一、
[root@client puppet]# puppetd --test --server master.test.com
info: Creating a new SSL key for client
info: Caching certificate for ca
info: Creating a new SSL certificate request for client
info: Certificate Request fingerprint (SHA256): 8C:D6:72:E7:CB:69:AA:2B:E5:37:12:EA:E2:14:55:4C:EA:22:43:FE:9A:B1:0F:78:E9:BB:AA:33:83:CA:13:8A
info: Caching certificate for client
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate is not yet valid for /CN=Puppet CA: master.test.com]
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate is not yet valid for /CN=Puppet CA: master.test.com]
这个问题研究了半天 是因为时间同步的问题,很纠结。。。
二、
[root@client puppet]# puppetd --test --server master.test.com
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at '=>'; expected '}' at /etc/puppet/manifests/site.pp:10 on node client.uxin.youxinpai.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
这个很明显 语法错误,每行最后要以,结尾,每次最后的一行不加标点(vim /etc/puppet/manifests/site.pp)。
node default {
file {
"/tmp/test1111": #这是文件路径名;
content =>"This is test of PUPPET" #这是文件的内容;
}
file {
"/tmp/logclean.sh": #这是文件路径名;
owner => "root",
group => "puppet",
content => "find /log/ -type f -size +10KB | xgrep rm -rf
", #这是文件的内容;
mode => "0777"
}
}
三、
添加ensure => present 这种参数的时候不用“”,
四、
当要删除证书的时候
首先在master端删除 你要删除的客户端
[root@master manifests]# ll /var/lib/puppet/ssl/ca/signed/
client.pem client.uxin.youxinpai.com.pem master.test.com.pem
然后客户端需要删除ssl这个文件
[root@client puppet]# ll /var/lib/puppet/ssl/
之后重新申请即可