如何使puppetserver适用于非root用户

时间:2018-12-10 12:28:11

标签: puppet

我正在centos 7.4上安装人偶6:

$ cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core) 

$ uname -a
Linux centos7-puppetmaster-vm.test.org 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ rpm -qa | grep puppetserver
puppetserver-6.0.2-1.el7.noarch

# netstat -tupln | grep 8140
tcp6       0      0 :::8140                 :::*                    LISTEN      3398/java

如果我以root身份运行

# puppetserver ca list

它不会引发错误,但是如果我与非root用户运行相同的命令,则会得到

$ /opt/puppetlabs/bin/puppetserver ca list
Traceback (most recent call last):
    12: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5:in `<main>'
    11: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/cli.rb:89:in `run'
    10: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/action/list.rb:60:in `run'
     9: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/action/list.rb:117:in `get_all_certs'
     8: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/certificate_authority.rb:215:in `get_certificate_statuses'
     7: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/certificate_authority.rb:253:in `get'
     6: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/utils/http_client.rb:49:in `with_connection'
     5: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:609:in `start'
     4: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:909:in `start'
     3: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:920:in `do_start'
     2: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:981:in `connect'
     1: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/protocol.rb:44:in `ssl_socket_connect'
/opt/puppetlabs/puppet/lib/ruby/2.5.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)

1 个答案:

答案 0 :(得分:0)

尝试跑步 # hard labels real = 1 fake = 0 # soft labels real = np.random.uniform(0.7, 1.0) # 1 fake = np.random.uniform(0.0, 0.3) # 0

在您的/etc/puppetlabs/puppet/puppet.conf中,确保您具有以下行

puppetserver ca list --config /etc/puppetlabs/puppet/puppet.conf

您可以像下面那样仅添加ssldir,但是上面介绍了所有conf,因此在更全局的范围内有所帮助。

confdir = /etc/puppetlabs/puppet

有关所有可用选项,请参见Puppet Confs

相关问题
最新问题