puppetmaster,最近不少朋友在找如何更改puppetmaster证书默认的使用期限的相关介绍,兔宝宝游戏网给大家详细的介绍一下,希望对大家有帮助。
1、puppetmaster3d:
1、删除之前的CA
[root@kspupt-ca1 ~]# rm -rf /var/lib/puppet/ssl
备注:删除之前,你之前签的所有证书都不可用了哦,慎重!
2、编辑配置文件puppet.conf
[root@kspupt-ca1 ~]# cat /etc/puppet/puppet.conf
[main]
user = puppet
group = puppet
vardir = /var/lib/puppet
confdir = /etc/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
pluginsync = true
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
hostprivkey = $privatekeydir/puppetca.pem { mode = 640 }
autosign = $confdir/autosign.conf { mode = 664 }
[agent]
server = puppetmaster
ca_server = puppetca
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
runinterval=86400
report = true
authconfig = /etc/puppet/namespaceauth.conf
usecacheonfailure = false
certname = kspupt-ca1
default_schedules = false
masterport = 8140
environment = prd
listen = false
splay = false
noop = false
show_diff = false
configtimeout = 120
[master]
autosign = $confdir/autosign.conf { mode = 664 }
confdir = /etc/puppet
certname = puppetca
ca = true
ca_ttl = 10y #添加这个字段
3、重新生成CA服务器
[root@kspupt-ca1 ~]# puppet cert --generate --dns_alt_names puppetca:puppet puppetca
Notice: Signed certificate request for ca
Notice: puppetca has a waiting certificate request
Notice: Signed certificate request for puppetca
Notice: Removing file Puppet::SSL::CertificateRequest puppetca at '/var/lib/puppet/ssl/ca/requests/puppetca.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetca at '/var/lib/puppet/ssl/certificate_requests/puppetca.pem'
4、查看现有CA服务器生成证书的有效期
[root@kspupt-ca1 ~]# openssl x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem | grep -i validity -A 2
Validity
Not Before: Oct 20 01:51:00 2014 GMT
Not After : Oct 18 01:51:00 2024 GMT
[root@kspupt-ca1 ~]#
2、puppet是什么意思?:
puppet是一种Linux、Unix、windows平台的集中配置管理系统,使用自有的puppet描述语言,可管理配置文件、用户、cron任务、软件包、系统服务等。
总结:以上内容就是针对puppetmaster3d,如何更改puppetmaster证书默认的使用期限的详细介绍,大家可以参考一下。
