Chef infra 在节点本身上引导chef客户端
我正在尝试编写一个脚本,该脚本将在引导过程中运行,并安装chef客户端。validation.pem和client.rb文件放在/etc/chef文件夹中,这里的validation.pem取自chef服务器,是organization-validation.pem文件。我已经创建了此VM的映像,并使用创建了另一个VM。此脚本运行chef client,出于某种原因,我得到以下结果:Chef infra 在节点本身上引导chef客户端,chef-infra,Chef Infra,我正在尝试编写一个脚本,该脚本将在引导过程中运行,并安装chef客户端。validation.pem和client.rb文件放在/etc/chef文件夹中,这里的validation.pem取自chef服务器,是organization-validation.pem文件。我已经创建了此VM的映像,并使用创建了另一个VM。此脚本运行chef client,出于某种原因,我得到以下结果: Creating a new client identity for node1 using the valid
Creating a new client identity for node1 using the validator key.
[2015-08-06T19:52:16+00:00] ERROR: SSL Validation failure connecting to host: xxx.xxx.xxx.xxx - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Running handlers:
[2015-08-06T19:52:16+00:00] ERROR: Running exception handlers
Running handlers complete
[2015-08-06T19:52:16+00:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 2.966424961 seconds
[2015-08-06T19:52:16+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-
stacktrace.out
[2015-08-06T19:52:16+00:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
[2015-08-06T19:52:16+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
另外,我不能真正使用刀子,因为它没有配置为chef客户端,一开始就没有安装。我用错证书了吗?我做错了什么?我猜您使用的是自签名SSL证书。自Chef 12以来,Chef不再信任这些证书 您可以将
ssl\u verify\u mode:verify\u none解决此问题的正确方法是将证书添加到
/etc/chef/trusted_certsssl\u verify\u mode:verify\u none解决此问题的正确方法是将证书添加到
/etc/chef/trusted_certseach'-/opt/chef/embedded/apps/chef/lib/chef/application/client。rb:382:inrun'/opt/chef/embedded/apps/chef/bin/chef-client:26:inload'/usr/bin/chef-client:55:in/var/opt/opscode/nginx/ca/HOSTNAME.crteach'-/opt/chef/embedded/apps/chef/lib/chef/application/client。rb:382:inrun'/opt/chef/embedded/apps/chef/bin/chef-client:26:inload'/usr/bin/chef-client:55:in/var/opt/opscode/nginx/ca/HOSTNAME.crt