问题:
[root@control-01 .ssh]# puppet agent -tv
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://foreman.abc.com/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://foreman.abc.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]
解决:
[root@control-01 .ssh]# cat /etc/puppet/puppet.conf
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
pluginsync = true
report = true
ignoreschedules = true
daemon = false
ca_server = foreman.abc.com
certname = control-01.abc.com
environment = stable
server = foreman.abc.com
[root@control-01 .ssh]# cd /var/lib/puppet/
[root@control-01 puppet]# mv ssl ssl.bak
[root@control-01 puppet]# puppet agent --test
Info: Creating a new SSL key for control-01.abc.com
Info: Caching certificate for ca
Info: Caching certificate for control-01.abc.com
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 7D:D8:2C:03:20:EB:XXXXX:4B:84
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
puppet cert clean control-01.abc.com
On the agent:
1a. On most platforms: find /var/lib/puppet/ssl -name control-01.abc.com.pem -delete
1b. On Windows: del "/var/lib/puppet/ssl/control-01.abc.com.pem" /f
2. puppet agent -t
根据最后提示来在master和client上执行命令