gpt4 book ai didi

ruby - puppet ssl 错误 "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"

转载 作者:太空宇宙 更新时间:2023-11-03 16:04:01 25 4
gpt4 key购买 nike

我正在尝试使用 puppetdb 模块在同一节点上设置 puppet master 和 puppetdb。

当我尝试运行 puppet agent -t 时,我看到以下错误

notice: Unable to connect to puppetdb server (ip-10-172-161-25.us-west-1.compute.internal:8081): SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
notice: Failed to connect to puppetdb; sleeping 2 seconds before retry


[root@ip-10-172-161-25 modules]# puppet cert --list --all
+ "ip-10-172-161-25.us-west-1.compute.internal" (66:37:02:AB:98:C5:CD:28:1C:D3:68:53:13:CC:A1:E5)
+ "ip-10-196-99-56.us-west-1.compute.internal" (99:C9:7C:A1:1A:FD:3C:27:85:76:C7:5A:6A:D5:F9:79)
+ "puppettest.eng.com" (17:4A:B9:D1:48:F2:82:73:7D:7F:1D:55:E4:A1:A6:A0) (alt names: "DNS:ip-10-172-161-25.us-west-1.compute.internal", "DNS:puppet", "DNS:puppettest.eng.com")


[root@ip-10-172-161-25 modules]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = puppettest.eng.com

[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt

# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig

[master]

certname=puppettest.eng.com
dns_alt_names = ip-10-172-161-25.us-west-1.compute.internal,puppettest.eng.com,puppet

puppet 数据库配置文件

[root@ip-10-172-161-25 modules]# cat /etc/puppet/puppetdb.conf
[main]
server = ip-10-172-161-25.us-west-1.compute.internal
#server = puppettest.eng.com
port = 8081

码头.in

[jetty]
# Hostname or IP address to listen for clear-text HTTP. Default is localhost
# host = <host>
#host = localhost
host = localhost

# Port to listen on for clear-text HTTP.
port = 8080


# The following are SSL specific settings. They can be configured
# automatically with the tool puppetdb-ssl-setup, which is normally
# ran during package installation.

# The host or IP address to listen on for HTTPS connections
#ssl-host = ip-10-172-161-25.us-west-1.compute.internal
ssl-host = ip-10-172-161-25.us-west-1.compute.internal

# The port to listen on for HTTPS connections
ssl-port = 8081

# Private key path
ssl-key = /etc/puppetdb/ssl/private.pem

# Public certificate path
ssl-cert = /etc/puppetdb/ssl/public.pem

# Certificate authority path
ssl-ca-cert = /etc/puppetdb/ssl/ca.pem

certificate-whitelist = /etc/puppetdb/whitelist.txt

白名单.txt

[root@ip-10-172-161-25 modules]# cat /etc/puppetdb/whitelist.txt
ip-10-172-161-25.us-west-1.compute.internal
puppettest.eng.com
localhost


[root@ip-10-172-161-25 modules]# rpm -qa | grep -i puppet

puppet-server-2.7.22-1.0.amzn1.x86_64
puppetlabs-release-5-7.noarch
puppetdb-terminus-1.4.0-1.el5.noarch
puppet-2.7.22-1.0.amzn1.x86_64
puppetdb-1.4.0-1.el5.noarch
[root@ip-10-172-161-25 modules]# rpm -qa | grep -i ruby
ruby-libs-1.8.7.374-1.0.amzn1.x86_64
ruby-1.8.7.374-1.0.amzn1.x86_64
ruby-augeas-0.4.1-1.3.amzn1.x86_64
[root@ip-10-172-161-25 modules]#

我厌倦了多次撤销主证书并创建了新的,运气不好

最佳答案

已尝试处理证书不匹配的 puppetdb-ssl-setup -f。

更多详情请参见 https://groups.google.com/forum/#!topic/puppet-users/VqpGAxw7-Fo

感谢肯的帮助

关于ruby - puppet ssl 错误 "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18454783/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com