puppet - 无法从库存服务中检索事实：SSL_connect 返回=1 errno=0 state=SSLv3

Question

我可以在 puppet Enterprise Console 中看到以下错误::

Could not retrieve facts from inventory service: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked

我也遵循以下步骤::

1. 我在 Windows puppet Enterprise 客户端上运行了 puppet agent -t。

2. 我运行了 puppet cert list 并从 master 签署了客户端证书。

3. 我再次运行 puppet agent -t 但在控制台上出现以下错误::

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: c ertificate verify failed: [certificate revoked for /CN=learn.localdomain] Info: Retrieving plugin Error: /File[C:/ProgramData/PuppetLabs/puppet/var/lib]: Failed to generate addit ional resources using 'evalgenerate': SSLconnect returned=1 errno=0 state=SSLv 3 read server certificate B: certificate verify failed: [certificate revoked for /CN=learn.localdomain] Error: /File[C:/ProgramData/PuppetLabs/puppet/var/lib]: Could not evaluate: SSL connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate ve rify failed: [certificate revoked for /CN=learn.localdomain] Could not retrieve file metadata for puppet://learn.localdomain/plugins: SSLconnect returned=1 err no=0 state=SSLv3 read server certificate B: certificate verify failed: [certific ate revoked for /CN=learn.localdomain] Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/concatba sedir.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/customau thconf.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/facterdo td.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/ip6tables version.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/iptables persistentversion.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/iptables version.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/peversio n.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/postgres defaultversion.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/puppetdb serverstatus.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/puppetva rdir.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/roothome .rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/windows.r b Error: Could not retrieve catalog from remote server: SSLconnect returned=1 err no=0 state=SSLv3 read server certificate B: certificate verify failed: [certific ate revoked for /CN=learn.localdomain] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read se rver certificate B: certificate verify failed: [certificate revoked for /CN=lear n.localdomain]是

Answer 1

我猜你的证书没有从主人那里很好地移除。

要清理客户端证书，您需要运行以下命令：

• 在主上：puppet cert -c <hostname>
• 在客户端上：（rm -rf /var/lib/puppet/ssl假设您的 ssl 证书位于此位置）

资料来源：http: //inuits.eu/blog/puppet-sslv3-alert-certificate-revoked

希望这可以帮助。