Puppet的server端与agent端的通信建立
想让两台(或N台)机器相互通信,先要设置它们之间的Host文件。每一台机器分别执行如下命令http://www.blogjava.net/Images/OutliningIndicators/None.gifsudo vi /etc/hosts把要相互通信的所有机器的IP 和 别名添加进来。比如先以server端为例http://www.blogjava.net/Images/OutliningIndicators/None.gif127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
http://www.blogjava.net/Images/OutliningIndicators/None.gif::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
http://www.blogjava.net/Images/OutliningIndicators/None.gif10.23.10.237 puppet-server.noah.blogjava.net
http://www.blogjava.net/Images/OutliningIndicators/None.gif#上面可能是打开这个文件里默认的,不用管,直接在下面加agent的ip就可以了,有多少加多少。
http://www.blogjava.net/Images/OutliningIndicators/None.gif10.52.27.71 agent001.noah-test.net
http://www.blogjava.net/Images/OutliningIndicators/None.gif10.52.27.72 agent002.noah-test.net
http://www.blogjava.net/Images/OutliningIndicators/None.gif10.52.27.73 agent003.noah-test.net
http://www.blogjava.net/Images/OutliningIndicators/None.gif接下来把上面的都复制,然后,分别考到其它的机器里面。
接下来回到agent端,配置puppet 的配置文件,执行如下命令
http://www.blogjava.net/Images/OutliningIndicators/None.gifsudo vi /etc/puppetlabs/puppet/puppet.conf在打开的文件里面填写如下信息
http://www.blogjava.net/Images/OutliningIndicators/None.gif
http://www.blogjava.net/Images/OutliningIndicators/None.gif#这个certname就是上面host里面的名字
http://www.blogjava.net/Images/OutliningIndicators/None.gifcertname = agent001.noah-test.net
http://www.blogjava.net/Images/OutliningIndicators/None.gif#server 就是puppet的server的地址
http://www.blogjava.net/Images/OutliningIndicators/None.gifserver = puppet-server.noah.blogjava.net
http://www.blogjava.net/Images/OutliningIndicators/None.gifenvironment = production
http://www.blogjava.net/Images/OutliningIndicators/None.gifruninterval = 1h
然后在agent端,执行如下命令,向server端申请证书
http://www.blogjava.net/Images/OutliningIndicators/None.gifsudo /opt/puppetlabs/bin/puppet agent --test然后,会出现这样的信息
Info: Creating a new SSL key for agent01.noah-test
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Exiting; no certificate found and waitforcert is disabled
证明,申请成功,等待server端同意。这时可以转到server端,执行如下命令查看如些机器要申请证书http://www.blogjava.net/Images/OutliningIndicators/None.gifsudo /opt/puppetlabs/bin/puppet cert list --all这里会显示出所有申请过的和正在等待审批的agent的certname 的名字。审批通过的前面有个“+”。
接下来执行如下命令进行单独审批
http://www.blogjava.net/Images/OutliningIndicators/None.gifsudo /opt/puppetlabs/bin/puppet cert sign agent001.noah-test.net
http://www.blogjava.net/Images/OutliningIndicators/None.gif
也可以直接在sgin 后面加 "--all",进行全部审批。
审批完成后,再回到agent端,执行同样的命令
http://www.blogjava.net/Images/OutliningIndicators/None.gifsudo /opt/puppetlabs/bin/puppet agent --test
如下显示的全是类似如下绿色的信息,证明它们之间的通信已经建立成功
Info: Using configured environment 'production'Info: Retrieving pluginfactsInfo: Retrieving pluginInfo: Caching catalog for agent001.noah-test.netInfo: Applying configuration version '1481877703'
问题汇总:
cloud@cdt-dev-cafews-yabinx:/etc/puppetlabs/puppet> sudo puppet agent -tWarning: Setting 'pluginsync' is deprecated.(at /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/defaults.rb:1713:in `block in ')Warning: Unable to fetch my node definition, but the agent run will continue:Warning: getaddrinfo: Name or service not knownInfo: Retrieving pluginfactsError: /File: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not knownError: /File: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: getaddrinfo: Name or service not knownInfo: Retrieving pluginError: /File: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not knownError: /File: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: getaddrinfo: Name or service not knownInfo: Loading factsError: Could not retrieve catalog from remote server: getaddrinfo: Name or service not knownWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: getaddrinfo: Name or service not known用的命令不对,改用这个sudo /opt/puppetlabs/bin/puppet agent --test
sudo/opt/puppetlabs/bin/puppet agent --testWarning: Unable to fetch my node definition, but the agent run will continue:Warning: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudInfo: Retrieving pluginfactsError: /File: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: /File: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudInfo: Retrieving pluginError: /File: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: /File: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: Could not retrieve catalog from remote server: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud其实它已经告诉你了,改一下/etc/hosts就可以了,改成下面的其中一个expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
sudo /opt/puppetlabs/bin/puppet agent --testWarning: Unable to fetch my node definition, but the agent run will continue:Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: Info: Retrieving pluginfactsError: /File: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: Error: /File: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: Info: Retrieving pluginError: /File: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: Error: /File: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: Warning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: 一般这种情况就是由于某种原因没有认证没有成功,但它又不会重新认证了,所以就报这个错误,解决办法是到这个目录下/etc/puppetlabs/puppet,把生成的ssl文件夹给删除,让它重新生成一次key。如果生成一次还没有成功的话,你要看一下是不是其它地方的问题,然后,要重新重复上面的步骤,重新生成密钥。
页:
[1]