up：服务器主机名与服务器证书不匹配

Question

I installed Puppet Enterprise on two virtual machines (one master and one node). When I try to run my agent manually with puppet agent -ti get the error

Server hostname '192.168....' did not match server certificate; expected one of host-192-168-.....localdomain. 

If i run this by adding --server host-192-168.....localdomain it works, but this way i can do this manually and after its own runInterval it doesn't work so on my puppet console it says it is Unresponsive. I guess this is because on its own it gets the error i mentioned earlier so my master can't receive any reports from this node.

Can someone please help me with this? How can i make so my node's agent is contacting the master with the proper server certificate name?

puppet.conf from node:

 [main] vardir = ... logdir = ... rundir = ... basemodulepath = ... user = ... group = ... archive_files = ... [agent] report = ... classfile = ... localconfig = ... graph = ... pluginsync = ... environment = ... server = 192.168.10.39 certname = 192.168.10.40 noop = true runinterval = 1800 

If i put server = host-... (in main) nothing changes. I think I can't change the server from [agent] part, because there should be the master ip (i believe) ...

I tried what was on that link and now my puppet agent -t doesn't do anything anymore on my node. For better understandig, i'm posting my puppet.conf from master:

 [main] certname = host-192-168-10-39.localdomain vardir = /var/opt/lib/pe-puppet logdir = /var/log/pe-puppet rundir = /var/run/pe-puppet basemodulepath = /opt/alu/deploy/puppet/modules:/etc/puppetlabs/puppet.... environmentpath = /opt/alu/deploy/puppet/environments server = 192.168.10.39 user = pe-puppet group = pe-puppet archive_files = true archive_files_server = 192.168.10.39 module_groups = base+pe_only dns_alt_names = puppet [agent] report = true classfile = $vardir/classes.txt localconfig = $vardir/localconfig graph = true pluginsync = true environment = production noop = true runinterval = 1800 [master] node_terminus = classfier ca_server = host-192-168-10-39.localdomain reports = console,puppetdb storeconfigs = true storeconfigs_backend = puppetdb certname = 192-168-10-39.localdomain server = 192.168.10.39 always_cache_features = true default_manifest = /opt/alu/deploy/puppet/manifests/default.pp 

Error from puppet agent -t : http://i62.tinypic.com/34ijlmu.png

Answer 1

无需在命令行上发布--server ，只需在代理的puppet.conf文件的[main]部分中添加add server=...

Answer 2

There are a variety of causes for this problem, Please list your puppet.conf.

But from top, it looks like some mismatch between the name in the certificate generated by the master and the host name of the server. Perhaps between when you generated the certificate and rebooted, the hostname had been changed, as hostname changes sometimes do not take affect until after a reboot.

puppetlabs Offical documentaion helps to resolve this issue, please follow this link: https://docs.puppetlabs.com/guides/troubleshooting.html?_ga=1.110966791.343491524.1432986084#agents-are-failing-with-a-hostname-was-not-match-with-the-server-certificate-error-whats-wrong . It may be as simple as setting the certname value in /etc/puppet/conf and restarting the master.