puppet 的安裝與配置,請看上一篇文章。
這里默認你已經把它安裝好了。
想讓兩臺(或N臺)機器相互通信,先要設置它們之間的Host文件。
每一臺機器分別執行如下命令
sudo vi /etc/hosts把要相互通信的所有機器的IP 和 別名添加進來。比如先以server端為例
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.23.10.237 puppet-server.noah.blogjava.net
#上面可能是打開這個文件里默認的,不用管,直接在下面加agent的ip就可以了,有多少加多少。
10.52.27.71 agent001.noah-test.net
10.52.27.72 agent002.noah-test.net
10.52.27.73 agent003.noah-test.net
接下來把上面的都復制,然后,分別考到其它的機器里面。
接下來回到agent端,配置puppet 的配置文件,執行如下命令
sudo
vi /etc/puppetlabs/puppet/puppet.conf在打開的文件里面填寫如下信息
[main]
#這個certname就是上面host里面的名字
certname = agent001.noah-test.net
#server 就是puppet的server的地址
server = puppet-server.noah.blogjava.net
environment = production
runinterval = 1h 然后在agent端,執行如下命令,向server端申請證書
sudo /opt/puppetlabs/bin/puppet agent --test
然后,會出現這樣的信息Info: Creating a new SSL key for agent01.noah-testInfo: Caching certificate for caInfo: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Exiting; no certificate found and waitforcert is disabled
證明,申請成功,等待server端同意。這時可以轉到server端,執行如下命令查看如些機器要申請證書
sudo /opt/puppetlabs/bin/puppet cert list --all 這里會顯示出所有申請過的和正在等待審批的agent的certname 的名字。審批通過的前面有個“+”。
接下來執行如下命令進行單獨審批
sudo /opt/puppetlabs/bin/puppet cert sign agent001.noah-test.net
也可以直接在sgin 后面加 "--all",進行全部審批。
審批完成后,再回到agent端,執行同樣的命令
sudo /opt/puppetlabs/bin/puppet agent --test 如下顯示的全是類似如下綠色的信息,證明它們之間的通信已經建立成功
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent001.noah-test.net
Info: Applying configuration version '1481877703'
問題匯總:
cloud@cdt-dev-cafews-yabinx:/etc/puppetlabs/puppet> sudo puppet agent -t
Warning: Setting 'pluginsync' is deprecated.
(at /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/defaults.rb:1713:in `block in <module:Puppet>')
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: getaddrinfo: Name or service not known
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: getaddrinfo: Name or service not known
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: getaddrinfo: Name or service not known
Info: Loading facts
Error: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: getaddrinfo: Name or service not known
用的命令不對,改用這個
sudo /opt/puppetlabs/bin/puppet agent --test
sudo/opt/puppetlabs/bin/puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: Could not retrieve catalog from remote server: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
其實它已經告訴你了,改一下/etc/hosts就可以了,改成下面的其中一個
expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
sudo /opt/puppetlabs/bin/puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
一般這種情況就是由于某種原因沒有認證沒有成功,但它又不會重新認證了,所以就報這個錯誤,解決辦法是到這個目錄下/etc/puppetlabs/puppet,把生成的ssl文件夾給刪除,讓它重新生成一次key。如果生成一次還沒有成功的話,你要看一下是不是其它地方的問題,然后,要重新重復上面的步驟,重新生成密鑰。
眼鏡蛇