[英]Unable to retrieve Puppet agent SSL certificate from Puppet master
I have configured a Puppet Master-Agent setup (OS: Ubuntu). 我已经配置了Puppet Master-Agent设置(操作系统:Ubuntu)。 Both can ping/ssh each other. 两者都可以互相ping / ssh。 DNS is set properly. DNS设置正确。 Master is able to generate new CA and cert while Agent is throwing error when 'puppet agent -t' is executed to generate the certificates. 当执行'puppet agent -t'生成证书时,Agent抛出错误时,Master可以生成新的CA和证书。
I received error along with the solution and I performed as suggested and further received: 我在解决方案中收到错误,并且按照建议执行并进一步收到:
Exiting; failed to retrieve certificate and waitforcert is disabled
Kindly help in getting this one resolved. 请帮助解决这一问题。 Below is the /etc/puppet/puppet.conf (Same on Master-Agent) 以下是/etc/puppet/puppet.conf(与Master-Agent相同)
#Settings in [main] are used if a more specific section does not set a value.
[main]
certname = puppetmaster01.example.com
logdir=/var/log/puppet
vardir=/var/lib/puppet
basemodulepath = /etc/puppetlabs/puppet/environments/production/modules:/opt/puppet/share/puppet/modules
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
server = puppetmaster01.example.com
user = puppet
group = puppet
archive_files = true
archive_file_server = puppetmaster01.example.com
[master]
# This section is used by the Puppet master and Puppet cert applications.
dns_alt_names = puppet,puppet.example.com,puppetmaster01,puppetmaster01.example.com,puppetagent01,puppetagent01.example.com
certname = puppetmaster01.example.com
reports = http,puppetdb
reporturl = https://localhost:443/reports/upload
node_terminus = exec
external_nodes = /etc/puppetlabs/puppet-dashboard/external_node
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
storeconfigs_backend = puppetdb
storeconfigs = true
autosign = true
# This section is used by the Puppet agent application.
[agent]
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production
In a puppet master/agent deployment and from the docs, the administrator will need to sign the client's Cert on the puppet master. 在人偶主控/代理部署中以及从文档中,管理员将需要在人偶主控上签署客户端的证书。 Have you signed the cert on your puppet master? 你在木偶大师上签署了证书吗?
Depending on which version of puppet you're on: Try running sudo puppetserver ca sign fullnameOFhost.something.com
or sudo puppet cert sign <name of host>
取决于您所使用的木偶版本:尝试运行sudo puppetserver ca sign fullnameOFhost.something.com
或sudo puppet cert sign <name of host>
You can look at outstanding client certs that need signing by running sudo puppet cert list
or sudo puppetserver ca list
, again depending on the version. 您可以通过再次运行sudo puppet cert list
或sudo puppetserver ca list
来查看需要签名的优秀客户端证书,具体取决于版本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.