puppet时遇到的坑
本人菜鸟,部署puppet时遇到了很多错误,网上看了好多前辈的文章后才搞定,现在把常见的错误贴出。常见问题
问题:# puppetd --test --server puppet
dnsdomainname: Unknown host
dnsdomainname: Unknown host
err: Could not request certificate: Connection refused - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法:此错误是没有启动puppetmasterd服务和配置绑定主机名
#vi /etc/hosts
在最后一行添加:
192.168.3.9 puppet
#service puppetmasterd restart--重新启动服务
问题: # puppetd --server puppet --test
err: Could not request certificate: No route to host - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法: server端没有开启8140 port or close iptables firewall
问题: # puppetd --test --server puppet
info: Creating a new SSL key for c1.localdomain
err: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法: 客户端没有配置服务器端的域名绑定:
#vi /etc/hosts
在最后一行添加:
192.168.3.9 puppet
问题: # puppetd --server puppet.com --test
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
解决方法: 在puppet server执行下列语句:
# puppetca -l --返回下个未签名的证书清单
c1.localdomain
# puppetca -s c1.localdomain --签名证书
notice: Signed certificate request for c1.localmain
证书问题解决:
如果客户机请求证书时出现下面错误:
err:Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Exiting; failed to retrieve certificate and waitforcert is disabled
先到服务器端清除指定客户机的证书
puppetca -c c1.localdomain
然后再到服务器端吊销证书
puppetca -r c1.localdomain
然后在客户机上,mv /var/lib/puppet /tmp
接着在客户机上请求证书签名
puppetd --test --server puppet
然后在服务器上对客户机的证书做签名
puppetca -s -a
搞定,收工
页:
[1]