puppet客户端重装系统之前,服务器端需要删除相应的ssl证书文件,否则会出错,比如下边:
executing post install my2950.momo.org
hostname for puppet is node1
err: Could not request certificate: Retrieved certificate does not match private
Exiting; failed to retrieve certificate and waitforcert is disabled
* clean:
Revoke a host's certificate (if applicable) and remove all files
related to that host from puppet cert's storage. This is useful when
rebuilding hosts, since new certificate signing requests will only be
honored if puppet cert does not have a copy of a signed certificate
for that host. If '--all' is specified then all host certificates,
both signed and unsigned, will be removed.
[root@my2950 puppet]# puppet cert list --all
+ my2950.***.com (CF:38:DF:90:4F:1A:43:9D:AF:39:39:3D:A4:B0:DB:1F) (alt names: DNS:my2950.***.com, DNS:puppet, DNS:puppet.***.com)
+ node1 (8D:05:9F:F4:50:90:D2:1A:B7:F2:40:2C:9A:1E:99:41)
+ node1.***.com (08:1F:C2:B7:68:C7:05:E4:2E:F3:1B:E9:69:DF:24:1F)
+ node1.momo.org (98:BC:2D:62:FC:2D:C6:6C:4F:AF:A9:4F:5A:C3:23:FB)
[root@my2950 puppet]# puppet cert clean --all
notice: Revoked certificate with serial 5
notice: Revoked certificate with serial 6
notice: Revoked certificate with serial 4
notice: Revoked certificate with serial 2
notice: Removing file Puppet::SSL::Certificate node1.momo.org at '/var/lib/puppet/ssl/ca/signed/node1.momo.org.pem'
notice: Removing file Puppet::SSL::Certificate node1.momo.org at '/var/lib/puppet/ssl/certs/node1.momo.org.pem'
notice: Removing file Puppet::SSL::Certificate node1 at '/var/lib/puppet/ssl/ca/signed/node1.pem'
notice: Removing file Puppet::SSL::Certificate node1 at '/var/lib/puppet/ssl/certs/node1.pem'
notice: Removing file Puppet::SSL::Certificate node1.hjshi.com at '/var/lib/puppet/ssl/ca/signed/node1.hjshi.com.pem'
notice: Removing file Puppet::SSL::Certificate node1.hjshi.com at '/var/lib/puppet/ssl/certs/node1.hjshi.com.pem'
notice: Removing file Puppet::SSL::Certificate my2950.qilinsoft.com at '/var/lib/puppet/ssl/ca/signed/my2950.qilinsoft.com.pem'
notice: Removing file Puppet::SSL::Certificate my2950.qilinsoft.com at '/var/lib/puppet/ssl/certs/my2950.qilinsoft.com.pem'
notice: Removing file Puppet::SSL::Key my2950.qilinsoft.com at '/var/lib/puppet/ssl/private_keys/my2950.qilinsoft.com.pem'
[root@my2950 puppet]#
[root@my2950 puppet]#
[root@my2950 puppet]#
[root@my2950 puppet]#
阅读(1311) | 评论(0) | 转发(0) |
