Ssl Can';t重新加载木偶配置->;无法连接到Puppet服务器
我用两个流浪的虚拟机用Puppet测试一些东西,但是当我去请求证书时,我得到一个神秘的错误消息,我找不到任何关于它的信息 我应该注意到,与良好的Linux服务器管理相对应,我使用Ssl Can';t重新加载木偶配置->;无法连接到Puppet服务器,ssl,puppet,Ssl,Puppet,我用两个流浪的虚拟机用Puppet测试一些东西,但是当我去请求证书时,我得到一个神秘的错误消息,我找不到任何关于它的信息 我应该注意到,与良好的Linux服务器管理相对应,我使用/var/和/opt/来存储敏感的证书信息,但在其他方面,这是一个标准的傀儡设置 # Client node details IP: 192.168.250.10 Hostname: client.example.com Puppet version: 4.3.2 OS: CentOS Linux release 7.
/var/
和/opt/
来存储敏感的证书信息,但在其他方面,这是一个标准的傀儡设置
# Client node details
IP: 192.168.250.10
Hostname: client.example.com
Puppet version: 4.3.2
OS: CentOS Linux release 7.0.1406 (on Vagrant)
# Puppet server details
IP: 192.168.250.6
Hostname: puppet-server.example.com
Puppet version: 4.3.2
OS: CentOS Linux release 7.0.1406 (on Vagrant)
# client's and server's /etc/hosts files are identical
192.168.250.5 puppetmaster.example.com
192.168.250.6 puppet.example.com puppet-server.example.com
192.168.250.7 dashserver.example.com dashboard.example.com
192.168.250.10 client.example.com
192.168.250.20 webserver.example.com
# /etc/puppetlabs/puppet/puppet.conf on both client and server
[main]
logdest = syslog
[user]
bucketdir = $clientbucketdir
vardir = /var/opt/puppetlabs/server
ssldir = $vardir/ssl
[agent]
server = puppet.example.com
[master]
certname = puppet.example.com
vardir = /var/opt/puppetlabs/puppetserver
ssldir = $vardir/ssl
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
trusted_server_facts = true
reports = store
cacert = /var/opt/puppetlabs/puppetserver/ssl/certs/ca.pem
cacrl = /var/opt/puppetlabs/puppetserver/ssl/crl.pem
hostcert = /var/opt/puppetlabs/puppetserver/ssl/certs/{puppet, client}.example.com.pem # respectively, obviously
hostprivkey = /var/opt/puppetlabs/puppetserver/ssl/private_keys/{puppet, client}.example.com.pem # respectively, obviously
最后,我得到的错误是:
$ sudo puppet resource service puppet ensure=stopped enable=false
Notice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped'
service { 'puppet':
ensure => 'stopped',
enable => 'false',
}
$ sudo puppet resource service puppet ensure=running enable=true
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
}
$ puppet agent --test --server=puppet.example.com
Error: Could not request certificate: Permission denied @ dir_initialize - /etc/puppetlabs/puppet/ssl/private_keys
Exiting; failed to retrieve certificate and waitforcert is disabled
首先,使用此设置时,Puppet不应使用/etc/puppetlabs/Puppet/ssl/private_key
。它没有正确使用我的配置文件:
$ puppet config print ssldir
/etc/puppetlabs/puppet/ssl
接下来,我检查并重新生成了服务器和客户端节点上的密钥,但是我仍然得到了相同的错误,客户端和服务器仍然认为我的$ssldir
应该是/etc/puppetlabs/puppet/ssl
,而它应该是/var/opt/puppetlabs/puppetserver/ssl
有什么想法吗 您需要在代理部分以及主机部分指定ssl和vardir配置
puppet config print ssldir的输出是什么?
[main]
部分也可以。这是假设他与主机和代理在同一台机器上进行测试。这个问题不清楚。如果没有,则需要在运行puppet代理之前在代理计算机上配置。它位于两个不同的vagrant VM计算机上,一个用于puppet代理,另一个用于puppet服务器。哪些节点需要vardir和ssldir(以及在哪些部分)?代理在vardir部分需要它们,服务器在master部分需要它们。或者您可以将其添加到这两个部分的主要部分