Puppet的server端與agent端的通訊創建

想讓兩臺(或N臺)機器相互通訊，先要設置它們之間的Host文件。
每一臺機器分別執行以下命令sudo vi /etc/hosts把要相互通訊的全部機器的IP 和 別名添加進來。好比先以server端爲例127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.23.10.237 puppet-server.noah.blogjava.net
#上面多是打開這個文件裏默認的，不用管，直接在下面加agent的ip就能夠了,有多少加多少。
10.52.27.71 agent001.noah-test.net
10.52.27.72 agent002.noah-test.net
10.52.27.73 agent003.noah-test.net
接下來把上面的都複製，而後，分別考到其它的機器裏面。

接下來回到agent端，配置puppet 的配置文件，執行以下命令
sudo vi /etc/puppetlabs/puppet/puppet.conf在打開的文件裏面填寫以下信息
[main]
#這個certname就是上面host裏面的名字
certname = agent001.noah-test.net
#server 就是puppet的server的地址
server = puppet-server.noah.blogjava.net
environment = production
runinterval = 1h

而後在agent端，執行以下命令，向server端申請證書
sudo /opt/puppetlabs/bin/puppet agent --test而後，會出現這樣的信息
Info: Creating a new SSL key for agent01.noah-test
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Exiting; no certificate found and waitforcert is disabled

證實，申請成功，等待server端贊成。這時能夠轉到server端，執行以下命令查看如些機器要申請證書sudo /opt/puppetlabs/bin/puppet cert list --all這裏會顯示出全部申請過的和正在等待審批的agent的certname 的名字。審批經過的前面有個「+」。
接下來執行以下命令進行單獨審批
 sudo /opt/puppetlabs/bin/puppet cert sign agent001.noah-test.net

也能夠直接在sgin 後面加 "--all",進行所有審批。

審批完成後，再回到agent端，執行一樣的命令
sudo /opt/puppetlabs/bin/puppet agent --test
以下顯示的全是相似以下綠色的信息，證實它們之間的通訊已經創建成功
Info: Using configured environment 'production'Info: Retrieving pluginfactsInfo: Retrieving pluginInfo: Caching catalog for agent001.noah-test.netInfo: Applying configuration version '1481877703'






問題彙總：
cloud@cdt-dev-cafews-yabinx:/etc/puppetlabs/puppet> sudo puppet agent -tWarning: Setting 'pluginsync' is deprecated.(at /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/defaults.rb:1713:in `block in <module:Puppet>')Warning: Unable to fetch my node definition, but the agent run will continue:Warning: getaddrinfo: Name or service not knownInfo: Retrieving pluginfactsError: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not knownError: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: getaddrinfo: Name or service not knownInfo: Retrieving pluginError: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not knownError: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: getaddrinfo: Name or service not knownInfo: Loading factsError: Could not retrieve catalog from remote server: getaddrinfo: Name or service not knownWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: getaddrinfo: Name or service not known用的命令不對，改用這個sudo /opt/puppetlabs/bin/puppet agent --test


sudo/opt/puppetlabs/bin/puppet agent --testWarning: Unable to fetch my node definition, but the agent run will continue:Warning: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudInfo: Retrieving pluginfactsError: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudInfo: Retrieving pluginError: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudError: Could not retrieve catalog from remote server: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloudWarning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud其實它已經告訴你了，改一下/etc/hosts就能夠了，改爲下面的其中一個expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud



sudo /opt/puppetlabs/bin/puppet agent --testWarning: Unable to fetch my node definition, but the agent run will continue:Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Info: Retrieving pluginfactsError: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Info: Retrieving pluginError: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]Warning: Not using cache on failed catalogError: Could not retrieve catalog; skipping runError: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]通常這種狀況就是因爲某種緣由沒有認證沒有成功，但它又不會從新認證了，因此就報這個錯誤，解決辦法是到這個目錄下/etc/puppetlabs/puppet，把生成的ssl文件夾給刪除，讓它從新生成一次key。若是生成一次尚未成功的話，你要看一下是否是其它地方的問題，而後，要從新重複上面的步驟，從新生成密鑰。