我在两台虚拟机(一台主机和一台节点)上安装了 Puppet Enterprise。当我尝试使用 puppet agent -t 手动运行代理时,出现错误
Server hostname '192.168....' did not match server certificate; expected one of host-192-168-.....localdomain.
如果我通过添加
--server host-192-168.....localdomainrunInterval有人可以帮我吗?我怎样才能让我的节点代理使用正确的服务器证书名称联系主节点?
来自节点的puppet.conf:
[main]
vardir = ...
logdir = ...
rundir = ...
basemodulepath = ...
user = ...
group = ...
archive_files = ...
[agent]
report = ...
classfile = ...
localconfig = ...
graph = ...
pluginsync = ...
environment = ...
server = 192.168.10.39
certname = 192.168.10.40
noop = true
runinterval = 1800
[main]
vardir = ...
logdir = ...
rundir = ...
basemodulepath = ...
user = ...
group = ...
archive_files = ...
[agent]
report = ...
classfile = ...
localconfig = ...
graph = ...
pluginsync = ...
environment = ...
server = 192.168.10.39
certname = 192.168.10.40
noop = true
runinterval = 1800
如果我把 server = host-...(在 main 中)没有任何改变。我想我不能从[代理]部分更改服务器,因为应该有主IP(我相信)...
我尝试了该链接上的内容,现在我的傀儡代理 -t 不再在我的节点上执行任何操作。为了更好地理解,我发布了 master 的 puppet.conf:
[main]
certname = host-192-168-10-39.localdomain
vardir = /var/opt/lib/pe-puppet
logdir = /var/log/pe-puppet
rundir = /var/run/pe-puppet
basemodulepath = /opt/alu/deploy/puppet/modules:/etc/puppetlabs/puppet....
environmentpath = /opt/alu/deploy/puppet/environments
server = 192.168.10.39
user = pe-puppet
group = pe-puppet
archive_files = true
archive_files_server = 192.168.10.39
module_groups = base+pe_only
dns_alt_names = puppet
[agent]
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production
noop = true
runinterval = 1800
[master]
node_terminus = classfier
ca_server = host-192-168-10-39.localdomain
reports = console,puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb
certname = 192-168-10-39.localdomain
server = 192.168.10.39
always_cache_features = true
default_manifest = /opt/alu/deploy/puppet/manifests/default.pp
来自木偶代理 -t 的错误:http://i62.tinypic.com/34ijlmu.png
导致此问题的原因有多种,请列出您的 puppet.conf。
但是从顶部看,主服务器生成的证书中的名称与服务器的主机名之间似乎有些不匹配。也许在您生成证书和重新启动之间,主机名已更改,因为主机名更改有时直到重新启动后才会生效。
puppetlabs 官方文档有助于解决此问题,请点击以下链接:https://docs.puppetlabs.com/guides/troubleshooting.html?_ga=1.110966791.343491524.1432986084#agents-are-failing-with-a-hostname-与服务器证书不匹配错误是什么错误。它可能就像在 /etc/puppet/conf 中设置 certname 值并重新启动 master 一样简单。
无需在命令行上发出
[main]
certname = host-192-168-10-39.localdomain
vardir = /var/opt/lib/pe-puppet
logdir = /var/log/pe-puppet
rundir = /var/run/pe-puppet
basemodulepath = /opt/alu/deploy/puppet/modules:/etc/puppetlabs/puppet....
environmentpath = /opt/alu/deploy/puppet/environments
server = 192.168.10.39
user = pe-puppet
group = pe-puppet
archive_files = true
archive_files_server = 192.168.10.39
module_groups = base+pe_only
dns_alt_names = puppet
[agent]
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production
noop = true
runinterval = 1800
[master]
node_terminus = classfier
ca_server = host-192-168-10-39.localdomain
reports = console,puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb
certname = 192-168-10-39.localdomain
server = 192.168.10.39
always_cache_features = true
default_manifest = /opt/alu/deploy/puppet/manifests/default.pp
--serverserver=...更新 Puppet 客户端的配置:如果可以通过其证书上的名称(例如 puppet-master.local)访问服务器,请更新 Puppet 客户端的 puppet.conf 文件中的服务器设置以使用此设置名字。
我将其保存为 puppet-master,这是主机名,但将其更改为 puppet-master.local 对我有用