Ssl 木偶:没有收到证书
我在更新版本6的puppet上有一个最小的默认puppet主/从配置,我正试图在virtualbox VMs中为原型启动该配置。但是,代理似乎无法正确连接到主机Ssl 木偶:没有收到证书,ssl,puppet,Ssl,Puppet,我在更新版本6的puppet上有一个最小的默认puppet主/从配置,我正试图在virtualbox VMs中为原型启动该配置。但是,代理似乎无法正确连接到主机 10.0.2.2 - - [14/Apr/2019:18:22:14 +0000] "GET /production/certificate/localhost? HTTP/1.1" 404 36 "-" "Ruby" 3 10.0.2.2 - - [14/Apr/2019:18:22:14 +0000] "GET /productio
10.0.2.2 - - [14/Apr/2019:18:22:14 +0000] "GET /production/certificate/localhost? HTTP/1.1" 404 36 "-" "Ruby" 3
10.0.2.2 - - [14/Apr/2019:18:22:14 +0000] "GET /production/certificate/ca?fail_on_404=true HTTP/1.1" 200 1939 "-" "Ruby" 3
10.0.2.2 - - [14/Apr/2019:18:22:14 +0000] "GET /production/certificate/localhost? HTTP/1.1" 404 36 "-" "Ruby" 2
10.0.2.2 - - [14/Apr/2019:18:22:14 +0000] "GET /production/certificate/localhost? HTTP/1.1" 404 36 "-" "Ruby" 3
10.0.2.2 - - [14/Apr/2019:18:22:14 +0000] "GET /production/certificate/localhost? HTTP/1.1" 404 36 "-" "Ruby" 2
在我的master上,我只有2个证书,因此很明显,请求正在通过:
"localhost" (SHA256) 1C:E7:D0:FF:35:A3:5B:CA:37:02:13:CC:75:20:B5:54:42:BA:AA:C9:61:9D:02:22:B3:28:E3:C3:4D:FE:5F:CC
"slave1" (SHA256) 35:A8:C5:E8:8A:1D:58:F6:DA:EC:8A:4D:9F:30:53:3E:F8:A1:01:27:F4:D7:62:5F:82:1C:E0:6B:37:82:A8:A2
我的代理可以很好地连接到主机,但是,它似乎永远无法恢复健康证书:
Nothing to do
waiting to run puppet....
Info: Creating a new SSL key for localhost
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for localhost
Info: Certificate Request fingerprint (SHA256): 1C:E7:D0:FF:35:A3:5B:CA:37:02:13:CC:75:20:B5:54:42:BA:AA:C9:61:9D:02:22:B3:28:E3:C3:4D:FE:5F:CC
Info: Caching certificate for ca
Notice: Did not receive certificate
Notice: Did not receive certificate
我如何确定这些404错误发生的原因?结果是我没有签署我的请求
为了做到这一点,您只需使用puppet cert list,然后使用puppet cert sign来支持未完成的请求。此时,服务器将能够输出一个证书,然后代理可以下载并在本地使用该证书 如前所述,您必须在证书上签名。。 对于傀儡来说,第6版将是
puppetserver ca sign --certname slave1
木偶版<6
puppet cert sign slave1
您必须在puppet服务器上签署从属证书,因此,如果您有puppet 6,则更多信息请访问“puppetserver ca help”。。我还没有使用版本6。因为它是一个“实验室”设置,你也可以打开自动签名