一千萬個為什麽

搜索

木偶主證書生成不起作用



木偶大師:

  • Docker container with cent-OS-6
  • configured in /etc/hosts
  • configured /etc/puppet/puppet.conf with server,dns_alt_names and certname

Puppet Agent:

  • 使用ubuntu操作系統的Docker容器
  • 在/ etc/hosts
  • 中配置了serverip和agent ip
  • 使用服務器值配置/etc/puppet/puppet.conf

現在嘗試使用在服務器計算機中生成證書

sudo -u puppet puppet master --no-daemonize --verbose

Displays:Notice: Starting Puppet master version 3.8.7

與證書生成相關的任何事情都不會發生。

我相信主機文件和其他配置丟失沒有任何錯誤。這裏可能會出現問題。

In the client machine If I run this command puppet agent -t . I get the following error. As the certificate is not generated in server. I think I have to fix that first than this .

Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://www.puppetmaster.com/pluginfacts: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://www.puppetmaster.com/plugins: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate
Error: Could not retrieve catalog from remote server: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate

轉載註明原文: 木偶主證書生成不起作用

一共有 2 個回答:

首先,嘗試在/etc/puppet/puppet.conf中設置 dns_alt_names

[main]
    dns_alt_names = www.puppetmaster.com
[master]
    autosign = true

然後看看你的傀儡代理-t運行是否正常。請確保您已在/etc/puppet/puppet.conf中的puppet客戶端上正確設置了您的服務器:

[agent]
    server = www.puppetmaster.com

它看起來像你的代理連接到錯誤的木偶大師。不是你在碼頭集裝箱內運行的那個。確保代理連接到正確的主設備。

首先嘗試檢查代理是否可以通過運行以下方式訪問主服務器:

telnet  8104

傀儡代理應該能夠接觸到你創建的木偶大師。我不認為 www.puppetmaster.com 是你的木偶大師。人們可以檢查端口8140是否在監聽。如果情況並非如此,請確保主人將開始聆聽。