ICode9
精准搜索请尝试: 精确搜索
首页
编程语言>
数据库
系统相关
互联网
其他分享
Python
Java
JavaScript
android
PHP
首页 > 系统相关> 文章详细

[linux tips] puppet client ssl 证书过期

2019-12-26 18:56:16  阅读:465  来源: 互联网

标签:control abc 01 certificate ssl client puppet com


问题:

[root@control-01 .ssh]# puppet agent -tv
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://foreman.abc.com/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://foreman.abc.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]

解决:

[root@control-01 .ssh]# cat /etc/puppet/puppet.conf 

[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl

[agent]
pluginsync      = true
report          = true
ignoreschedules = true
daemon          = false
ca_server       = foreman.abc.com
certname        = control-01.abc.com
environment     = stable
server          = foreman.abc.com

[root@control-01 .ssh]# cd /var/lib/puppet/
[root@control-01 puppet]# mv ssl ssl.bak
[root@control-01 puppet]# puppet agent --test
Info: Creating a new SSL key for control-01.abc.com
Info: Caching certificate for ca
Info: Caching certificate for control-01.abc.com
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 7D:D8:2C:03:20:EB:XXXXX:4B:84
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean control-01.abc.com
On the agent:
  1a. On most platforms: find /var/lib/puppet/ssl -name control-01.abc.com.pem -delete
  1b. On Windows: del "/var/lib/puppet/ssl/control-01.abc.com.pem" /f
  2. puppet agent -t

根据最后提示来在master和client上执行命令

标签:control,abc,01,certificate,ssl,client,puppet,com
来源: https://www.cnblogs.com/yahoon/p/12103795.html

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

关于我们 | 联系我们 | 留言反馈

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有