我正在使用兩個Vagrant虛擬機來測試Puppet的一些事情,但是當我去請求證書時,我得到一個神祕的錯誤消息,找到任何有關的信息。無法重新加載Puppet配置 - >無法連接到Puppet服務器
我應該注意,與良好的Linux服務器管理相對應,我使用/var/
和/opt/
來存儲敏感的證書信息,但使用其他標準的Puppet設置。
# Client node details
IP: 192.168.250.10
Hostname: client.example.com
Puppet version: 4.3.2
OS: CentOS Linux release 7.0.1406 (on Vagrant)
# Puppet server details
IP: 192.168.250.6
Hostname: puppet-server.example.com
Puppet version: 4.3.2
OS: CentOS Linux release 7.0.1406 (on Vagrant)
# client's and server's /etc/hosts files are identical
192.168.250.5 puppetmaster.example.com
192.168.250.6 puppet.example.com puppet-server.example.com
192.168.250.7 dashserver.example.com dashboard.example.com
192.168.250.10 client.example.com
192.168.250.20 webserver.example.com
# /etc/puppetlabs/puppet/puppet.conf on both client and server
[main]
logdest = syslog
[user]
bucketdir = $clientbucketdir
vardir = /var/opt/puppetlabs/server
ssldir = $vardir/ssl
[agent]
server = puppet.example.com
[master]
certname = puppet.example.com
vardir = /var/opt/puppetlabs/puppetserver
ssldir = $vardir/ssl
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
trusted_server_facts = true
reports = store
cacert = /var/opt/puppetlabs/puppetserver/ssl/certs/ca.pem
cacrl = /var/opt/puppetlabs/puppetserver/ssl/crl.pem
hostcert = /var/opt/puppetlabs/puppetserver/ssl/certs/{puppet, client}.example.com.pem # respectively, obviously
hostprivkey = /var/opt/puppetlabs/puppetserver/ssl/private_keys/{puppet, client}.example.com.pem # respectively, obviously
最後,錯誤我得到:
所有的$ sudo puppet resource service puppet ensure=stopped enable=false
Notice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped'
service { 'puppet':
ensure => 'stopped',
enable => 'false',
}
$ sudo puppet resource service puppet ensure=running enable=true
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
}
$ puppet agent --test --server=puppet.example.com
Error: Could not request certificate: Permission denied @ dir_initialize - /etc/puppetlabs/puppet/ssl/private_keys
Exiting; failed to retrieve certificate and waitforcert is disabled
首先,與此設置木偶不應該使用/etc/puppetlabs/puppet/ssl/private_keys
。它不正確使用我的配置文件:
$ puppet config print ssldir
/etc/puppetlabs/puppet/ssl
接下來,我經歷了和再生服務器和客戶端節點as prescribed in the Puppet docs上的按鍵,但是我還是得到了同樣的錯誤,並在客戶端和服務器仍然認爲我的$ssldir
是/etc/puppetlabs/puppet/ssl
它應該是/var/opt/puppetlabs/puppetserver/ssl
。
有什麼想法?
「puppet config print ssldir」的輸出是什麼? – Robo