先重启puppetdb,再重启puppetmaster。
puppetdb用的ssl信息是拷贝的/var/lib/puppet/ssl/下面的,所以重置密钥后,需要重新拷贝。
puppetdb ssl-setup
——————————————————————————————
在设置好主机名后,再开始安装puppet,否则会报错。主机名要和CA的名称一致,所以所有的地方用一个主机名即可。
——————————————————————————————
puppetmaster启动失败,提示:
Error: Could not configure routes from /etc/puppet/routes.yaml: Could not find terminus puppetdb for indirection facts
安装以下软件即可:
apt-get install puppetdb-terminus
解决。
——————————————————————————————
以下错误:
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: testhost.localdomain]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://testhost.localdomain/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: testhost.localdomain]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: testhost.localdomain]
解决:
find /var/lib/puppet -type f -print0 |xargs -0r rm
第一次将删除语句执行在了master主机上,客户端连接报以下错:
Error: Could not request certificate: Find /production/certificate/ca?fail_on_404=true resulted in 404 with the message: Not Found: Could not find certificate ca
重启puppetmaster即可。
——————————————————————————————
Exiting; no certificate found and waitforcert is disabled
解决:puppetmaster给这台主机签名。
——————————————————————————————
certificate verify failed: [CRL is not yet valid for /CN=server.minunix.com]
解决方法:master和agent 把时间同步下就OK了
————————————————————————————————————
又安装一遍puppet+puppetdb+passenger+apache;很顺利。
充分证明,推到重做比查找问题要来的快很多。
官方提供的安装文档很好,一开始就信任官方文档和自己的英文能力,就不会走这么多弯路。