5

从现在开始签署 Puppet-Agents 的 2 天以来,我一直在苦苦挣扎。问题如下:

在主人我删除所有现有的签名

puppet cert clean esx-poc-1.xxx.de

在代理上,我删除了整个 ssl 目录

rm -rf /var/lib/puppet/ssl/

在代理上运行以下命令之一后...

puppet 证书生成 esx-poc-1.xxx.de --ca-location 远程 puppet 代理 --server puppetmaster.int.xxx.com --waitforcert 60 --test

...我可以列出主人的证书:

傀儡证书列表--全部

输出是:

"esx-poc-1.xxx.de" (SHA256) 71:72:D8:3E:09:9E:B1:5C:DA:78:A8:B8:A1:2B:E4:09:B8:00: 8A:AF:49:02:CC:B2:B5:C3:25:79:59:0D:A8:F5 + "puppetmaster.int.xxx.com" (SHA256) 7B:00:8C:4F:CE: B2:0D:2F:A1:BB:A7:C4:25:B0:11:01:2B:EC:90:46:D1:CB:BE:AA:AD:3F:B4:70:0C:83: 3F:78(替代名称:“DNS:puppet”、“DNS:puppet.xxx.de”、“DNS:puppetmaster.int.xxx.com”)

与代理签约后:

puppet 证书签名 esx-poc-1.xxx.de

指纹与上述不同:

  • “esx-poc-1.xxx.de”(SHA256)49:F6:59:FD:3C:28:C6:54:7F:6E:A7:56:56:DB:64:9A:E2:08: 10:90:11:83:7A:A6:0E:E1:CD:39:F0:E0:1C:25

那是对的吗?

执行 agent-run aferwards 会导致以下错误:

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: Could not retrieve facts for esx-poc-1.xxx.de: Failed to submit 'replace facts' command for esx-poc-1.xxx.de to PuppetDB at puppetmaster.int.xxx.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.int.xxx.com] Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/last_run.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppi_projects.rb Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/lib/puppet/lib/facter/iptables.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for esx-poc-1.xxx.de to PuppetDB at puppetmaster.int.xxx.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.int.xxx.com] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run

感谢您的帮助!

4

5 回答 5

3

我自己也遇到了同样的问题。问题最终是puppetdb-terminus包的版本是,1.1.0puppetdb它本身仍然是1.0.5.

降级puppetdb-terminus1.0.5一切正常。

于 2013-02-09T06:08:30.320 回答
1

在 puppet 3.4 中,我注意到如果未设置主机名,则可能会引发此错误。

例如; 我有两个 Debian 盒子;一个被命名debian1,另一个debian2在 hosts 文件中。但是,他们的两个/etc/hostname设置都在哪里debian;在我更改他们的名字hostname并设置他们的名字之后,/etc/hostname他们工作得很好。

于 2014-03-15T21:40:39.500 回答
0

更改 /etc/puppet 中文件的权限后出现此错误。将它们改回“pe-puppet”(对于企业版)为我解决了这个问题

于 2013-12-10T15:15:01.490 回答
0

这可能是一个愚蠢的问题,但是,你有这台机器的节点定义吗?IE,

node 'esx-poc-1.xxx.de' {
    .....
}
于 2013-02-07T23:44:41.527 回答
-2

在完全重新安装 puppetdb 后,它终于可以工作了......

于 2013-02-07T13:37:36.307 回答