Configuration 无法从Puppet master检索Puppet代理SSL证书
我已经配置了Puppet主代理设置(OS:Ubuntu)。两者都可以相互ping/ssh。DNS设置正确。当执行“puppet Agent-t”生成证书时,当代理抛出错误时,Master能够生成新的CA和证书 我收到错误和解决方案,我按照建议执行,并进一步收到: 请帮忙解决这个问题。 下面是/etc/puppet/puppet.conf(在主代理上相同)Configuration 无法从Puppet master检索Puppet代理SSL证书,configuration,puppet,Configuration,Puppet,我已经配置了Puppet主代理设置(OS:Ubuntu)。两者都可以相互ping/ssh。DNS设置正确。当执行“puppet Agent-t”生成证书时,当代理抛出错误时,Master能够生成新的CA和证书 我收到错误和解决方案,我按照建议执行,并进一步收到: 请帮忙解决这个问题。 下面是/etc/puppet/puppet.conf(在主代理上相同) 在puppet master/agent部署和文档中,管理员需要在puppet master上签署客户端证书。你在你的木偶主人身上签了证书了
在puppet master/agent部署和文档中,管理员需要在puppet master上签署客户端证书。你在你的木偶主人身上签了证书了吗 根据您使用的木偶版本: 尝试运行
sudopuppetserver ca sign fullnameOFhost.something.com
或
sudo木偶证书签名
您可以通过运行
sudo puppet cert list
或sudo puppetserver ca list
查看需要签名的未完成客户端证书,这同样取决于版本。如果ca已更改并在本地缓存,请尝试运行find/var/lib/puppet/ssl/certs-name ca.pem-delete
。@DominicCleal我已遵循()重新生成证书。但是现在,当我执行puppet代理-t时,我收到了以下错误:错误:无法请求证书:连接被拒绝-连接(2)。请帮忙解决这个问题。我是一个木偶初学者,看起来我把木偶大师的连接搞砸了。这正成为我前进的障碍。连接被拒绝
表明主服务已停止-启动它(可能是puppetmaster
服务,取决于您的版本和安装方式。)@DominicCleal我为此设置了两个新的虚拟机。我再次执行了所有操作,但再次遇到错误:无法请求证书:SSL\u connect returned=1 errno=0 state=SSLv3读取服务器证书B:证书验证失败:[certificate revocated for/CN=puppetmaster01.example.com]现在,这是新的。尽管SSL错误看起来很相似,但括号中的错误是针对的新证书已吊销。怎么办?我猜你已经运行了一个puppet cert clean
并吊销了证书,但从有限的信息来看很难说。
Exiting; failed to retrieve certificate and waitforcert is disabled
#Settings in [main] are used if a more specific section does not set a value.
[main]
certname = puppetmaster01.example.com
logdir=/var/log/puppet
vardir=/var/lib/puppet
basemodulepath = /etc/puppetlabs/puppet/environments/production/modules:/opt/puppet/share/puppet/modules
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
server = puppetmaster01.example.com
user = puppet
group = puppet
archive_files = true
archive_file_server = puppetmaster01.example.com
[master]
# This section is used by the Puppet master and Puppet cert applications.
dns_alt_names = puppet,puppet.example.com,puppetmaster01,puppetmaster01.example.com,puppetagent01,puppetagent01.example.com
certname = puppetmaster01.example.com
reports = http,puppetdb
reporturl = https://localhost:443/reports/upload
node_terminus = exec
external_nodes = /etc/puppetlabs/puppet-dashboard/external_node
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
storeconfigs_backend = puppetdb
storeconfigs = true
autosign = true
# This section is used by the Puppet agent application.
[agent]
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production