Kyl*_*cot 5 ssl puppet ssl-certificate puppetdb puppet-agent
我正在尝试使用 puppetdb,但遇到了一些问题。
我有一个名为puppet. 它是主人,也是我安装 puppetdb 的地方。也是puppet管理的节点。
当我puppet -t在 puppet 节点上运行时,我得到:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Could not retrieve facts for puppet.example.com:
Failed to submit 'replace facts' command for puppet.example.com to PuppetDB at
puppet:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
B: certificate verify failed: [unable to get local issuer certificate for
/CN=puppet.example.com]
我假设 SSL 有问题,但我不确定要更改什么或在哪里查看。
它看起来像是 PuppetDB(主)服务器上的主机名问题。确保hostname -f输出地址可从puppet agent运行的所有节点解析。
从错误日志看来,主机名只是puppet:
Failed to submit 'replace facts' command for puppet.example.com to PuppetDB at
puppet:8081
然后移动旧证书
对于PuppetDB 2.x:
mv /etc/puppet/puppetdb/ssl/ /etc/puppet/puppetdb/ssl-old
puppetdb-ssl-setup -f
对于PuppetDB 3.x及更高版本:
mv /etc/puppetlabs/puppetdb/ssl/ /etc/puppetlabs/puppetdb/ssl-old
puppetdb ssl-setup -f
最后重启服务:
service puppetdb restart