Docker puppet中的SSL证书验证失败
我有一个docker容器,里面有傀儡主人。它是从图像Docker puppet中的SSL证书验证失败,docker,ssl,vagrant,puppet,Docker,Ssl,Vagrant,Puppet,我有一个docker容器,里面有傀儡主人。它是从图像puppet/puppetserver创建的 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1a3e942655e0 puppet/puppetserver "dumb-init /doc
puppet/puppetserver
创建的
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1a3e942655e0 puppet/puppetserver "dumb-init /docker-e…" 32 minutes ago Up 32 minutes (healthy) 0.0.0.0:8140->8140/tcp puppet
puppetserver容器的详细信息:
Hostname: puppet
FQDN: puppet.openvpn
Hostname: localhost.localdomain
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.100.2.1 puppetserver
puppet代理正在docker所在主机上的流浪箱中运行。当我从vagrnat框运行puppet agent-td
时,我得到以下错误-
Info: Creating a new SSL key for localhost.localdomain
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for localhost.localdomain
Info: Certificate Request fingerprint (SHA256): A8:F0:9D:F2:2C:A0:AC:0B:66:55:90:64:64:B2:62:47:7F:DC:F0:18:18:A6:79:C0:BE:1D:00:B6:5E:F4:C3:18
Info: Downloaded certificate for localhost.localdomain from puppetserver
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate rejected): [ok for /CN=puppet.openvpn]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate rejected): [ok for /CN=puppet.openvpn]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate rejected): [ok for /CN=puppet.openvpn]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate rejected): [ok for /CN=puppet.openvpn]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate rejected): [ok for /CN=puppet.openvpn]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate rejected): [ok for /CN=puppet.openvpn]
Error: Could not retrieve catalog; skipping run
流浪傀儡代理人详情:
Hostname: puppet
FQDN: puppet.openvpn
Hostname: localhost.localdomain
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.100.2.1 puppetserver
/etc/hosts:
Hostname: puppet
FQDN: puppet.openvpn
Hostname: localhost.localdomain
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.100.2.1 puppetserver
192.100.2.1->vagrant内主机的ip
/etc/puppetlabs/puppet/puppet.conf
[agent]
server = puppetserver
当我运行puppet代理-t
时,我能够在主机和日志中看到为流浪傀儡代理生成的签名证书
- 这些证书是否生成错误李>
- 什么证书在这里被拒绝了