Fatal编程技术网
  • chef-infra/
  • Chef infra 创建客户端时出现错误?chef stacktrace:OpenSSL::PKey::RSA错误:需要私钥

Chef infra 创建客户端时出现错误?chef stacktrace:OpenSSL::PKey::RSA错误:需要私钥

chef-infra vagrant

Chef infra 创建客户端时出现错误?chef stacktrace:OpenSSL::PKey::RSA错误:需要私钥,chef-infra,vagrant,berkshelf,Chef Infra,Vagrant,Berkshelf,我目前正在使用流浪汉与厨师索洛和它一直工作得很好。我想把流浪魔术师扩展到厨师服务器。我已将Vagrant文件中的供应器从chef solo切换到chef client,并添加了必要的代码: chef.chef_server_url = "https://chef.mydomain.com" chef.validation_client_name = "chef-validator" chef.validation_key_path = "/Users/inigo/.chef/

我目前正在使用流浪汉与厨师索洛和它一直工作得很好。我想把流浪魔术师扩展到厨师服务器。我已将Vagrant文件中的供应器从chef solo切换到chef client,并添加了必要的代码:

chef.chef_server_url        = "https://chef.mydomain.com"
chef.validation_client_name = "chef-validator"
chef.validation_key_path    = "/Users/inigo/.chef/chef-validator.pem"
我的问题是如何自动创建客户机,这样我就不必发出knife命令来创建客户机和相应的client.pem密钥。然后,当我完成客户端时,我必须发出刀子命令来删除它

我希望这是Vagrant可以做的事情,我所需要的只是在Vagrant文件中添加一些代码,然后“Vagrant up”和“Vagrant destroy”命令就可以处理这一切。不幸的是,我的谷歌搜索没有发现任何东西。我看过关于如何使用vagrant设置chef服务器的帖子,但我对chef客户端感兴趣。也许是流浪汉的插件,或者是berkshelf

还有一个问题。。现在,当我生成client.pem密钥时,我将它放在共享目录:/vagrant中,以便VM可以访问它。有更好的办法吗

谢谢

这是Wagrant up的输出:

$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
[default] Importing base box 'Berkshelf-CentOS-6.3-x86_64-minimal'...
[default] Matching MAC address for NAT networking...
[default] Setting the name of the VM...
[default] Clearing any previously set forwarded ports...
[Berkshelf] Uploading cookbooks to 'https://chef.mydomain.com:443/'
[Berkshelf] Using testcookbook (0.0.1)
[Berkshelf] Uploading testcookbook (0.0.1) to: 'https://chef.mydomain.com:443/'
[default] Creating shared folders metadata...
[default] Clearing any previously set network interfaces...
[default] Preparing network interfaces based on configuration...
[default] Forwarding ports...
[default] -- 22 => 2222 (adapter 1)
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
[default] VM booted and ready for use!
[default] Setting hostname...
[default] Configuring and enabling network interfaces...
[default] Mounting shared folders...
[default] -- /vagrant
[default] Installing Chef 11.6.0 Omnibus package...
[default] Running provisioner: chef_client...
Creating folder to hold client key...
Uploading chef client validation key...
Generating chef JSON and uploading...
Running chef-client...
[2013-08-15T15:42:28+00:00] INFO: Forking chef instance to converge...
[2013-08-15T15:42:28+00:00] INFO: *** Chef 11.6.0 ***
[2013-08-15T15:42:28+00:00] INFO: Client key /etc/chef/client.pem is not present - registering

====================================================================================
Chef encountered an error attempting to create the client "mytestcookbook-berkshelf"
====================================================================================


[2013-08-15T15:42:29+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2013-08-15T15:42:29+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

Generated at 2013-08-16 03:42:20 +0000
OpenSSL::PKey::RSAError: private key needed.
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-authentication-1.3.0/lib/mixlib/authentication/signedheaderauth.rb:94:in `private_encrypt'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-authentication-1.3.0/lib/mixlib/authentication/signedheaderauth.rb:94:in `sign'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest/auth_credentials.rb:51:in `signature_headers'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:322:in `authentication_headers'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:368:in `build_headers'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:166:in `raw_http_request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:161:in `api_request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:121:in `post'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/api_client/registration.rb:93:in `create'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/api_client/registration.rb:84:in `create_or_update'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/api_client/registration.rb:57:in `run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:376:in `register'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:480:in `do_run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:199:in `block in run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:193:in `fork'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:193:in `run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application.rb:183:in `run_chef_client'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application/client.rb:302:in `block in run_application'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application/client.rb:294:in `loop'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application/client.rb:294:in `run_application'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application.rb:66:in `run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/bin/chef-client:26:in `<top (required)>'
/usr/bin/chef-client:23:in `load'
/usr/bin/chef-client:23:in `<main>'
下面是chef-stacktrace.out文件的内容在failed
vagrant up
上的外观:

