尝试在单台机器上安装Puppet代理/主服务器(计划在工作时安装更多代理)。 我现在陷入了证书签名过程,感觉应该很简单。
手动启动服务器,它会创build一个ca证书
$ sudo puppet master --no-daemonize --verbose Info: Creating a new SSL key for ca Info: Creating a new SSL certificate request for ca Info: Certificate Request fingerprint (SHA256): 59:31:5B:35:9B:45:4B:36:7F:08:3A:80:2E:4C:78:2F:95:6B:33:45:E4:46:54:E8:8F:33:E8:62:15:1D:A8:DE Notice: Signed certificate request for ca Notice: Rebuilding inventory file Info: Creating a new certificate revocation list Info: Creating a new SSL key for box.localdomain Info: Creating a new SSL certificate request for box.localdomain Info: Certificate Request fingerprint (SHA256): D3:88:48:BD:D6:64:EE:9B:3A:C1:06:C6:9D:4E:74:06:B3:09:BA:82:D1:91:0E:1A:DA:7D:55:0B:7B:83:C6:3F Notice: box.localdomain has a waiting certificate request Notice: Signed certificate request for box.localdomain Notice: Removing file Puppet::SSL::CertificateRequest box.localdomain at '/etc/puppet/ssl/ca/requests/box.localdomain.pem' Notice: Removing file Puppet::SSL::CertificateRequest box.localdomain at '/etc/puppet/ssl/certificate_requests/box.localdomain.pem' Notice: Starting Puppet master version 3.3.0-rc2 手动启动客户端,期望它创build一个证书请求:
$ sudo puppet agent --test --waitforcert 60 [sudo] password for mystro: Info: Retrieving plugin Info: Caching catalog for box.localdomain Info: Applying configuration version '1378835927' Notice: Finished catalog run in 0.04 seconds
查找证书请求(无输出)
$ sudo puppet cert list
为什么代理人不会要求签署证书?
证书已经签名。
您需要将–all标志添加到您的木偶调用中,以查看已签名的证书。 您可以运行puppet <command> --help以获取有关运行puppet命令的更多信息。