我想知道如何手动(使用 openssl 而不是 puppet ca 命令)创建 Puppet 可以使用的 CA?目标是编写此类 CA 的脚本,以将它们部署在多个 puppetmaster 上,而不是通过 puppet cert 命令在它们上创建证书。
关于如何做到这一点的任何想法?我只能找到类似的东西:https : //wiki.mozilla.org/ReleaseEngineering/PuppetAgain/HowTo/Set_up_a_standalone_puppetmaster 但它无法工作 - 在创建 CA 和客户端证书并将它们应用到 puppetmaster 之后,它抱怨:
Feb 16 09:35:20 test puppet-master[81728]: Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.
Feb 16 09:35:20 test puppet-master[81728]: Certificate fingerprint: 4F:08:AE:01:B9:14:AC:A4:EA:A7:92:D7:02:E9:34:39:1C:5F:0D:93:A0:85:1C:CF:68:E4:52:B8:25:D1:11:64
Feb 16 09:35:20 test puppet-master[81728]: To fix this, remove the certificate from both the master and the agent and then start a …