Certificate Puppet:服务器主机名与服务器证书不匹配
我在两个虚拟机(一个主机和一个节点)上安装了Puppet Enterprise。当我尝试使用puppet agent-t手动运行代理时,我得到了错误Certificate Puppet:服务器主机名与服务器证书不匹配,certificate,puppet,agent,Certificate,Puppet,Agent,我在两个虚拟机(一个主机和一个节点)上安装了Puppet Enterprise。当我尝试使用puppet agent-t手动运行代理时,我得到了错误 Server hostname '192.168....' did not match server certificate; expected one of host-192-168-.....localdomain. 如果我通过添加--server host-192-168…..localdomain来运行它,它可以工作,但是通过这种方式我
Server hostname '192.168....' did not match server certificate; expected one of host-192-168-.....localdomain.
--server host-192-168…..localdomain来运行它,它可以工作,但是通过这种方式我可以手动执行,在它自己的运行间隔之后,它就不工作了,所以在我的puppet控制台上它说它没有响应。我猜这是因为它自己得到了我前面提到的错误,所以我的主机无法从这个节点接收任何报告
有人能帮我吗?如何使我的节点的代理使用正确的服务器证书名称与主机联系
来自节点的puppet.conf:
如果我把server=host-。。。(主要)没有任何变化。我想我不能从[代理]部分更改服务器,因为应该有主ip(我相信)
我尝试了链接上的内容,现在我的傀儡代理-t在我的节点上不再做任何事情。为了更好地理解,我发布了来自master的puppet.conf:
[main]
certname = host-192-168-10-39.localdomain
vardir = /var/opt/lib/pe-puppet
logdir = /var/log/pe-puppet
rundir = /var/run/pe-puppet
basemodulepath = /opt/alu/deploy/puppet/modules:/etc/puppetlabs/puppet....
environmentpath = /opt/alu/deploy/puppet/environments
server = 192.168.10.39
user = pe-puppet
group = pe-puppet
archive_files = true
archive_files_server = 192.168.10.39
module_groups = base+pe_only
dns_alt_names = puppet
[agent]
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production
noop = true
runinterval = 1800
[master]
node_terminus = classfier
ca_server = host-192-168-10-39.localdomain
reports = console,puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb
certname = 192-168-10-39.localdomain
server = 192.168.10.39
always_cache_features = true
default_manifest = /opt/alu/deploy/puppet/manifests/default.pp
puppet代理错误-t:不要在命令行上发出--server
,只需在代理的puppet.conf
文件的[main]
部分添加addserver=…
。此问题有多种原因,请列出您的puppet.conf
但从顶部看,主服务器生成的证书中的名称与服务器的主机名之间似乎不匹配。可能在生成证书和重新启动之间,主机名已经更改,因为主机名更改有时在重新启动后才会生效
puppetlabs官方文档有助于解决此问题,请遵循以下链接:。它可能很简单,只需在/etc/puppet/conf中设置certname值并重新启动主机。@Robert请不要在评论中分享它。如果需要,请将其添加到您的问题中。谢谢。我会记住这个;)我试过你说的,我的傀儡特工-t停止了工作。。。。所以我把一切都颠倒了。我用master和node中的puppet.conf编辑了我的问题,以便您可以更好地查看。请帮助:)嘿@Robert根据链接中的指导,请保持certname和主机名(我查看了您的puppet.conf文件)不变192-168-10-39.localdomain。我建议您再次按照这些步骤操作,我相信您已经解决了这个问题,因为您的puppet.conf与puppetlabs文档链接中提到的内容完全相反。@Robert,这只是一个补充,如果您从代理中删除/ssl公钥,并在服务器上对客户端执行“puppet cert clean”(puppet cert clean))。然后重新开始,让它发挥作用。Robert请随意添加一个注释,我可以理解这些是可怜的问题。我通过将agent puppet.conf中的“server=”更改为host-192-168-10-39.localdomain解决了这个问题。非常感谢。
[main]
certname = host-192-168-10-39.localdomain
vardir = /var/opt/lib/pe-puppet
logdir = /var/log/pe-puppet
rundir = /var/run/pe-puppet
basemodulepath = /opt/alu/deploy/puppet/modules:/etc/puppetlabs/puppet....
environmentpath = /opt/alu/deploy/puppet/environments
server = 192.168.10.39
user = pe-puppet
group = pe-puppet
archive_files = true
archive_files_server = 192.168.10.39
module_groups = base+pe_only
dns_alt_names = puppet
[agent]
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production
noop = true
runinterval = 1800
[master]
node_terminus = classfier
ca_server = host-192-168-10-39.localdomain
reports = console,puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb
certname = 192-168-10-39.localdomain
server = 192.168.10.39
always_cache_features = true
default_manifest = /opt/alu/deploy/puppet/manifests/default.pp