157.2. Puppet 签名

最新推荐文章于 2019-02-27 10:07:28 发布

weixin_33749131

最新推荐文章于 2019-02-27 10:07:28 发布

阅读量72

点赞数

原文链接：https://yq.aliyun.com/articles/307687

版权

		
cat >> /etc/hosts <<EOD
172.16.0.1   	puppet.mydomain.com puppet
172.16.0.20   	www.mydomain.com www
172.16.0.21   	images.mydomain.com images
EOD

157.2.1. Agent 节点

Node: 服务端进行认证

puppetd --test --server puppet

例 157.1. puppetd

# puppetd --test --server puppet
info: Creating a new SSL key for haproxy
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for haproxy
info: Certificate Request fingerprint (md5): 91:ED:04:2B:13:8C:61:8F:ED:8E:10:31:CA:8E:5C:06
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

157.2.2. Master 服务器

认证所有的客户端

puppetca -s -a

或者认证某一台客户端

puppetca -l
puppetca -sign www.mydomain.com

例 157.2. puppetca

# puppetca --list
  "haproxy" (91:ED:04:2B:13:8C:61:8F:ED:8E:10:31:CA:8E:5C:06)

# puppetca --sign haproxy
notice: Signed certificate request for haproxy
notice: Removing file Puppet::SSL::CertificateRequest haproxy at '/var/lib/puppet/ssl/ca/requests/haproxy.pem'

原文出处：Netkiller 系列手札
本文作者：陈景峯
转载请与作者联系，同时请务必标明文章原始出处和作者信息及本声明。

weixin_33749131

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
157.2. Puppet 签名

cat >> /etc/hosts <<EOD172.16.0.1 puppet.mydomain.com puppet172.16.0.20 www.mydomain.com www172.16.0.21 images.mydomain.com imagesEOD 157.2...
复制链接

扫一扫