puppet agent 是如何给服务器添加域后缀的？

Question

我是木偶新手。 我安装了一个主机名为 puppet-mst 的虚拟机，并在其上安装了 puppetserver 7。 然后我试图给自己签名。 但令我惊讶的是——puppet 代理试图登录 puppet-mst.suse 而不是 puppet-mst。 即使我将项目“puppet-mst.suse”添加到/etc/hosts，它仍然会引发错误，因为“服务器主机名‘puppet-mst’与服务器证书不匹配；预期为 puppet-mst.suse、DNS:puppet 之一, DNS:puppet-mst.suse" --

puppet-mst:/etc/puppetlabs/puppet # cat /etc/hosts
127.0.0.1       localhost
192.168.160.131 puppet-mst puppet-mst.suse
puppet-mst:/etc/puppetlabs/puppet # hostname -f
puppet-mst
puppet-mst:/etc/puppetlabs/puppet # hostname
puppet-mst


puppet-mst:/etc/puppetlabs/puppet # cat puppet.conf
[main]
certname = puppet-mst
server = puppet-mst
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code


puppet-mst:/etc/puppetlabs/puppet # puppet agent --test --verbose
Info: Creating a new RSA SSL key for puppet-mst
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-mst
Info: Certificate Request fingerprint (SHA256): 03:C4:E0:86:30:11:E8:4E:36:1A:52:DC:F7:0D:C2:78:E4:7A:D9:80:76:7E:93:92:19:4B:0C:3E:55:B7:0A:7C
Error: Server hostname 'puppet-mst' did not match server certificate; expected one of puppet-mst.suse, DNS:puppet, DNS:puppet-mst.suse
Error: Could not run: Server hostname 'puppet-mst' did not match server certificate; expected one of puppet-mst.suse, DNS:puppet, DNS:puppet-mst.suse


Does anyone know what's issue? -- I certainly put the item "server=puppet-mst" into the puppet.conf, why it still searching for this unknown site -- puppet-mst.suse? 
Please kind help. Thanks

问候艾森

Answer 1

更新

certname = puppet-mst
server = puppet-mst

到

certname = puppet-mst.suse
server = puppet-mst.suse

并再次尝试运行puppet agent -t 。 如果这仍然不起作用，您可能需要重新生成证书，执行此操作的步骤在这里https://puppet.com/docs/puppet/7/ssl_regenerate_certificates.html作为一般规则，坚持使用服务器是有用的fqdn 而不是短名称。 我假设如果你运行puppet-mst.suse facter fqdn你会得到puppet-mst.suse