我收到来自主机名错误的代理的一些请求。我已更正此问题,但仍存在主机名错误的未完成请求。
我试过了:
$puppet cert list
"wrong.host.name" (SHA256) 8E:...:51
$ puppet cert revoke wrong.host.name
Error: Could not find a serial number for wrong.host.name
$ puppet cert clean wrong.host.name
Error: Could not find a serial number for wrong.host.name
摆脱它们的正确方法是什么?
Answers:
与相比,使用ca效果更好,并且可以在一个步骤中删除证书cert。重要的是,它不会使您暂时签署无效的证书。
$ puppet ca destroy wrong.host.name
Notice: Removing file Puppet::SSL::CertificateRequest wrong.host.name at '/var/lib/puppet/ssl/ca/requests/wrong.host.name.pem'
Deleted for wrong.host.name: Puppet::SSL::CertificateRequest
该puppet ca命令最近已被弃用,因此在某些时候它可能会消失,但是没有等效命令。提交了一个错误,如果您认为删除该命令而不进行替换有点愚蠢,可以投票。
puppet cert clean现在可以删除请求。请参阅链接的错误报告。
可能的解决方案1:
使用puppet cert clean的木偶大师是正确的方式。但是,由于出现错误,因此证书库存可能不正确。
尝试重新盘点然后清理:
$ puppet cert reinventory
$ puppet cert clean --all
注意:我的示例使用该--all标志,它将清除所有已签名和未签名的证书。另外,请注意,应在运行之前停止Puppet主服务器reinventory。
资料来源:http : //docs.puppetlabs.com/references/3.6.2/man/cert.html
可能的解决方案2:
$ puppet cert sign wrong.host.name
Notice: Signed certificate request for wrong.host.name
Notice: Removing file Puppet::SSL::CertificateRequest wrong.host.name at '/var/lib/puppet/ssl/ca/requests/wrong.host.name.pem'
$ puppet cert clean wrong.host.name
Notice: Revoked certificate with serial 87
Notice: Removing file Puppet::SSL::Certificate wrong.host.name at '/var/lib/puppet/ssl/ca/signed/wrong.host.name.pem'
Notice: Removing file Puppet::SSL::Certificate wrong.host.name at '/var/lib/puppet/ssl/certs/wrong.host.name.pem'
可能的解决方案3:
第一:在服务器上
$ puppet cert --revoke wrong.host.name
$ puppet cert --clean wrong.host.name
第二:关于客户
$ rm -rf /usr/lib/puppet/ssl
$ puppet agent --server [puppetmaster domain name] --waitforcert 60
第三:在服务器上(根据需要进行调整)
$ puppet cert --list (you should see your host)
$ puppet cert --sign wrong.host.name
另外,请仔细检查您的客户端是否可以访问您的[puppetmaster域名]。
资料来源:https : //serverfault.com/questions/574976/puppet-trying-to-configure-puppet-client-for-first-use-but-got-some-problems-wi
reinventory,然后clean wrong.host.name因为我也不想撤销好的证书,但仍然收到序列号错误。
--all。我刚刚添加了一个值得一试的更新。
puppet cert sign wrong.host.name使用clean作品后。似乎不对,我必须先签字。
puppet ca destroy wrong.host.name它,就不必对基础架构造成安全风险。
这是我做的
[root@puppetmc ca]# puppet cert clean sparrow.home
Error: Could not find a serial number for sparrow.home
[root@puppetmc ca]# cat inventory.txt
0x0002 2015-05-17T06:33:29GMT 2020-05-16T06:33:29GMT /CN=puppetmc.home
0x0003 2015-05-17T23:25:33GMT 2020-05-16T23:25:33GMT /CN=sparrow.rospop.com
0x0004 2015-05-18T00:53:18GMT 2020-05-17T00:53:18GMT /CN=puppetmc.home
0x0005 2015-05-18T02:18:12GMT 2020-05-17T02:18:12GMT /CN=sparrow.rospop.com
[root@puppetmc ca]# vi inventory.txt
将以下行添加到venture.txt:
0x0001 2015-05-17T06:33:29GMT 2020-05-16T06:33:29GMT /CN=sparrow.home
然后跑
[root@puppetmc ca]# puppet cert clean sparrow.home
Notice: Revoked certificate with serial 1
Notice: Removing file Puppet::SSL::CertificateRequest sparrow.home at '/var/lib/puppet/ssl/ca/requests/sparrow.home.pem'
Vince Bhebhe