Я устанавливаю Puppet 6 на Centos 7.4:
$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
$ uname -a
Linux centos7-puppetmaster-vm.test.org 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep puppetserver
puppetserver-6.0.2-1.el7.noarch
# netstat -tupln | grep 8140
tcp6 0 0 :::8140 :::* LISTEN 3398/java
Если я запускаю от имени root
# puppetserver ca list
, это не выдает ошибку, но если я запускаю ту же команду, что и пользователь без полномочий rootЯ получаю
$ /opt/puppetlabs/bin/puppetserver ca list
Traceback (most recent call last):
12: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5:in `<main>'
11: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/cli.rb:89:in `run'
10: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/action/list.rb:60:in `run'
9: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/action/list.rb:117:in `get_all_certs'
8: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/certificate_authority.rb:215:in `get_certificate_statuses'
7: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/certificate_authority.rb:253:in `get'
6: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/utils/http_client.rb:49:in `with_connection'
5: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:609:in `start'
4: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:909:in `start'
3: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:920:in `do_start'
2: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:981:in `connect'
1: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/protocol.rb:44:in `ssl_socket_connect'
/opt/puppetlabs/puppet/lib/ruby/2.5.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)