加入收藏 | 设为首页 | 会员中心 | 我要投稿 济南站长网 (https://www.0531zz.com/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 服务器 > 搭建环境 > Linux > 正文

Centos 6.3下Puppet的安装配置过程

发布时间:2016-09-13 01:28:14 所属栏目:Linux 来源:站长网
导读:系统环境:centos6.3 puppet: puppet-2.7.13 facter: facter-1.6.5 ruby: yum源 注: facter用来获取客户端系统信息(如hostname,ip,OS-Version,fqdn等) ruby是p

三.认证并分发:

(client):

客户端发送请求

# puppetd --test --server server.example.com

报错:

--------------------

err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0

state=SSLv3 read server certificate B: certificate verify failed

warning: Not using cache on failed catalog

err: Could not retrieve catalog; skipping run

--------------------

解决方法:

这可能是换了不同的两台puppetmaster服务器引起的。解决方法,删除现有ssl证书。

# find /var/lib/puppet -type f -print0 |xargs -0r rm

重新发送请求:

# puppetd --test --server server.example.com

-------------------

info: Creating a new SSL key for client.example.com

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for ca

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

info: Creating a new SSL certificate request for client.example.com

info: Certificate Request fingerprint (md5):

32:E8:CD:32:BF:62:86:64:B3:98:A4:EB:8A:71:D2:99

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

Exiting; no certificate found and waitforcert is disabled

-------------------

发送成功。

(server):

服务器端查看是否有请求证书的客户端服务器

# puppetca --list

------------------

client.example.com (32:E8:CD:32:BF:62:86:64:B3:98:A4:EB:8A:71:D2:99)

------------------

收到客户端认证信息

服务器端对client.example.com签名

# puppetca -s client.example.com

或对所有客户端全部签名

# puppetca -s -a

查看验证签名,注意前面的+号,说明已经签名

# puppetca -a --list

---------------------

+ client.example.com (19:6F:4C:84:B1:69:16:3C:A1:38:C2:2E:6F:B6:67:12)

---------------------

md5验证服务器端收到的证书是否正确

(server):

# md5sum /var/lib/puppet/ssl/ca/signed/client.example.com.pem

---------------------

1ebfd47775ec8f3e2ae112d75ccba132  /var/lib/puppet/ssl/ca/signed/client.example.com.pem

---------------------

(client):

# md5sum /var/lib/puppet/ssl/certs/client.example.com.pem

---------------------

1ebfd47775ec8f3e2ae112d75ccba132  /var/lib/puppet/ssl/certs/client.example.com.pem

---------------------

MD5值相同,说明我们的puppetmaster和客户端的puppet已经成功建立通信

查看本栏目更多精彩内容:http://www.bianceng.cn/OS/Linux/

(编辑:济南站长网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
相关内容
    推荐文章
    站长推荐
    热点阅读

      【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

      建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

      Copygight © 2008-2022 https://www.0531zz.com/ All Rights Reserved. 济南站长网