Puppet: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) (→Клиент) |
||
| Строка 28: | Строка 28: | ||
certname = workstation - это имя сертефиката <BR> |
certname = workstation - это имя сертефиката <BR> |
||
node_name = cert - уточнить <BR> |
node_name = cert - уточнить <BR> |
||
| + | |||
| + | ===Сервер (Мастер)=== |
||
| + | <PRE> |
||
| + | [main] |
||
| + | logdir=/var/log/puppet |
||
| + | vardir=/var/lib/puppet |
||
| + | ssldir=/var/lib/puppet/ssl |
||
| + | rundir=/var/run/puppet |
||
| + | factpath=$vardir/lib/facter |
||
| + | templatedir=$confdir/templates |
||
| + | prerun_command=/etc/puppet/etckeeper-commit-pre |
||
| + | postrun_command=/etc/puppet/etckeeper-commit-post |
||
| + | |||
| + | [master] |
||
| + | # These are needed when the puppetmaster is run by passenger |
||
| + | # and can safely be removed if webrick is used. |
||
| + | ssl_client_header = SSL_CLIENT_S_DN |
||
| + | ssl_client_verify_header = SSL_CLIENT_VERIFY |
||
| + | </PRE> |
||
===Проблема 1=== |
===Проблема 1=== |
||
Версия 11:47, 28 августа 2012
Puppet
Начал изучать Puppet - здесь шаги и проблемы. Заметки для себя.
Установка
Пробую на убунте, мастер 11.10 клиент 10.04
sudo apt-get install puppet sudo apt-get install puppet puppetmaster
Натройка
Клиент
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post server = 172.18.196.7 node_name = cert certname = workstation
server = 172.18.196.7 - Тут все ясно
certname = workstation - это имя сертефиката
node_name = cert - уточнить
Сервер (Мастер)
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY
Проблема 1
При первом запуске в логах:
Aug 28 12:05:39 maverick puppetd[3464]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Aug 28 12:05:44 maverick puppetd[3464]: (/File[/var/lib/puppet/lib]) Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://172.18.196.7/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Aug 28 12:15:17 maverick puppetd[3850]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Aug 28 12:15:23 maverick puppetd[3850]: (/File[/var/lib/puppet/lib]) Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://172.18.196.7/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Для новой чистой ноды лечится удалением сертефикатов. Похоже что проблема в том что на клиенте я устанавливал и мастер-пакет тоже:
find /var/lib/puppet -type f -print0 |xargs -0r rm
