puppet 的安裝與配置,請看上一篇文章。
這里默認(rèn)你已經(jīng)把它安裝好了。
想讓兩臺(或N臺)機(jī)器相互通信,先要設(shè)置它們之間的Host文件。
每一臺機(jī)器分別執(zhí)行如下命令
sudo vi /etc/hosts把要相互通信的所有機(jī)器的IP 和 別名添加進(jìn)來。比如先以server端為例
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.23.10.237 puppet-server.noah.blogjava.net
#上面可能是打開這個(gè)文件里默認(rèn)的,不用管,直接在下面加agent的ip就可以了,有多少加多少。
10.52.27.71 agent001.noah-test.net
10.52.27.72 agent002.noah-test.net
10.52.27.73 agent003.noah-test.net
接下來把上面的都復(fù)制,然后,分別考到其它的機(jī)器里面。
接下來回到agent端,配置puppet 的配置文件,執(zhí)行如下命令
sudo
vi /etc/puppetlabs/puppet/puppet.conf在打開的文件里面填寫如下信息
[main]
#這個(gè)certname就是上面host里面的名字
certname = agent001.noah-test.net
#server 就是puppet的server的地址
server = puppet-server.noah.blogjava.net
environment = production
runinterval = 1h 然后在agent端,執(zhí)行如下命令,向server端申請證書
sudo /opt/puppetlabs/bin/puppet agent --test
然后,會出現(xiàn)這樣的信息Info: Creating a new SSL key for agent01.noah-testInfo: Caching certificate for caInfo: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Exiting; no certificate found and waitforcert is disabled
證明,申請成功,等待server端同意。這時(shí)可以轉(zhuǎn)到server端,執(zhí)行如下命令查看如些機(jī)器要申請證書
sudo /opt/puppetlabs/bin/puppet cert list --all 這里會顯示出所有申請過的和正在等待審批的agent的certname 的名字。審批通過的前面有個(gè)“+”。
接下來執(zhí)行如下命令進(jìn)行單獨(dú)審批
sudo /opt/puppetlabs/bin/puppet cert sign agent001.noah-test.net
也可以直接在sgin 后面加 "--all",進(jìn)行全部審批。
審批完成后,再回到agent端,執(zhí)行同樣的命令
sudo /opt/puppetlabs/bin/puppet agent --test 如下顯示的全是類似如下綠色的信息,證明它們之間的通信已經(jīng)建立成功
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent001.noah-test.net
Info: Applying configuration version '1481877703'
問題匯總:
cloud@cdt-dev-cafews-yabinx:/etc/puppetlabs/puppet> sudo puppet agent -t
Warning: Setting 'pluginsync' is deprecated.
(at /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/defaults.rb:1713:in `block in <module:Puppet>')
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: getaddrinfo: Name or service not known
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: getaddrinfo: Name or service not known
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: getaddrinfo: Name or service not known
Info: Loading facts
Error: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: getaddrinfo: Name or service not known
用的命令不對,改用這個(gè)
sudo /opt/puppetlabs/bin/puppet agent --test
sudo/opt/puppetlabs/bin/puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: Could not retrieve catalog from remote server: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
其實(shí)它已經(jīng)告訴你了,改一下/etc/hosts就可以了,改成下面的其中一個(gè)
expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
sudo /opt/puppetlabs/bin/puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
一般這種情況就是由于某種原因沒有認(rèn)證沒有成功,但它又不會重新認(rèn)證了,所以就報(bào)這個(gè)錯(cuò)誤,解決辦法是到這個(gè)目錄下/etc/puppetlabs/puppet,把生成的ssl文件夾給刪除,讓它重新生成一次key。如果生成一次還沒有成功的話,你要看一下是不是其它地方的問題,然后,要重新重復(fù)上面的步驟,重新生成密鑰。
眼鏡蛇