| Home | Mirror | Search |
cat >> /etc/hosts <<EOD 172.16.0.1 puppet.mydomain.com puppet 172.16.0.20 www.mydomain.com www 172.16.0.21 images.mydomain.com images EOD
Node: 服務端進行認證
puppetd --test --server puppet
例 132.1. puppetd
# puppetd --test --server puppet info: Creating a new SSL key for haproxy warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for haproxy info: Certificate Request fingerprint (md5): 91:ED:04:2B:13:8C:61:8F:ED:8E:10:31:CA:8E:5C:06 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled
認證所有的客戶端
puppetca -s -a
或者認證某一台客戶端
puppetca -l puppetca -sign www.mydomain.com
例 132.2. puppetca
# puppetca --list "haproxy" (91:ED:04:2B:13:8C:61:8F:ED:8E:10:31:CA:8E:5C:06) # puppetca --sign haproxy notice: Signed certificate request for haproxy notice: Removing file Puppet::SSL::CertificateRequest haproxy at '/var/lib/puppet/ssl/ca/requests/haproxy.pem'