问题描述
在使用Puppet Master时遇到了一个问题,他在服务器上运行了以下命令来生成证书,但是没有任何关于证书生成的提示。
sudo -u puppet puppet master --no-daemonize --verbose
用户认为在主机文件和其他配置方面没有任何错误,可能是其他地方出了问题。此外,如果他在客户机上运行puppet agent -t
命令,会出现以下错误,因为服务器上的证书没有生成。
Warning: Unable to fetch my node definition, but the agent run will continue:Warning: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateInfo: Retrieving pluginfactsError: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://www.puppetmaster.com/pluginfacts: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateInfo: Retrieving pluginError: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://www.puppetmaster.com/plugins: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: Could not retrieve catalog from remote server: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate
解决方案
请注意以下操作注意版本差异及修改前做好备份。
方案1
首先,尝试在/etc/puppet/puppet.conf
中设置dns_alt_names
:
[main]
dns_alt_names = www.puppetmaster.com
[master]
autosign = true
然后,确保你在Puppet客户端的/etc/puppet/puppet.conf
中正确设置了服务器:
[agent]
server = www.puppetmaster.com
这样,再次运行puppet agent -t
命令,看看是否能正常工作。
方案2
如果方案1没有解决问题,你可以尝试手动生成证书。首先,停止Puppet Master服务:
sudo service puppetmaster stop
然后,使用以下命令手动生成证书:
sudo puppet cert generate www.puppetmaster.com
最后,重新启动Puppet Master服务:
sudo service puppetmaster start
再次运行puppet agent -t
命令,看看是否能正常工作。
方案3
如果以上两个方案都没有解决问题,你可以尝试重新安装Puppet Master,并确保使用最新版本。同时,确保你的操作系统也是最新的,并且满足Puppet Master的要求。
方案4
根据评论中的建议,不要安装3.8.7版本,并且不要使用CentOS 6。尝试使用其他版本的Puppet Master,并在支持的操作系统上进行安装。
注意:在尝试任何解决方案之前,请确保你已经备份了重要的数据和配置文件,以防万一出现意外情况。
正文完