無法重新加載Puppet配置 - >無法連接到Puppet服務器

Question

我正在使用兩個Vagrant虛擬機來測試Puppet的一些事情，但是當我去請求證書時，我得到一個神祕的錯誤消息，找到任何有關的信息。

我應該注意，與良好的Linux服務器管理相對應，我使用/var/和/opt/來存儲敏感的證書信息，但使用其他標準的Puppet設置。

# Client node details 
IP: 192.168.250.10 
Hostname: client.example.com 
Puppet version: 4.3.2 
OS: CentOS Linux release 7.0.1406 (on Vagrant) 

# Puppet server details 
IP: 192.168.250.6 
Hostname: puppet-server.example.com 
Puppet version: 4.3.2 
OS: CentOS Linux release 7.0.1406 (on Vagrant) 

# client's and server's /etc/hosts files are identical 
192.168.250.5 puppetmaster.example.com 
192.168.250.6 puppet.example.com puppet-server.example.com 
192.168.250.7 dashserver.example.com dashboard.example.com 
192.168.250.10 client.example.com 
192.168.250.20 webserver.example.com 

# /etc/puppetlabs/puppet/puppet.conf on both client and server 
[main] 
    logdest = syslog 
[user] 
    bucketdir = $clientbucketdir 
    vardir = /var/opt/puppetlabs/server 
    ssldir = $vardir/ssl 
[agent] 
    server = puppet.example.com 
[master] 
    certname = puppet.example.com 
    vardir = /var/opt/puppetlabs/puppetserver 
    ssldir = $vardir/ssl 
    logdir = /var/log/puppetlabs/puppetserver 
    rundir = /var/run/puppetlabs/puppetserver 
    pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid 
    trusted_server_facts = true 
    reports = store 
    cacert = /var/opt/puppetlabs/puppetserver/ssl/certs/ca.pem 
    cacrl = /var/opt/puppetlabs/puppetserver/ssl/crl.pem 
    hostcert = /var/opt/puppetlabs/puppetserver/ssl/certs/{puppet, client}.example.com.pem # respectively, obviously 
    hostprivkey = /var/opt/puppetlabs/puppetserver/ssl/private_keys/{puppet, client}.example.com.pem # respectively, obviously 

最後，錯誤我得到：

所有的

$ sudo puppet resource service puppet ensure=stopped enable=false 
Notice: /Service[puppet]/ensure: ensure changed 'running' to 'stopped' 
service { 'puppet': 
    ensure => 'stopped', 
    enable => 'false', 
} 
$ sudo puppet resource service puppet ensure=running enable=true 
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running' 
service { 'puppet': 
    ensure => 'running', 
    enable => 'true', 
} 
$ puppet agent --test --server=puppet.example.com 
Error: Could not request certificate: Permission denied @ dir_initialize - /etc/puppetlabs/puppet/ssl/private_keys 
Exiting; failed to retrieve certificate and waitforcert is disabled 

首先，與此設置木偶不應該使用/etc/puppetlabs/puppet/ssl/private_keys。它不正確使用我的配置文件：

$ puppet config print ssldir 
/etc/puppetlabs/puppet/ssl 

接下來，我經歷了和再生服務器和客戶端節點as prescribed in the Puppet docs上的按鍵，但是我還是得到了同樣的錯誤，並在客戶端和服務器仍然認爲我的$ssldir是/etc/puppetlabs/puppet/ssl它應該是/var/opt/puppetlabs/puppetserver/ssl。

有什麼想法？

Answer 1

您需要在代理部分以及主服務器中指定ssl和vardir配置。

the user section is only applicable to the puppet apply commands etc