生产环境中的三台机器出现了一些硬件问题并已退役。基础架构团队已重新安装它们并为它们提供相同的主机名和 IP 地址。目的是在这些系统上运行 Puppet,以便可以再次调试这些系统。
试图
1) 通过发出以下命令从 Puppetmaster 中删除旧的 Puppet 证书:
puppet cert revoke grb16.company.com
puppet cert clean grb16.company.com
2) 删除旧证书后,通过从重新安装的节点之一发出以下命令来创建新证书请求:
[root@grb16 ~]# puppet agent -t
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for grb16.company.com
Info: Certificate Request fingerprint (SHA256): 6F:2D:1D:71:67:18:99:86:2C:22:A1:14:80:55:34:35:FD:20:88:1F:36:ED:A7:7B:2A:12:09:4D:F8:EC:BF:6D
Exiting; no certificate found and waitforcert is disabled
[root@grb16 ~]#
3) 一旦证书请求在 Puppetmaster 上可见,就会发出以下命令来签署证书请求:
[root@foreman ~]# puppet cert sign grb16.company.com
Notice: Signed certificate request for grb16.company.com
Notice: Removing file Puppet::SSL::CertificateRequest grb16.company.com at '/var/lib/puppet/ssl/ca/requests/grb16.company.com.pem' …我设置了一个 Puppet Master/Agent,并且已经成功地为 master 上的 agent 签署了证书。但是,当我运行时,puppet agent --test我遇到了如下所示的失败:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=hostname.domain.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=hostname.domain.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server …目的
目的是禁用每 30 分钟发生一次的自动 Puppet-agent 运行。可以更改时间间隔,但应完全禁用自动 Puppet-agent 运行。
尝试一
根据本文档,应该可以通过配置以下内容来禁用自动 Puppet-agent 运行:
/etc/puppet/puppet.conf
[agent]
daemonize=false
结果是
Notice: Run of Puppet configuration client already in progress;
skipping (/var/lib/puppet/state/agent_catalog_run.lock exists)
如果以 30 分钟的默认运行间隔手动运行 puppet。
尝试二
user@hostname:~$ sudo puppet agent --disable
结果是
user@hostname:~$ sudo puppet agent -t
Notice: Skipping run of Puppet configuration client;
administratively disabled (Reason: 'reason not specified');
Use 'puppet agent --enable' to re-enable.
尝试三
这个文档是在谷歌搜索这个问答的问题后找到的,但提供的信息没有回答这个问题。
目的
目前办公室里有 100 多个系统,预计这个数字还会增加。所有系统都由 Puppet 管理。如果 Puppet 代码在 Puppet Master 上发生变化,需要在多个系统上实现,则通过sudo puppet agent -t在每个系统上执行手动运行 Puppet 。有时需要在 10 多个系统上实施更改。为了安全起见,我们的想法是使用 MCollective,即在所有系统上运行 puppet 一次,而不是在每个系统上运行 puppet。
试图
ActiveMQ的,MCollective服务器和MCollective客户端已经安装在戏梦人生。一旦mco ping运行,就可以找到Puppetmaster。安装完成后MCollective木偶代理和运行mco rpc puppet runonce木偶是在运行戏梦人生。
为了连接远程 mcollective-client,想法是必须安装并运行activemq和mcollective-client,以便通过发出mco ping.
/var/log/mcollective.log
INFO -- : activemq.rb:114:in `on_connecting' TCP Connection attempt 23 to stomp://mcollective@stomp1:6163
/etc/activemq/activemq.xml
<transportConnectors>
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613"/>
</transportConnectors>
</broker> …我正在尝试将/vagrant/scripts 位于 puppet master 上的文件夹及其子文件夹复制到代理中。我在以下配置中使用init.pp:
file {
'/home/vagrant/scripts':
ensure => 'file',
source => 'puppet:///modules/ycsb/scripts',
path => '/home/vagrant/YCSB/scripts',
owner => 'vagrant',
group => 'vagrant',
mode => '0744', # Use 0700 if it is sensitive
}
当我检查代理时,我可以看到/scripts 文件夹,但没有其子文件夹。知道为什么会这样吗?
我正在尝试使用 puppetdb,但遇到了一些问题。
我有一个名为puppet. 它是主人,也是我安装 puppetdb 的地方。也是puppet管理的节点。
当我puppet -t在 puppet 节点上运行时,我得到:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Could not retrieve facts for puppet.example.com:
Failed to submit 'replace facts' command for puppet.example.com to PuppetDB at
puppet:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
B: certificate verify failed: [unable to get local issuer certificate for
/CN=puppet.example.com]
我假设 SSL 有问题,但我不确定要更改什么或在哪里查看。
我是新手puppet,在学习它的过程中,我创建Puppet Master并Puppet Slave设置并配置了一个mysql模块来安装 mysql Puppet client。下面是清单文件。
class mysql {
package { ["mysql-server-5.5", "libaio1", "libdbd-mysql-perl", "libdbi-perl", "libhtml-template-perl", "libmysqlclient18", "mysql-client-5.5", "mysql-common", "mysql-server-core-5.5"]:
ensure => present,
allowcdrom => 'true',
}
}
该package资源包含 mysql-server 的所有依赖项。但我收到以下错误。
Building dependency tree...
Reading state information...
The following extra packages will be installed:
mysql-common
The following NEW packages will be installed:
libmysqlclient18 mysql-common
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get …我致力于在 vagrant 管理的虚拟机上配置 CQ5。配置是使用 puppet 完成的。我对人偶清单文件中类/资源的执行顺序有疑问。
请在下面找到清单文件 cqsite.pp
include java
include apache
cq::instance {myauthor:
installation_type => author,
}
cq::instance {mypublish:
installation_type => publish,
}
在供应期间,puppet 最初选择 cq 资源(cq::instance)而不是 java。但是必须先安装 java 才能执行 cq::instance.pp 文件中的几个命令。所以它抛出一个错误。请帮我找到解决方案
我有一个新安装的 Puppet 服务器,只配置了一个模块和一个托管客户端。
这是一个 MOTD 模块,看起来像这样:
class motd {
file { "/etc/custom_motd.sh":
path => '/etc/custom_motd.sh',
ensure => present,
owner => "root",
group => "root",
mode => "775",
content => template('motd/custom_motd.sh.erb'),
#require => Class['nagios_client'],
}
# file_line { 'enable motd':
# ensure => present,
# line => '/etc/custom_motd.sh',
# path => '/etc/profile',
# require => File['/etc/custom_motd.sh']
# }
}
当我puppet agent -t在客户端上运行时,我得到了正确的结果:
[root@pnd01 ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for pnd01.company.com
Info: …我已经安装了puppet服务器和代理,在sudo /opt/puppetlabs/bin/puppetserver ca sign --certname mywindowshost服务器上接受初始代理请求。
我可以看到证书放置在下面并存在于服务器根 ca 和代理的证书中:
C:\Windows\system32>puppet agent --configprint localcacert
C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem
但是,在代理上运行以下命令来测试它,我得到以下结果:
C:\Windows\system32>puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: puppet.mydomain.com]
Info: Retrieving pluginfacts
Error: /File[C:/ProgramData/PuppetLabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: puppet.mydomain.com]
Error: /File[C:/ProgramData/PuppetLabs/puppet/cache/facts.d]: …puppet-agent ×10
puppet ×8
puppetmaster ×7
ssl ×3
activemq ×1
certificate ×1
debian ×1
mcollective ×1
openssl ×1
puppetdb ×1