thanks for your help 在 2014年10月21日星期二UTC+8下午9时12分04秒,jcbollinger写道: > > > > On Monday, October 20, 2014 8:12:30 PM UTC-5, Richard wrote: >> >> thanks, i want to use the ip address as the hostname in kick command,like >> kick -p 10 --host 192.168.1.101, but this ssl verify failed. the ip of >> every computer probable be changed at any time , so i can't use the ip as >> the cert name. >> > > > This objective has nothing to do with what you asked, then. Kick requests > are separate from catalog requests already. > > Have you configured your nodes as described in the documentation > <https://docs.puppetlabs.com/references/3.6.1/man/kick.html#USAGE-NOTES>? > In particular, have you configured the node's auth.conf as described? > > Perhaps you have, because it sounds like its the master that is > complaining about authentication. If that's the case -- though I don't > know why it should be if the node permits unauthenticated kicks -- then you > are probably out of luck. > > Generically speaking, the SSL verification is trying to check that the > certificate received belongs to the machine to which you thought you were > connecting, by matching a known machine identifier to one of the names > recorded in its certificate. If the only machine identifier you have is a > transient one, then such verification cannot work. > > Perhaps you do have a persistent ID you could use, though. For example, > you could use MAC address for your certnames. Supposing that you have a > mapping between MAC addresses and IP numbers (e.g. from your DHCP server), > then I suspect you could patch something together. Not so easily though -- > the kinds of things I have in mind probably would require writing a custom > name service plugin for use on the master. > > > John > >
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2a087def-903b-4f52-9f2d-ffc8d96d3c0e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
