| 知乎专栏 | 多维度架构 |
cat >> /etc/hosts <<EOD 172.16.0.1 puppet.mydomain.com puppet 172.16.0.20 www.mydomain.com www 172.16.0.21 images.mydomain.com images EOD
Node: 服务端进行认证
puppetd --test --server puppet
例 26.1. puppetd
# puppetd --test --server puppet info: Creating a new SSL key for haproxy warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for haproxy info: Certificate Request fingerprint (md5): 91:ED:04:2B:13:8C:61:8F:ED:8E:10:31:CA:8E:5C:06 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled
认证所有的客户端
puppetca -s -a
或者认证某一台客户端
puppetca -l puppetca -sign www.mydomain.com
例 26.2. puppetca
# puppetca --list "haproxy" (91:ED:04:2B:13:8C:61:8F:ED:8E:10:31:CA:8E:5C:06) # puppetca --sign haproxy notice: Signed certificate request for haproxy notice: Removing file Puppet::SSL::CertificateRequest haproxy at '/var/lib/puppet/ssl/ca/requests/haproxy.pem'