Puppet Master证书生成不起作用

问题描述

在使用Puppet Master时遇到了一个问题，他在服务器上运行了以下命令来生成证书，但是没有任何关于证书生成的提示。

sudo -u puppet puppet master --no-daemonize --verbose

用户认为在主机文件和其他配置方面没有任何错误，可能是其他地方出了问题。此外，如果他在客户机上运行puppet agent -t命令，会出现以下错误，因为服务器上的证书没有生成。

Warning: Unable to fetch my node definition, but the agent run will continue:Warning: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateInfo: Retrieving pluginfactsError: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://www.puppetmaster.com/pluginfacts: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateInfo: Retrieving pluginError: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://www.puppetmaster.com/plugins: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateError: Could not retrieve catalog from remote server: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificateWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: Server hostname 'www.puppetmaster.com' did not match server certificate; expected one of puppetcertificate, DNS:puppet www.puppetmaster.com, DNS:puppetcertificate

解决方案

请注意以下操作注意版本差异及修改前做好备份。

方案1

首先，尝试在/etc/puppet/puppet.conf中设置dns_alt_names：

[main]
dns_alt_names = www.puppetmaster.com

[master]
autosign = true

然后，确保你在Puppet客户端的/etc/puppet/puppet.conf中正确设置了服务器：

[agent]
server = www.puppetmaster.com

这样，再次运行puppet agent -t命令，看看是否能正常工作。

方案2

如果方案1没有解决问题，你可以尝试手动生成证书。首先，停止Puppet Master服务：

sudo service puppetmaster stop

然后，使用以下命令手动生成证书：

sudo puppet cert generate www.puppetmaster.com

最后，重新启动Puppet Master服务：

sudo service puppetmaster start

再次运行puppet agent -t命令，看看是否能正常工作。

方案3

如果以上两个方案都没有解决问题，你可以尝试重新安装Puppet Master，并确保使用最新版本。同时，确保你的操作系统也是最新的，并且满足Puppet Master的要求。

方案4

根据评论中的建议，不要安装3.8.7版本，并且不要使用CentOS 6。尝试使用其他版本的Puppet Master，并在支持的操作系统上进行安装。

注意：在尝试任何解决方案之前，请确保你已经备份了重要的数据和配置文件，以防万一出现意外情况。