常见问题
问题:[root@puppet ~]# puppetd --test --server puppet
dnsdomainname: Unknown host
dnsdomainname: Unknown host
err: Could not request certificate: Connection refused - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法:此错误是没有启动puppetmasterd服务和配置绑定主机名
[root@localhost ~]#vi /etc/hosts
在最后一行添加:
192.168.3.9 puppet
[root@localhost ~]#service puppetmasterd restart --重新启动服务
问题: [root@c1 ~]# puppetd --server puppet --test
err: Could not request certificate: No route to host - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法: server端没有开启8140 port or close iptables firewall
问题: [root@c1 puppet-2.7.2rc2]# puppetd --test --server puppet
info: Creating a new SSL key for c1.localdomain
err: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法: 客户端没有配置服务器端的域名绑定:
[root@c1 ~]#vi /etc/hosts
在最后一行添加:
192.168.3.9 puppet
问题: [root@t-db2 ~]# puppetd --server puppet.com --test
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
解决方法: 在puppet server执行下列语句:
[root@puppet ~]# puppetca -l --返回下个未签名的证书清单
c1.localdomain
[root@puppet ~]# puppetca -s c1.localdomain --签名证书
notice: Signed certificate request for c1.localmain
证书问题解决:
如果客户机请求证书时出现下面错误:
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Exiting; failed to retrieve certificate and waitforcert is disabled
先到服务器端清除指定客户机的证书
puppetca -c c1.localdomain
然后再到服务器端吊销证书
puppetca -r c1.localdomain
然后在客户机上,mv /var/lib/puppet /tmp
接着在客户机 上请求证书签名
puppetd --test --server puppet
然后在服务器上对客户机的证书做签名
问题:[root@puppet ~]# puppetd --test --server puppet
dnsdomainname: Unknown host
dnsdomainname: Unknown host
err: Could not request certificate: Connection refused - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法:此错误是没有启动puppetmasterd服务和配置绑定主机名
[root@localhost ~]#vi /etc/hosts
在最后一行添加:
192.168.3.9 puppet
[root@localhost ~]#service puppetmasterd restart --重新启动服务
问题: [root@c1 ~]# puppetd --server puppet --test
err: Could not request certificate: No route to host - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法: server端没有开启8140 port or close iptables firewall
问题: [root@c1 puppet-2.7.2rc2]# puppetd --test --server puppet
info: Creating a new SSL key for c1.localdomain
err: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法: 客户端没有配置服务器端的域名绑定:
[root@c1 ~]#vi /etc/hosts
在最后一行添加:
192.168.3.9 puppet
问题: [root@t-db2 ~]# puppetd --server puppet.com --test
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
解决方法: 在puppet server执行下列语句:
[root@puppet ~]# puppetca -l --返回下个未签名的证书清单
c1.localdomain
[root@puppet ~]# puppetca -s c1.localdomain --签名证书
notice: Signed certificate request for c1.localmain
证书问题解决:
如果客户机请求证书时出现下面错误:
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Exiting; failed to retrieve certificate and waitforcert is disabled
先到服务器端清除指定客户机的证书
puppetca -c c1.localdomain
然后再到服务器端吊销证书
puppetca -r c1.localdomain
然后在客户机上,mv /var/lib/puppet /tmp
接着在客户机 上请求证书签名
puppetd --test --server puppet
然后在服务器上对客户机的证书做签名
puppetca -s -a
原文链接:http://gzzanninghu.blog.163.com/blog/static/170583133201110163372699/
253
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
