无法从库存服务中检索事实:SSL_connect 返回=1 errno=0 state=SSLv3

【问题标题】:Could not retrieve facts from inventory service: SSL_connect returned=1 errno=0 state=SSLv3无法从库存服务中检索事实:SSL_connect 返回=1 errno=0 state=SSLv3
【发布时间】:2014-01-17 12:23:21
【问题描述】:

我可以在 puppet Enterprise Console 中看到以下错误::

Could not retrieve facts from inventory service: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked

我也遵循了以下步骤::

  1. 我在 Windows puppet Enterprise 客户端上运行了 puppet agent -t。

  2. 我运行了 puppet cert list 并从 master 签署了客户端证书。

  3. 我再次运行 puppet agent -t 但在控制台上出现以下错误 ::

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: c ertificate verify failed: [certificate revoked for /CN=learn.localdomain] Info: Retrieving plugin Error: /File[C:/ProgramData/PuppetLabs/puppet/var/lib]: Failed to generate addit ional resources using 'evalgenerate': SSLconnect returned=1 errno=0 state=SSLv 3 read server certificate B: certificate verify failed: [certificate revoked for /CN=learn.localdomain] Error: /File[C:/ProgramData/PuppetLabs/puppet/var/lib]: Could not evaluate: SSL connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate ve rify failed: [certificate revoked for /CN=learn.localdomain] Could not retrieve file metadata for puppet://learn.localdomain/plugins: SSLconnect returned=1 err no=0 state=SSLv3 read server certificate B: certificate verify failed: [certific ate revoked for /CN=learn.localdomain] Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/concatba sedir.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/customau thconf.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/facterdo td.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/ip6tables version.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/iptables persistentversion.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/iptables version.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/peversio n.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/postgres defaultversion.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/puppetdb serverstatus.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/puppetva rdir.rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/roothome .rb Info: Loading facts in C:/ProgramData/PuppetLabs/puppet/var/lib/facter/windows.r b Error: Could not retrieve catalog from remote server: SSLconnect returned=1 err no=0 state=SSLv3 read server certificate B: certificate verify failed: [certific ate revoked for /CN=learn.localdomain] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read se rver certificate B: certificate verify failed: [certificate revoked for /CN=lear n.localdomain]be

【问题讨论】:

    标签: puppet puppetlabs-apache


    【解决方案1】:

    我猜你的证书没有从主人那里很好地移除。

    要清理客户端证书,您需要运行以下命令:

    • 在主控上:puppet cert -c <hostname>
    • 在客户端上:rm -rf /var/lib/puppet/ssl(假设您的 ssl 证书位于此位置)

    来源:http://inuits.eu/blog/puppet-sslv3-alert-certificate-revoked

    希望这会有所帮助。

    【讨论】:

    • 这有帮助:我的证书位于 /etc/puppet/ssl
    • 在客户端上, rm -rf ... 有点野蛮。尝试:find /var/lib/puppet/ssl -name -delete first
    • 您所说的也会删除证书颁发机构。取而代之的是 rm slave.lan.pem 而不是 ~/.puppetlabs/etc/puppet/ssl/certs 中的 ca.pem
    猜你喜欢
    • 2015-03-01
    • 1970-01-01
    • 2023-04-06
    • 2011-05-30
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode