puppet使用 apache passsenger 作为前端 (debian)
# 上面的配置完成后, master 上重启 nginx 服务root@master-2:~# /opt/nginx/sbin/nginx -s>
# agent 上允许测试, 查看是否连通
root@node-1:~# rm -rf /var/lib/puppet/ssl/*
root@node-1:~# puppet agent-t
Info: Creating a new SSL key for node-1.puppet.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node-1.puppet.com
Info: Certificate Request fingerprint (SHA256): 7E:F9:4A:EA:B1:BE:A4:0B:33:1D:55:44:9B:4C:83:8D:74:49:25:0E:8B:A2:80:23:D0:6B:A5:0D:FB:E4:6F:07
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# master 上许可证书
root@master-2:~# puppet cert list --all
"node-1.puppet.com" (SHA256) 7E:F9:4A:EA:B1:BE:A4:0B:33:1D:55:44:9B:4C:83:8D:74:49:25:0E:8B:A2:80:23:D0:6B:A5:0D:FB:E4:6F:07
+ "master-2.puppet.com" (SHA256) 86:12:B9:BE:B2:2C:26:B2:15:FE:07:11:A1:ED:E5:BC:95:0C:8F:D1:8B:E6:40:FB:C5:0D:D6:DD:F6:DC:ED:00
root@master-2:~# puppet cert sign node-1.puppet.com
Notice: Signed certificate request for node-1.puppet.com
Notice: Removing file Puppet::SSL::CertificateRequest node-1.puppet.com at '/var/lib/puppet/ssl/ca/requests/node-1.puppet.com.pem'
root@master-2:~# puppet cert list --all
+ "master-2.puppet.com" (SHA256) 86:12:B9:BE:B2:2C:26:B2:15:FE:07:11:A1:ED:E5:BC:95:0C:8F:D1:8B:E6:40:FB:C5:0D:D6:DD:F6:DC:ED:00
+ "node-1.puppet.com" (SHA256) 8C:EA:3E:05:A0:90:D4:89:75:B6:9A:A8:55:BC:48:F8:C3:E8:60:D9:E0:51:9A:3F:E6:49:FE:B5:EA:1B:05:F3
# agent 再次测试, 可以正常连接 master 了
root@node-1:~# puppet agent-t
Info: Caching certificate for node-1.puppet.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for node-1.puppet.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node-1.puppet.com
Info: Applying configuration version '1420875451'
Notice: Finished catalog run in 0.02 seconds
页:
[1]