本帖最后由 fansik 于 2016-5-16 14:09 编辑
puppet服务端和客户端配置好后,客户端可以同步服务端的文件,也就是/tmp/123.txt的文件;
但是使用puppet agent --test --serverserver.fansik.com在向服务端发起请求的时候会有如下问题:
[root@client1 tmp]# puppet agent --test --server server.fansik.com
Notice: Ignoring --listen on onetime run
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://server.fansik.com/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://server.fansik.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
puppet服务端和客户端配置好后,客户端可以同步服务端的文件,也就是/tmp/123.txt的文件;
但是使用puppet agent --test --serverserver.fansik.com在向服务端发起请求的时候会有如下问题:
[root@client1 tmp]# puppet agent --test --server server.fansik.com
Notice: Ignoring --listen on onetime run
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://server.fansik.com/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://server.fansik.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: server.fansik.com]
0
清除客户端rm -rf /var/lib/puppet/ssl/*
清楚服务端的证书puppet cert clean --all
客户端执行puppet agent --test --server server.fansik.com后客户端的/var/lib/puppet/ssl/下也会生成文件
服务端也会显示有注册的证书但是在执行命令的时候会有如下错误:
[root@client1 tmp]# puppet agent --test --server server.fansik.com
Info: Creating a new SSL key for client1.fansik.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client1.fansik.com
Info: Certificate Request fingerprint (SHA256): D8:50:9E:12:F8:50:23:B0:D0:40:67:11:A5:27:6E:40:09:7E:2E:91:F8:FF:18:4D:F5:58:7E:04:4E:D3:ED:14
Info: Caching certificate for client1.fansik.com
Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate
Exiting; failed to retrieve certificate and waitforcert is disabled
清楚服务端的证书puppet cert clean --all
客户端执行puppet agent --test --server server.fansik.com后客户端的/var/lib/puppet/ssl/下也会生成文件
服务端也会显示有注册的证书但是在执行命令的时候会有如下错误:
[root@client1 tmp]# puppet agent --test --server server.fansik.com
Info: Creating a new SSL key for client1.fansik.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client1.fansik.com
Info: Certificate Request fingerprint (SHA256): D8:50:9E:12:F8:50:23:B0:D0:40:67:11:A5:27:6E:40:09:7E:2E:91:F8:FF:18:4D:F5:58:7E:04:4E:D3:ED:14
Info: Caching certificate for client1.fansik.com
Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate
Exiting; failed to retrieve certificate and waitforcert is disabled
编辑回复