stackoom
  简体   繁体   中英

Unable to retrieve Puppet agent SSL certificate from Puppet master

 原文  2017-05-08 06:22:19       configuration/ puppet

Question

I have configured a Puppet Master-Agent setup (OS: Ubuntu). Both can ping/ssh each other. DNS is set properly. Master is able to generate new CA and cert while Agent is throwing error when 'puppet agent -t' is executed to generate the certificates.

I received error along with the solution and I performed as suggested and further received:

Puppet代理SSL错误的屏幕截图 

Exiting; failed to retrieve certificate and waitforcert is disabled

Kindly help in getting this one resolved. Below is the /etc/puppet/puppet.conf (Same on Master-Agent) 

#Settings in [main] are used if a more specific section does not set a value.
[main]
    certname = puppetmaster01.example.com
    logdir=/var/log/puppet
    vardir=/var/lib/puppet
    basemodulepath = /etc/puppetlabs/puppet/environments/production/modules:/opt/puppet/share/puppet/modules
    ssldir=/var/lib/puppet/ssl
    rundir=/var/run/puppet
    factpath=$vardir/lib/facter
    server = puppetmaster01.example.com
    user = puppet
    group = puppet
    archive_files = true
    archive_file_server = puppetmaster01.example.com

[master]
# This section is used by the Puppet master and Puppet cert applications.
    dns_alt_names = puppet,puppet.example.com,puppetmaster01,puppetmaster01.example.com,puppetagent01,puppetagent01.example.com
    certname = puppetmaster01.example.com
    reports = http,puppetdb
    reporturl = https://localhost:443/reports/upload
    node_terminus = exec
    external_nodes = /etc/puppetlabs/puppet-dashboard/external_node
    ssl_client_header = SSL_CLIENT_S_DN
    ssl_client_verify_header = SSL_CLIENT_VERIFY
    storeconfigs_backend = puppetdb
    storeconfigs = true
    autosign = true

# This section is used by the Puppet agent application.
[agent]
    report = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    graph = true
    pluginsync = true
    environment = production

1 answers

solution1
 0  2019-05-02 19:24:09

In a puppet master/agent deployment and from the docs, the administrator will need to sign the client's Cert on the puppet master. Have you signed the cert on your puppet master?

Depending on which version of puppet you're on: Try running sudo puppetserver ca sign fullnameOFhost.something.com or sudo puppet cert sign <name of host>

You can look at outstanding client certs that need signing by running sudo puppet cert list or sudo puppetserver ca list , again depending on the version.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to show a summary of the last puppet agent run? How to Configure puppet client without node entry in the puppet master's manifest file? Is there any way to compile Manifest, Custom Functions etc in Puppet Agent? installed puppet on a utility node Ssl certificate error: unable to get local issuer certificate on wamp in magento 2 Use Puppet to test connection of Oracle database Puppet: relationship between resources on different nodes How to get key in hash value in puppet Puppet use pre-existing version of postgres How to use a template for configuration file in Puppet
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM