puppet代理看起来正在运行，但foreman的上一次更新是在一个月前

我用的是木偶5.5。在工作站中，代理看起来正在运行。但实际上，上一份报告是一个月前发布的（通常每10分钟运行一次） 当我运行命令'puppet agent-t'时，我遇到以下错误：

puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate unknown
Info: Retrieving pluginfacts
Error: /File[C:/ProgramData/PuppetLabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate unknown
Error: /File[C:/ProgramData/PuppetLabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate unknown
Info: Retrieving plugin
Error: /File[C:/ProgramData/PuppetLabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate unknown
Error: /File[C:/ProgramData/PuppetLabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate unknown
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate unknown
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate unknown

---

解决这个问题的线索就在puppet搜索自定义事实和库的路径中。此问题的原因是C:/ProgramData/PuppetLabs/puppet/cache目录中的缓存SSL证书。您可以使用该路径搜索“*.pem”文件，如果找到任何与主机名匹配的文件，请将其删除。然后，您需要确保从puppet主服务器

puppet cert clean

中清除主机的所有旧证书，然后使用

puppet agent-tv

再次在主机上运行puppet代理以生成新证书。在主服务器上再次签署新证书

puppet cert Sign

，您就可以开始了。

代理拒绝主服务器的SSL证书。通过将

--debug

添加到代理的命令行中，您可能会得到更多的细节：

puppet-agent-t--debug

。同时，确保它正在与它应该与之交谈的主人交谈。例如，您应该在主机日志中看到连接尝试。我在一些系统上看到类似的问题。