Puppet常见错误

最近更新

常见问题
问题:[root@puppet ~]# puppetd –test –server puppet
dnsdomainname: Unknown host
dnsdomainname: Unknown host
err: Could not request certificate: Connection refused – connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled

解决方法:此错误是没有启动puppetmasterd服务和配置绑定主机名
[root@localhost ~]#vi /etc/hosts
在最后一行添加:
192.168.3.9 puppet
[root@localhost ~]#service puppetmasterd restart  –重新启动服务

问题: [root@c1 ~]# puppetd –server puppet –test
err: Could not request certificate: No route to host – connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled

解决方法: server端没有开启8140 port or close iptables firewall

问题: [root@c1 puppet-2.7.2rc2]# puppetd –test –server puppet
info: Creating a new SSL key for c1.localdomain
err: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled

解决方法: 客户端没有配置服务器端的域名绑定:
[root@c1 ~]#vi /etc/hosts
在最后一行添加:
192.168.3.9 puppet

问题: [root@t-db2 ~]# puppetd –server puppet.com –test
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

解决方法: 在puppet server执行下列语句:
[root@puppet ~]# puppetca -l –返回下个未签名的证书清单
c1.localdomain
[root@puppet ~]# puppetca -s c1.localdomain –签名证书
notice: Signed certificate request for c1.localmain

证书问题解决:
如果客户机请求证书时出现下面错误:
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Exiting; failed to retrieve certificate and waitforcert is disabled

先到服务器端清除指定客户机的证书
puppetca -c c1.localdomain
然后再到服务器端吊销证书
puppetca -r c1.localdomain

然后在客户机上,mv /var/lib/puppet /tmp
接着在客户机  上请求证书签名
puppetd –test –server puppet
然后在服务器上对客户机的证书做签名
puppetca -s -a
搞定,收工