Unix 在实用程序节点上安装了puppet_Unix_Configuration_Puppeteer_Puppet_Redhat

Unix 在实用程序节点上安装了puppet

unix configuration puppet

Unix 在实用程序节点上安装了puppet,unix,configuration,puppeteer,puppet,redhat,Unix,Configuration,Puppeteer,Puppet,Redhat,我正在实用程序节点上运行版本6 puppet，当我试图从puppet代理连接到puppet主机时，我收到了这个错误 [root@utility ~]# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=error: certificate verify fail

我正在实用程序节点上运行版本6 puppet，当我试图从puppet代理连接到puppet主机时，我收到了这个错误

[root@utility ~]# puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=utility.example.com]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=utility.example.com]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=utility.example.com]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=utility.example.com]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=utility.example.com]
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=utility.example.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

此外，当我运行

puppet cert list--all时，puppet代理上的证书不会显示在puppet主机上
Warning: `puppet cert` is deprecated and will be removed in a future release.
   (location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')

因为代理没有发出证书签名请求，所以它必须已经有签名证书。但它似乎不是船长认可的证书，因此船长不会接受它。代理也可能不接受船长证书
如果未经授权的节点试图检索目录，那么拒绝向无法识别的代理提供服务的主节点正是人们所期望和想要的。如果代理的目录请求被提交给冒充主服务器的冒名顶替者，那么拒绝完成与主服务器的连接正是人们所期望和想要的
但是，如果授权代理在向真正的主机请求目录时遇到这样的问题，并且该主机应该能够识别，那么您就有了信任失败。例如，如果代理的原始主机被替换为新主机，或者从主机中删除Puppet然后重新安装，则可能会发生这种情况
如果该主机确实没有相关代理的证书，那么您应该能够通过关闭代理（如果它是作为守护进程运行的），然后清除其证书，以便在下次运行时生成新的证书来解决问题。Puppet文档描述（您应该只需要步骤3，“为Puppet代理清除并重新生成证书”，并且仅针对受影响的代理）。
注意：puppetserver ca
是Puppet cert
的替代品。我在尝试在主机上列出证书时遇到此错误[root@utility ~]#puppetserver ca列表--运行操作“列表”时出现所有致命错误错误错误：连接到根本原因失败：SSL\u connect返回=1 errno=0 state=错误：证书验证failed@Mike，这听起来像是更广泛的信任缺失。除了重新生成代理证书，您可能还需要执行我已链接的文档页面上描述的完整过程。puppet AgentUppet agent上也出现此错误--测试错误：无法请求证书：请求失败：SSL\u connect返回=1 errno=0 state=错误：sslv3警报错误证书正在退出；检索证书失败，waitforcert被禁用。整个过程中，我仍然收到相同的错误。因此，错误消息您正在更改？在您报告的问题中，puppet代理--test
发出了不同的错误消息。