我已附上带有调试的完整输出,以查看是否有人能弄清楚出了什么问题。我尝试删除 /etc/puppet/ssl/,两个节点(代理和主节点)能够通过 IP 和主机名相互 ping 通。使用 vagrant。在主节点上运行 # puppet cert list 没有任何结果,当我尝试运行代理时,我在代理上运行了 tcpdump,网络流量至少是针对主节点生成的,不确定问题是什么。如能提供帮助,我将不胜感激 ^^。
[root@vagrant-puppet-c664-wiki vagrant]# puppet agent --test --debug --server=vagrant-puppet-master.pv.com
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"1755", :links=>:follow, :path=>"/var/lib/puppet/state"}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet"}'
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Puppet::Type::User::ProviderLdap: true value when expecting false
Debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys"}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"755", :links=>:follow, :path=>"/var/run/puppet"}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private"}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/lib"}'
Debug: Using settings: adding file resource 'statefile': 'File[/var/lib/puppet/state/state.yaml]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :mode=>"660", :links=>:follow, :path=>"/var/lib/puppet/state/state.yaml"}'
Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/clientbucket"}'
Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs/ca.pem"}'
Debug: Using settings: adding file resource 'lastrunfile': 'File[/var/lib/puppet/state/last_run_summary.yaml]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/state/last_run_summary.yaml"}'
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Puppet::Type::Group::ProviderLdap: true value when expecting false
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:ensure=>:directory, :backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/log/puppet"}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs"}'
Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/state/graphs"}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests"}'
Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/client_yaml"}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"600", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem"}'
Debug: Using settings: adding file resource 'lastrunreport': 'File[/var/lib/puppet/state/last_run_report.yaml]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :mode=>"640", :links=>:follow, :path=>"/var/lib/puppet/state/last_run_report.yaml"}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet"}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"771", :links=>:follow, :path=>"/var/lib/puppet/ssl"}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys"}'
Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/client_data"}'
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem"}'
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: Finishing transaction 70281662410760
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"1755", :links=>:follow, :path=>"/var/lib/puppet/state"}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet"}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys"}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :mode=>"755", :links=>:follow, :path=>"/var/run/puppet"}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private"}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/lib"}'
Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs/ca.pem"}'
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:ensure=>:directory, :backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/log/puppet"}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs"}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests"}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"600", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem"}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet"}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"771", :links=>:follow, :path=>"/var/lib/puppet/ssl"}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:ensure=>:directory, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys"}'
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem]{:ensure=>:file, :backup=>false, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem"}'
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys/vagrant-puppet-c664-wiki.pv.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys/vagrant-puppet-c664-wiki.pv.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 70281661077540
Debug: Using cached certificate for ca
Debug: Using cached certificate_request for vagrant-puppet-c664-wiki.pv.com
Debug: Using cached certificate for ca
Debug: Using cached certificate for ca
Exiting; no certificate found and waitforcert is disabled
答案1
您删除了/etc/puppet/ssl,但(至少在客户端上)这不是用于 SSL 证书存储的位置。
您可能已从主服务器中删除了证书请求,但客户端永远不会向主服务器发送新的证书请求,因为它认为它仍在等待批准。
删除/var/lib/puppet/ssl/客户端上的目录。同时puppet config print ssldir在主服务器上运行并验证它是否符合您的预期,以及puppet cert list --all验证是否还没有具有该客户端名称的证书。并且,如果您确实删除了主服务器上的 SSL 目录,请确保随后重新启动主服务器服务。