标签:control abc 01 certificate ssl client puppet com
问题:
[root@control-01 .ssh]# puppet agent -tv
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://foreman.abc.com/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://foreman.abc.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
解决:
[root@control-01 .ssh]# cat /etc/puppet/puppet.conf
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
pluginsync = true
report = true
ignoreschedules = true
daemon = false
ca_server = foreman.abc.com
certname = control-01.abc.com
environment = stable
server = foreman.abc.com
[root@control-01 .ssh]# cd /var/lib/puppet/
[root@control-01 puppet]# mv ssl ssl.bak
[root@control-01 puppet]# puppet agent --test
Info: Creating a new SSL key for control-01.abc.com
Info: Caching certificate for ca
Info: Caching certificate for control-01.abc.com
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 7D:D8:2C:03:20:EB:XXXXX:4B:84
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
puppet cert clean control-01.abc.com
On the agent:
1a. On most platforms: find /var/lib/puppet/ssl -name control-01.abc.com.pem -delete
1b. On Windows: del "/var/lib/puppet/ssl/control-01.abc.com.pem" /f
2. puppet agent -t
根据最后提示来在master和client上执行命令
标签:control,abc,01,certificate,ssl,client,puppet,com 来源: https://www.cnblogs.com/yahoon/p/12103795.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。