| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
cat >> /etc/hosts <<EOD 172.16.0.1 puppet.mydomain.com puppet 172.16.0.20 www.mydomain.com www 172.16.0.21 images.mydomain.com images EOD
Node: 服務端進行認證
puppetd --test --server puppet
例 155.1. puppetd
# puppetd --test --server puppet info: Creating a new SSL key for haproxy warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for haproxy info: Certificate Request fingerprint (md5): 91:ED:04:2B:13:8C:61:8F:ED:8E:10:31:CA:8E:5C:06 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled
認證所有的客戶端
puppetca -s -a
或者認證某一台客戶端
puppetca -l puppetca -sign www.mydomain.com
例 155.2. puppetca
# puppetca --list "haproxy" (91:ED:04:2B:13:8C:61:8F:ED:8E:10:31:CA:8E:5C:06) # puppetca --sign haproxy notice: Signed certificate request for haproxy notice: Removing file Puppet::SSL::CertificateRequest haproxy at '/var/lib/puppet/ssl/ca/requests/haproxy.pem'