Puppet Master证书生成不起作用

70次阅读
没有评论

问题描述

在使用Puppet Master时遇到了一个问题,他在服务器上运行了以下命令来生成证书,但是没有任何关于证书生成的提示。

sudo -u puppet puppet master --no-daemonize --verbose

用户认为在主机文件和其他配置方面没有任何错误,可能是其他地方出了问题。此外,如果他在客户机上运行puppet agent -t命令,会出现以下错误,因为服务器上的证书没有生成。

Warning: Unable to fetch my node definition, but the agent run will continue:Warning: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateInfo: Retrieving pluginfactsError: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://www.puppetmaster.com/pluginfacts: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateInfo: Retrieving pluginError: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://www.puppetmaster.com/plugins: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: Could not retrieve catalog from remote server: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate

解决方案

请注意以下操作注意版本差异及修改前做好备份。

方案1

首先,尝试在/etc/puppet/puppet.conf中设置dns_alt_names

[main]
dns_alt_names = www.puppetmaster.com

[master]
autosign = true

然后,确保你在Puppet客户端的/etc/puppet/puppet.conf中正确设置了服务器:

[agent]
server = www.puppetmaster.com

这样,再次运行puppet agent -t命令,看看是否能正常工作。

方案2

如果方案1没有解决问题,你可以尝试手动生成证书。首先,停止Puppet Master服务:

sudo service puppetmaster stop

然后,使用以下命令手动生成证书:

sudo puppet cert generate www.puppetmaster.com

最后,重新启动Puppet Master服务:

sudo service puppetmaster start

再次运行puppet agent -t命令,看看是否能正常工作。

方案3

如果以上两个方案都没有解决问题,你可以尝试重新安装Puppet Master,并确保使用最新版本。同时,确保你的操作系统也是最新的,并且满足Puppet Master的要求。

方案4

根据评论中的建议,不要安装3.8.7版本,并且不要使用CentOS 6。尝试使用其他版本的Puppet Master,并在支持的操作系统上进行安装。

注意:在尝试任何解决方案之前,请确保你已经备份了重要的数据和配置文件,以防万一出现意外情况。

正文完