我有一个正在等待处理的傀儡证书:
$ puppetserver ca list
Requested Certificates:
intern.mydomain.com (SHA256) 3C:82:85:ED:6C:30:54:79:7A:FC:41:00:63:33:E0:52:BE:AA:3B:3F:76:21:73:1E:0B:1D:5F:A4:9C:D5:92:AC
当我尝试签署证书时,出现以下错误:
$ puppetserver ca sign --certname intern.mydomain.com
Error:
When attempting to sign certificate request 'intern.mydomain.com', received
code: 500
body: Internal Server Error: java.nio.file.FileSystemException: /etc/puppetlabs/puppet/ssl/ca/serial6208651530228400767tmp: Operation not permitted
可能是什么问题?受影响的目录看起来很正常,错误消息中的文件已创建,并且仅包含字符串“0005”:
$ ls -la /etc/puppetlabs/puppet/ssl/ca
total 68
drwxrwx--- 4 puppet puppet 4096 Sep 19 15:19 .
drwxrwx--x 8 puppet puppet 4096 Sep 19 15:17 ..
-rw-r--r-- 1 root root 1938 Jun 6 08:23 ca_crl.pem
-rw-r--r-- 1 root root 3862 Jun 6 08:23 ca_crt.pem
-rw-r----- 1 puppet puppet 3243 Jun 6 08:23 ca_key.pem
-rw-r----- 1 puppet puppet 800 May 16 13:33 ca_pub.pem
-rw-r----- 1 puppet puppet 1938 May 16 13:33 infra_crl.pem
-rw-r----- 1 puppet puppet 1 May 16 13:33 infra_inventory.txt
-rw-r----- 1 puppet puppet 1 May 16 13:33 infra_serials
-rw-r--r-- 1 root root 226 Jun 6 08:23 inventory.txt
drwxr-x--- 2 puppet puppet 4096 Sep 19 15:05 requests
-rw-r----- 1 puppet puppet 3247 May 16 13:33 root_key.pem
-rw-r--r-- 1 root root 4 Jun 6 08:23 serial
-rw------- 1 puppet puppet 4 Sep 19 15:14 serial3749210220972485837tmp
-rw------- 1 puppet puppet 4 Sep 19 15:09 serial4900578622956461009tmp
-rw------- 1 puppet puppet 4 Sep 19 15:19 serial6208651530228400767tmp
drwxr-x--- 2 puppet puppet 4096 Jun 6 08:23 signed
有什么想法吗?有趣的是,我之前(3 个月前)可以签署其他 3 个证书,这些证书运行起来没有任何问题,而且在此期间我也没有更改系统。
我正在使用puppetserver版本:6.20.0。
答案1
这是一些权限问题。错误信息似乎不正确。文件/etc/puppetlabs/puppet/ssl/ca/serial无法通过 puppet 写入。因此,以下命令解决了该问题:
$ chown -R puppet:puppet /etc/puppetlabs/puppet/ssl/ca