Puppet db 证书消失了吗?

tag-icon tag-icon puppet jvm
Puppet db 证书消失了吗?

自服务启动以来,配置中没有任何变化,只有许可证密钥。“cacerts”文件本身是一个符号链接。有人遇到过类似的问题吗?

root@puppet:/home/user# journalctl -u pe-puppetdb
-- Logs begin at Thu 2019-05-02 17:48:14 UTC, end at Thu 2019-05-02 17:54:26 UTC. --
Starting pe-puppetdb Service...
The [database] classname setting has been retired and will be ignored.
The [database] subprotocol setting has been retired and will be ignored.
The [database] classname setting has been retired and will be ignored.
The [database] subprotocol setting has been retired and will be ignored.
 java.io.FileNotFoundException: /opt/puppetlabs/server/apps/java/lib/jvm/java/jre/lib/security/cacerts (No such file or directory)
         at java.io.FileInputStream.open0(Native Method)
         at java.io.FileInputStream.open(FileInputStream.java:195)
         at java.io.FileInputStream.<init>(FileInputStream.java:138)
         at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:60)
         at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
         at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
         at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
         at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:177)
         at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
         at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
         at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
         at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357)
         at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:259)
         at sun.security.validator.Validator.validate(Validator.java:260)
         at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
         at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
         at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
         at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
         at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
         at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
         at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
         at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:62)
         at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:351)
         at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:137)
         at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
         at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:215)
         at org.postgresql.Driver.makeConnection(Driver.java:406)
         at org.postgresql.Driver.connect(Driver.java:274)
         at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:95)
         at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:101)
         at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:356)
         at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:199)
         at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:444)
         at com.zaxxer.hikari.pool.HikariPool.access$200(HikariPool.java:71)
         at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:631)
         at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:617)
         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
         at java.lang.Thread.run(Thread.java:748)
pe-puppetdb.service: Start operation timed out. Terminating.
Startup script was terminated before completion
pe-puppetdb.service: State 'stop-final-sigterm' timed out. Killing.
pe-puppetdb.service: Control process exited, code=killed status=9
Failed to start pe-puppetdb Service.
pe-puppetdb.service: Unit entered failed state.
pe-puppetdb.service: Failed with result 'signal'.
pe-puppetdb.service: Service hold-off time over, scheduling restart.

答案1

问题已解决

  1. 转到文件夹-/opt/puppetlabs/server/apps/puppetdb/bin
  2. 运行./puppetdb ssl-setup -f,它将生成证书(注意:完成此步骤后,您将缺少一个证书。)
  3. 将证书 /etc/puppetlabs/orchestration-services/ssl/FQDN.cert.pem 复制到 /etc/puppetlabs/puppetdb/ssl/
  4. 通过 ./puppet-enterprise-installer -c <path to .../conf.d/pe.conf> 开始安装,他将纠正所有错误。

这种方法的缺点

  1. 需要再次添加所有节点
  2. 为了找到这个解决方案,我花了大约30个小时的时间。

相关内容