Puppet
將 puppet 代理連接到 master 的問題
嘗試基於可用於測試目的的最新 puppet/agents 建構基礎架構。
因此,我一直在嘗試在節點上執行 puppet 代理,但我目前遇到以下錯誤,puppet master 目前正在全新安裝的 Foreman 1.24(EC2 實例)上執行,並且似乎可以正常執行代理,沒有任何問題,關於特工的不同故事。
我能夠從主機上的節點(代理)訪問並簽署證書,但除了收到錯誤之外別無他法。
root@puppetagent02:~# puppet agent -t Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com] Info: Retrieving pluginfacts Error: /File[/var/cache/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com] Error: /File[/var/cache/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com] Info: Retrieving plugin Error: /File[/var/cache/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com] Error: /File[/var/cache/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: puppetmaster.domain.com] root@puppetagent02:~#
所以設法通過簡單地降級到具有最新的 puppet 代理包的“stretch”來解決它,現在可以正常工作了。