如何让puppetserver为非root用户工作

我在centos 7.4上安装puppet 6:$ cat / etc / redhat-release CentOS Linux发行版7.4.1708(Core)

$ uname -a Linux centos7-puppetmaster-vm.test.org 3.10.0-693.21.1.el7.x86_64#1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU / Linux

$ rpm -qa | grep puppetserver puppetserver-6.0.2-1.el7.noarch

netstat -tupln | grep 8140

tcp6 0 0 ::: 8140 ::: * LISTEN 3398 / java

如果我以root身份运行

puppetserver ca list

它不会抛出错误,但如果我运行与非root用户相同的命令,我会得到$ / opt / puppetlabs / bin / puppetserver ca list Traceback(最近一次调用最后一次):12:来自/ opt / puppetlabs / server / apps / puppetserver / cli / apps / ca:5:in <main>' 11: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/cli.rb:89:in run'10:from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/action/list.rb: 60:在 run' 9: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/action/list.rb:117:in get_all_certs'8:from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/certificate_authority.rb:215:in get_certificate_statuses' 7: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/certificate_authority.rb:253:in get'6:来自/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.1.2/lib/puppetserver/ca/utils/http_client.rb:49:in with_connection' 5: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:609:in start'4:from / opt / puppetlabs / puppet / lib / ruby / 2.5.0 / net / http.rb:909:in start' 3: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:920:in do_start'2:from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/http.rb:981:in connect' 1: from /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/protocol.rb:44:in ssl_socket_connect ' /opt/puppetlabs/puppet/lib/ruby/2.5.0/net/protocol.rb:44:in `connect_nonblock':SSL_connect返回= 1 errno = 0状态=错误:证书验证失败(无法获取本地颁发者证书)(OpenSSL :: SSL :: SSLError)

回答(0)