我正在尝试配置我的客户端“Itai-test”以从名为“puppetmaster”的傀儡服务器接收傀儡设置。
我在服务器上运行:
[root@puppetmaster requests]# puppet cert --generate itai-test.domain
Error: A Certificate already exists for itai-test.domain
[root@puppetmaster requests]# puppet cert --sign itai-test.domain
Error: Could not find certificate request for itai-test.domain
[root@puppetmaster requests]#
我在 Puppet 客户端上运行了:
[root@itai-test temp]# puppet agent --server puppetmaster.domain --waitforcert 60 --test
Notice: Did not receive certificate
Notice: Did not receive certificate
Notice: Did not receive certificate
更多信息:在服务器上:
[root@puppetmaster ~]# puppet cert --revoke Itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --revoke itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --clean itai-test
Error: Could not find a serial number for itai-test
[root@puppetmaster ~]# puppet cert --list
[root@puppetmaster ~]# puppet cert --sign itai-test
Error: Could not find certificate request for itai-test
[root@puppetmaster ~]#
在客户端:
[root@itai-test ~]# rm -rf /usr/lib/puppet/ssl
[root@itai-test ~]# puppet agent --server puppetmaster.domain --waitforcert 60
[root@itai-test ~]# ping puppetmaster.domain
PING puppetmaster (192.168.X.X) 56(84) bytes of data.
64 bytes from puppetmaster (192.168.X.X): icmp_seq=1 ttl=64 time=0.294 ms
答案1
你的客户端知道如何找到服务器吗?
root@client# ping puppet
客户端连接到服务器时将使用什么证书名称?
root@client# puppet config print certname
删除客户端上的 SSL 详细信息
root@client# rm -rf /var/lib/puppet/ssl
删除服务器上所有客户端的痕迹
root@puppet# puppet node clean $client_certname
root@puppet# puppet node deactivate $client_certname
答案2
第一:在服务器上
puppet cert --revoke Itai-test
puppet cert --clean Itai-test
第二:在客户端
rm -rf /usr/lib/puppet/ssl
puppet agent --server [puppetmaster domain name] --waitforcert 60
第三:在服务器上
puppet cert --list (you should see your host)
puppet cert --sign Itai-test
另外,请仔细检查您的客户端是否可以访问您的 [puppetmaster 域名]。
答案3
我认为您不知何故不同步了。假设这真的只是一个测试实例...在服务器上,运行puppet node clean itai-test.domain
。然后,在客户端上运行rm -rf /var/lib/puppet/ssl
。现在您的客户端 SSL 证书已消失。puppet agent --server puppetmaster.domain --waitforcert 60 --test
在客户端上运行并在服务器上查找证书请求。