply and collect those checks on the nodes where services reside on, but you want to collect them all on a Nagios node.
Hope this helps.