Puppet 代理是如何向服务器添加域后缀的?
how did puppet agent add a domain postfix to server?
我是木偶新手。我安装了主机名为 puppet-mst 的虚拟机,并在其上安装了 puppetserver 7。然后我试图自己签名。但令我惊讶的是——puppet 代理正试图在 puppet-mst.suse 而不是 puppet-mst 上签名。即使我将项目“puppet-mst.suse”添加到 /etc/hosts,它仍然会引发错误,因为“服务器主机名 'puppet-mst' 与服务器证书不匹配;预期 puppet-[=19= 之一], DNS:puppet, DNS:puppet-mst.suse" --
puppet-mst:/etc/puppetlabs/puppet # cat /etc/hosts
127.0.0.1 localhost
192.168.160.131 puppet-mst puppet-mst.suse
puppet-mst:/etc/puppetlabs/puppet # hostname -f
puppet-mst
puppet-mst:/etc/puppetlabs/puppet # hostname
puppet-mst
puppet-mst:/etc/puppetlabs/puppet # cat puppet.conf
[main]
certname = puppet-mst
server = puppet-mst
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
puppet-mst:/etc/puppetlabs/puppet # puppet agent --test --verbose
Info: Creating a new RSA SSL key for puppet-mst
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-mst
Info: Certificate Request fingerprint (SHA256): 03:C4:E0:86:30:11:E8:4E:36:1A:52:DC:F7:0D:C2:78:E4:7A:D9:80:76:7E:93:92:19:4B:0C:3E:55:B7:0A:7C
Error: Server hostname 'puppet-mst' did not match server certificate; expected one of puppet-mst.suse, DNS:puppet, DNS:puppet-mst.suse
Error: Could not run: Server hostname 'puppet-mst' did not match server certificate; expected one of puppet-mst.suse, DNS:puppet, DNS:puppet-mst.suse
Does anyone know what's issue? -- I certainly put the item "server=puppet-mst" into the puppet.conf, why it still searching for this unknown site -- puppet-mst.suse?
Please kind help. Thanks
问候
艾森
更新
certname = puppet-mst
server = puppet-mst
至
certname = puppet-mst.suse
server = puppet-mst.suse
并再次尝试 运行ning puppet agent -t
。
如果这仍然不起作用,您可能需要重新生成证书,步骤如下
https://puppet.com/docs/puppet/7/ssl_regenerate_certificates.html
作为一般规则,坚持使用服务器 fqdn 而不是短名称是有用的。
我假设如果你 运行 facter fqdn
你会回来 puppet-mst.suse
我是木偶新手。我安装了主机名为 puppet-mst 的虚拟机,并在其上安装了 puppetserver 7。然后我试图自己签名。但令我惊讶的是——puppet 代理正试图在 puppet-mst.suse 而不是 puppet-mst 上签名。即使我将项目“puppet-mst.suse”添加到 /etc/hosts,它仍然会引发错误,因为“服务器主机名 'puppet-mst' 与服务器证书不匹配;预期 puppet-[=19= 之一], DNS:puppet, DNS:puppet-mst.suse" --
puppet-mst:/etc/puppetlabs/puppet # cat /etc/hosts
127.0.0.1 localhost
192.168.160.131 puppet-mst puppet-mst.suse
puppet-mst:/etc/puppetlabs/puppet # hostname -f
puppet-mst
puppet-mst:/etc/puppetlabs/puppet # hostname
puppet-mst
puppet-mst:/etc/puppetlabs/puppet # cat puppet.conf
[main]
certname = puppet-mst
server = puppet-mst
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
puppet-mst:/etc/puppetlabs/puppet # puppet agent --test --verbose
Info: Creating a new RSA SSL key for puppet-mst
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-mst
Info: Certificate Request fingerprint (SHA256): 03:C4:E0:86:30:11:E8:4E:36:1A:52:DC:F7:0D:C2:78:E4:7A:D9:80:76:7E:93:92:19:4B:0C:3E:55:B7:0A:7C
Error: Server hostname 'puppet-mst' did not match server certificate; expected one of puppet-mst.suse, DNS:puppet, DNS:puppet-mst.suse
Error: Could not run: Server hostname 'puppet-mst' did not match server certificate; expected one of puppet-mst.suse, DNS:puppet, DNS:puppet-mst.suse
Does anyone know what's issue? -- I certainly put the item "server=puppet-mst" into the puppet.conf, why it still searching for this unknown site -- puppet-mst.suse?
Please kind help. Thanks
问候 艾森
更新
certname = puppet-mst
server = puppet-mst
至
certname = puppet-mst.suse
server = puppet-mst.suse
并再次尝试 运行ning puppet agent -t
。
如果这仍然不起作用,您可能需要重新生成证书,步骤如下
https://puppet.com/docs/puppet/7/ssl_regenerate_certificates.html
作为一般规则,坚持使用服务器 fqdn 而不是短名称是有用的。
我假设如果你 运行 facter fqdn
你会回来 puppet-mst.suse