Puppet:服务器主机名与服务器证书不匹配

时间:2015-06-04 07:17:41

标签: certificate puppet agent

我在两台虚拟机上安装了Puppet Enterprise(一台主机和一台节点)。当我尝试用puppet agent -t手动运行我的代理时,我收到错误

Server hostname '192.168....' did not match server certificate; expected one of host-192-168-.....localdomain.

如果我通过添加--server host-192-168.....localdomain来运行它,它可以正常运行,但这样我可以手动执行此操作,并且在它自己的runInterval之后它不起作用,因此在我的木偶控制台上它表示它没有响应。我想这是因为它本身就会得到我之前提到的错误,所以我的主人不能从这个节点收到任何报告。

有人可以帮我这个吗?我怎样才能使我的节点的代理与主服务器联系,并使用正确的服务器证书名称?

来自节点的

puppet.conf: 

[main]

vardir = ...
logdir = ...
rundir = ...
basemodulepath = ...
user = ...
group = ...
archive_files = ...

[agent]

report = ...
classfile = ...
localconfig = ...
graph = ...
pluginsync = ...
environment = ...
server = 192.168.10.39
certname = 192.168.10.40
noop = true
runinterval = 1800

[main] vardir = ... logdir = ... rundir = ... basemodulepath = ... user = ... group = ... archive_files = ... [agent] report = ... classfile = ... localconfig = ... graph = ... pluginsync = ... environment = ... server = 192.168.10.39 certname = 192.168.10.40 noop = true runinterval = 1800

如果我把server = host -...(在main中)没有任何改变。我想我无法从[代理]部分更改服务器,因为应该有主ip(我相信)......

我尝试了该链接上的内容,现在我的木偶代理-t在节点上不再执行任何操作了。为了更好地理解,我将从master发布我的puppet.conf:

[main]

certname = host-192-168-10-39.localdomain
vardir = /var/opt/lib/pe-puppet
logdir = /var/log/pe-puppet
rundir = /var/run/pe-puppet
basemodulepath = /opt/alu/deploy/puppet/modules:/etc/puppetlabs/puppet....
environmentpath = /opt/alu/deploy/puppet/environments
server = 192.168.10.39
user = pe-puppet
group = pe-puppet
archive_files = true
archive_files_server = 192.168.10.39
module_groups = base+pe_only
dns_alt_names = puppet

[agent]

report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production
noop = true
runinterval = 1800

[master]

node_terminus = classfier
ca_server = host-192-168-10-39.localdomain
reports = console,puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb
certname = 192-168-10-39.localdomain
server = 192.168.10.39
always_cache_features = true
default_manifest = /opt/alu/deploy/puppet/manifests/default.pp

木偶代理错误-t:http://i62.tinypic.com/34ijlmu.png

2 个答案:

答案 0 :(得分:1)

不要在命令行上发出--server,只需在代理的server=...文件的[main]部分添加puppet.conf

答案 1 :(得分:1)

导致此问题的原因有多种,请列出您的puppet.conf。

但从顶部看,主服务器生成的证书中的名称与服务器的主机名之间存在一些不匹配。也许在您生成证书并重新启动之间,主机名已更改,因为主机名更改有时在重新启动后才会生效。

puppetlabs官方文档有助于解决此问题,请点击此链接:https://docs.puppetlabs.com/guides/troubleshooting.html?_ga=1.110966791.343491524.1432986084#agents-are-failing-with-a-hostname-was-not-match-with-the-server-certificate-error-whats-wrong。它可能就像在/ etc / puppet / conf中设置certname值并重新启动master一样简单。

相关问题
最新问题