[英]Unable to retrieve Puppet agent SSL certificate from Puppet master
我已經配置了Puppet Master-Agent設置(操作系統:Ubuntu)。 兩者都可以互相ping / ssh。 DNS設置正確。 當執行'puppet agent -t'生成證書時,Agent拋出錯誤時,Master可以生成新的CA和證書。
我在解決方案中收到錯誤,並且按照建議執行並進一步收到:
Exiting; failed to retrieve certificate and waitforcert is disabled
請幫助解決這一問題。 以下是/etc/puppet/puppet.conf(與Master-Agent相同)
#Settings in [main] are used if a more specific section does not set a value.
[main]
certname = puppetmaster01.example.com
logdir=/var/log/puppet
vardir=/var/lib/puppet
basemodulepath = /etc/puppetlabs/puppet/environments/production/modules:/opt/puppet/share/puppet/modules
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
server = puppetmaster01.example.com
user = puppet
group = puppet
archive_files = true
archive_file_server = puppetmaster01.example.com
[master]
# This section is used by the Puppet master and Puppet cert applications.
dns_alt_names = puppet,puppet.example.com,puppetmaster01,puppetmaster01.example.com,puppetagent01,puppetagent01.example.com
certname = puppetmaster01.example.com
reports = http,puppetdb
reporturl = https://localhost:443/reports/upload
node_terminus = exec
external_nodes = /etc/puppetlabs/puppet-dashboard/external_node
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
storeconfigs_backend = puppetdb
storeconfigs = true
autosign = true
# This section is used by the Puppet agent application.
[agent]
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production
在人偶主控/代理部署中以及從文檔中,管理員將需要在人偶主控上簽署客戶端的證書。 你在木偶大師上簽署了證書嗎?
取決於您所使用的木偶版本:嘗試運行sudo puppetserver ca sign fullnameOFhost.something.com
或sudo puppet cert sign <name of host>
您可以通過再次運行sudo puppet cert list
或sudo puppetserver ca list
來查看需要簽名的優秀客戶端證書,具體取決於版本。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.