创建了一个新的Puppet Master,以升级到Puppet6
“ rm -rf / etc / puppetlabs / puppet / ssl”是否清除了旧证书
将旧客户端指向新的主服务器后,客户端无法生成新证书。
收到的错误是这样的:
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN={server FQDN}]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN={server FQDN}]
我如何让客户端生成新证书?
答案 0 :(得分:0)
请同时删除人偶客户端上的ssl文件夹,然后重试人偶代理--waitforcert 60 --test
答案 1 :(得分:0)
必须在客户端上生成新证书,以便可以由新的puppetmaster对其进行签名,因此必须在客户端上删除现有证书:
rm -rf /var/lib/puppet/ssl
在服务器端
puppetserver ca clean --certname <hostname_of_client>
rm -rf /opt/puppetlabs/puppet/ssl