尝试在单台机器上设置 Puppet 代理/主控(计划在工作正常后安装更多代理)。我现在陷入了证书签名过程,感觉应该很容易。
手动启动服务器,它会创建一个 ca 证书
$ sudo puppet master --no-daemonize --verbose
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 59:31:5B:35:9B:45:4B:36:7F:08:3A:80:2E:4C:78:2F:95:6B:33:45:E4:46:54:E8:8F:33:E8:62:15:1D:A8:DE
Notice: Signed certificate request for ca
Notice: Rebuilding inventory file
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for box.localdomain
Info: Creating a new SSL certificate request for box.localdomain
Info: Certificate Request fingerprint (SHA256): D3:88:48:BD:D6:64:EE:9B:3A:C1:06:C6:9D:4E:74:06:B3:09:BA:82:D1:91:0E:1A:DA:7D:55:0B:7B:83:C6:3F
Notice: box.localdomain has a waiting certificate request
Notice: Signed certificate request for box.localdomain
Notice: Removing file Puppet::SSL::CertificateRequest box.localdomain at '/etc/puppet/ssl/ca/requests/box.localdomain.pem'
Notice: Removing file Puppet::SSL::CertificateRequest box.localdomain at '/etc/puppet/ssl/certificate_requests/box.localdomain.pem'
Notice: Starting Puppet master version 3.3.0-rc2
手动启动客户端,期望它创建证书请求:
$ sudo puppet agent --test --waitforcert 60
[sudo] password for mystro:
Info: Retrieving plugin
Info: Caching catalog for box.localdomain
Info: Applying configuration version '1378835927'
Notice: Finished catalog run in 0.04 seconds
查找证书请求(无输出)
$ sudo puppet cert list
为什么代理人不要求签署证书?
答案1
该证书已经签名。
您需要在 puppet 调用中添加 --all 标志,以查看已签名的证书。您可以运行puppet <command> --help以获取有关运行 puppet 命令的更多信息。