在 master 上:
puppetserver ca list Traceback (most recent call last):
9: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5:in '<main>'
8: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/cli.rb:94:in 'run'
7: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/action/list.rb:78:in 'run'
6: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/action/list.rb:167:in 'get_all_certs'
5: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/action/list.rb:167:in 'new'
4: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/certificate_authority.rb:26:in 'initialize'
3: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/certificate_authority.rb:26:in 'new'
2: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/utils/http_client.rb:23:in 'initialize'
1: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/utils/http_client.rb:144:in 'make_store'
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/utils/http_client.rb:144:in add_file': system lib (OpenSSL::X509::StoreError)
关于代理:
osboxes@ubuntuagent:~$ sudo ufw disable
系统启动时防火墙已停止并禁用 osboxes@ubuntuagent:~$ osboxes@ubuntuagent:~$ sudo systemctl restart puppet osboxes@ubuntuagent:~$ sudo systemctl status puppet ● puppet.service - Puppet agent 已加载:已加载(/lib/systemd/system/puppet.service;已启用;供应商预设:已启用) 活动:活动(正在运行)自 2020-08-04 星期二 08:56:55 EDT;12 秒前 主 PID:6239(puppet) 任务:2(限制:2321) 内存:45.5M CGroup:/system.slice/puppet.service └─6239 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize
8 月 4 日 08:56:55 ubuntuagent systemd[1]: 已启动 Puppet 代理。8 月 4 日 08:56:59 ubuntuagent puppet-agent[6239]: 8 月 4 日 08:56:59 之后对 https://ubuntuserver:8140/puppet-ca/v1 的请求失败 ubuntuagent puppet-agent[6239]: 包装异常:8 月 4 日 08:56:59 ubuntuagent puppet-agent[6239]: 无法打开与 ubuntuserver:8140 的 TCP 连接(连接 8 月 4 日 08:56:59 ubuntuagent puppet-agent[6239]: 没有更多到 ca 的路由
答案1
您的证书配置不正确,很可能是在服务器端。此行表明了这一点:
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.8.0/lib/puppetserver/ca/utils/http_client.rb:144:in add_file': system lib (OpenSSL::X509::StoreError)