我正在试图获得configuration思科交换机的“puppet设备”function。 我遇到的是我有一个签署证书的主人思科2960。 该设备在site.pp和devices.conf中。 我用正确的puppet作为–server来调用puppet设备。 我可以在路由器历史logging中看到,它实际上正在连接并运行前两个命令,但puppet回来并指出“错误:无法检索本地factsL:连接由远程主机closures”。 我在交换机configuration中找不到任何可能会导致这种情况的东西,除了SSH和启用密码之外,它基本上都是未configuration的。 我已经确认所有相关的主机名parsing正确,密码是好的。
我也进入了puppet / utils / network_devices / transport / ssh.rb,并强制使用相纸打印ssh输出(因为它似乎并不尊重 – 无论代码在哪里),并且它踢出从前4行的木偶运行(terminal长度为0,enable,sh vlan brief,sh ver),我也可以编辑facts.rb来踢出“事实”variables,它确实有数据。
相关文件如下:
puppet –version:3.1.1 net-ssh版本:2.6.7
命令行: puppet device --debug --verbose --server puppet.internal.domain
相关产出:
Debug: Finishing transaction 70266566593300 Debug: command Debug: connecting to switchname.internal.domain as puppet Error: Could not retrieve local facts: connection closed by remote host Error: Failed to apply catalog: Could not retrieve local facts: connection closed by remote host Debug: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (b64_zlib_yaml) Debug: report supports formats: b64_zlib_yaml raw yaml; using b64_zlib_yaml
puppet.conf
devicedir = /bollocks #(yeah the rhel 6 packages from puppetlabs are broken, had to move this due to permission issues) color = none [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig
device.conf
[switch.internal.domain] type cisco url ssh://puppet:[email protected]/?enable=password
site.pp#这还没有实际应用,但这是为了完整
node "switch.internal.domain" { interface {"GigabitEthernet0/2": description => "Hello World", } }
开关configuration:
! version 15.0 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname infra-sw06 ! boot-start-marker boot-end-marker ! enable secret 4 LcV6aBcc/53FoCJjXQMd7rBUDEpeevrK8V5jQVoJEhU #password ! username puppet privilege 15 password 7 055E2A1C0B54471C3E #puppet aaa new-model ! ! aaa authentication login CONSOLE line aaa authentication enable default enable ! ! ! ! ! ! aaa session-id common system mtu routing 1500 ! ! ip domain-name switch.internal.domain ! ! crypto pki trustpoint TP-self-signed-713306880 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-713306880 revocation-check none rsakeypair TP-self-signed-713306880 ! ! crypto pki certificate chain TP-self-signed-713306880 certificate self-signed 01 30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 37313333 30363838 30301E17 0D393330 33303130 30303231 365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3731 33333036 38383030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 BBC9A195 E8B6B18B 14F3A70C 54AF3D0F 813DA933 044C4364 B7C975A1 B29E6F4A 871D06AD D7CC8FBF 053EF3B2 BADE30B9 CE31BE4B C9906025 2AEA1930 12BD63E0 3569BBBB 705105E9 7897BE1B EFE96F37 FAD909BC 46100E35 C6EFC1A6 31A072CC 20857391 76A2A387 40ACFEF6 DE756394 603C47FE 14EC5A3F 21EB17FD 9434A129 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830 16801411 E123DCC7 610C0B59 ED6C8C4A ED3BA025 4B5E6930 1D060355 1D0E0416 041411E1 23DCC761 0C0B59ED 6C8C4AED 3BA0254B 5E69300D 06092A86 4886F70D 01010505 00038181 00611012 EC921E96 182CCE34 7500BA85 887C8F15 83C17157 680B4F09 217B974E 78437407 D30D20A6 CC962DB6 B7164F12 56A0897D 04511E89 71BC3D8B ED50588B 364FF062 55D3D8A7 5F41541C B55488A3 91262714 185069BF C355D263 A359BF71 0B4E571C CC7A7BFD B8BACAC3 5CF4AB81 05D02EE2 D9E49A95 89A71B95 C34ECBBE 57 quit ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! ! ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface GigabitEthernet0/3 ! interface GigabitEthernet0/4 ! interface GigabitEthernet0/5 ! interface GigabitEthernet0/6 ! interface GigabitEthernet0/7 ! interface GigabitEthernet0/8 ! interface GigabitEthernet0/9 ! interface GigabitEthernet0/10 ! interface GigabitEthernet0/11 ! interface GigabitEthernet0/12 ! interface GigabitEthernet0/13 ! interface GigabitEthernet0/14 ! interface GigabitEthernet0/15 ! interface GigabitEthernet0/16 ! interface GigabitEthernet0/17 ! interface GigabitEthernet0/18 ! interface GigabitEthernet0/19 ! interface GigabitEthernet0/20 ! interface GigabitEthernet0/21 ! interface GigabitEthernet0/22 ! interface GigabitEthernet0/23 ! interface GigabitEthernet0/24 ! interface GigabitEthernet0/25 ! interface GigabitEthernet0/26 ! interface GigabitEthernet0/27 ! interface GigabitEthernet0/28 ! interface GigabitEthernet0/29 ! interface GigabitEthernet0/30 ! interface GigabitEthernet0/31 ! interface GigabitEthernet0/32 ! interface GigabitEthernet0/33 ! interface GigabitEthernet0/34 ! interface GigabitEthernet0/35 ! interface GigabitEthernet0/36 ! interface GigabitEthernet0/37 ! interface GigabitEthernet0/38 ! interface GigabitEthernet0/39 ! interface GigabitEthernet0/40 ! interface GigabitEthernet0/41 ! interface GigabitEthernet0/42 ! interface GigabitEthernet0/43 ! interface GigabitEthernet0/44 ! interface GigabitEthernet0/45 ! interface GigabitEthernet0/46 ! interface GigabitEthernet0/47 ! interface GigabitEthernet0/48 ! interface Vlan1 ip address <scrubbed> 255.255.255.0 no ip route-cache ! ip default-gateway <scrubbed> no ip http server ip http secure-server ! ! ! ! line con 0 password 7 <scrubbed> login authentication CONSOLE line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! end
我想我有它! 尝试降级你的net-sshgem。 从我读过的新版本中,我们可以看到更多在傀儡代码中不适合的exception。 对于傀儡3.2我回到net-ssh(2.1.4),似乎已经解决了这个问题。