想让两台(或N台)机器相互通信,先要设置它们之间的Host文件。
每一台机器分别执行如下命令http://www.blogjava.net/Images/OutliningIndicators/None.gifsudo vi /etc/hosts把要相互通信的所有机器的IP 和 别名添加进来。比如先以server端为例http://www.blogjava.net/Images/OutliningIndicators/None.gif127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
接下来回到agent端,配置puppet 的配置文件,执行如下命令
然后在agent端,执行如下命令,向server端申请证书
Info: Creating a new SSL key for agent01.noah-test
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Exiting; no certificate found and waitforcert is disabled
证明,申请成功,等待server端同意。这时可以转到server端,执行如下命令查看如些机器要申请证书http://www.blogjava.net/Images/OutliningIndicators/None.gifsudo /opt/puppetlabs/bin/puppet cert list --all这里会显示出所有申请过的和正在等待审批的agent的certname 的名字。审批通过的前面有个“+”。
接下来执行如下命令进行单独审批
也可以直接在sgin 后面加 "--all",进行全部审批。
审批完成后,再回到agent端,执行同样的命令
如下显示的全是类似如下绿色的信息,证明它们之间的通信已经建立成功
Info: Using configured environment 'production'Info: Retrieving pluginfactsInfo: Retrieving pluginInfo: Caching catalog for agent001.noah-test.netInfo: Applying configuration version '1481877703'
问题汇总:
cloud@cdt-dev-cafews-yabinx:/etc/puppetlabs/puppet> sudo puppet agent -tWarning: Setting 'pluginsync' is deprecated.(at /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/defaults.rb:1713:in `block in ')Warning: Unable to fetch my node definition, but the agent run will continue:Warning: getaddrinfo: Name or service not knownInfo: Retrieving pluginfactsError: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not knownError: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: getaddrinfo: Name or service not knownInfo: Retrieving pluginError: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not knownError: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: getaddrinfo: Name or service not knownInfo: Loading factsError: Could not retrieve catalog from remote server: getaddrinfo: Name or service not knownWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: getaddrinfo: Name or service not known用的命令不对,改用这个sudo /opt/puppetlabs/bin/puppet agent --test
sudo/opt/puppetlabs/bin/puppet agent --testWarning: Unable to fetch my node definition, but the agent run will continue:Warning: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudInfo: Retrieving pluginfactsError: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudInfo: Retrieving pluginError: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: Could not retrieve catalog from remote server: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud其实它已经告诉你了,改一下/etc/hosts就可以了,改成下面的其中一个expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
sudo /opt/puppetlabs/bin/puppet agent --testWarning: Unable to fetch my node definition, but the agent run will continue:Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Info: Retrieving pluginfactsError: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Info: Retrieving pluginError: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Warning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]一般这种情况就是由于某种原因没有认证没有成功,但它又不会重新认证了,所以就报这个错误,解决办法是到这个目录下/etc/puppetlabs/puppet,把生成的ssl文件夹给删除,让它重新生成一次key。如果生成一次还没有成功的话,你要看一下是不是其它地方的问题,然后,要重新重复上面的步骤,重新生成密钥。
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2018-10-19 11:38:47
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