$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
[default] Importing base box 'Berkshelf-CentOS-6.3-x86_64-minimal'...
[default] Matching MAC address for NAT networking...
[default] Setting the name of the VM...
[default] Clearing any previously set forwarded ports...
[Berkshelf] Uploading cookbooks to 'https://chef.mydomain.com:443/'
[Berkshelf] Using testcookbook (0.0.1)
[Berkshelf] Uploading testcookbook (0.0.1) to: 'https://chef.mydomain.com:443/'
[default] Creating shared folders metadata...
[default] Clearing any previously set network interfaces...
[default] Preparing network interfaces based on configuration...
[default] Forwarding ports...
[default] -- 22 => 2222 (adapter 1)
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
[default] VM booted and ready for use!
[default] Setting hostname...
[default] Configuring and enabling network interfaces...
[default] Mounting shared folders...
[default] -- /vagrant
[default] Installing Chef 11.6.0 Omnibus package...
[default] Running provisioner: chef_client...
Creating folder to hold client key...
Uploading chef client validation key...
Generating chef JSON and uploading...
Running chef-client...
[2013-08-15T15:42:28+00:00] INFO: Forking chef instance to converge...
[2013-08-15T15:42:28+00:00] INFO: *** Chef 11.6.0 ***
[2013-08-15T15:42:28+00:00] INFO: Client key /etc/chef/client.pem is not present - registering

====================================================================================
Chef encountered an error attempting to create the client "mytestcookbook-berkshelf"
====================================================================================


[2013-08-15T15:42:29+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2013-08-15T15:42:29+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

Generated at 2013-08-16 03:42:20 +0000
OpenSSL::PKey::RSAError: private key needed.
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-authentication-1.3.0/lib/mixlib/authentication/signedheaderauth.rb:94:in `private_encrypt'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-authentication-1.3.0/lib/mixlib/authentication/signedheaderauth.rb:94:in `sign'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest/auth_credentials.rb:51:in `signature_headers'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:322:in `authentication_headers'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:368:in `build_headers'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:166:in `raw_http_request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:161:in `api_request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/rest.rb:121:in `post'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/api_client/registration.rb:93:in `create'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/api_client/registration.rb:84:in `create_or_update'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/api_client/registration.rb:57:in `run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:376:in `register'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:480:in `do_run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:199:in `block in run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:193:in `fork'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/client.rb:193:in `run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application.rb:183:in `run_chef_client'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application/client.rb:302:in `block in run_application'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application/client.rb:294:in `loop'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application/client.rb:294:in `run_application'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/lib/chef/application.rb:66:in `run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.6.0/bin/chef-client:26:in `<top (required)>'
/usr/bin/chef-client:23:in `load'
/usr/bin/chef-client:23:in `<main>'
您的示例中唯一错误的地方是
chef.validation\u key\u path
可能指向错误的位置

您必须将其设置为工作站中验证密钥的位置(可能类似于
“#{ENV['HOME']}/.chef/validation.pem”
或类似内容)

一旦设置好,当您
vagrant up
时,它会将验证密钥文件复制到虚拟机,并使用它在Chef服务器上自动创建
客户端
节点

如果你不介意我的无耻插件的话,我已经写了一个名为Vagrant的插件,当你发出一个Wagrant destroy时,它可以自动删除
节点和
客户端。它从我的工作站(位于
/etc/chef
中)获取validation.pem文件,然后引导虚拟机,安装chef并运行chef客户端,尝试将新虚拟机注册到chef服务器。我希望它在此时创建client.pem文件,但它只是抱怨找不到它。谢谢你的插件!。。这正是我完成测试时需要的。如果有一个对应的版本就好了:
vagrant up
。我是chef的新手,所以我可能错过了一些我已经在寻找的东西。正如我所说,
vagrant up
应该在chef服务器上创建对象,然后创建
client.pem
文件。如果它失败了,那么您的环境中有一些特定的东西不允许它这样做。在运行
up
之前,是否已检查服务器上不存在客户端?如果它存在,请在之前删除它(及其节点对应项),然后重试。如果仍然失败,请将完整的错误粘贴到某个位置--这可能会给我们一个关于发生了什么的线索。:)我做了一个
berks重新配置
,设置了chef_客户端供应器,而不是chef_solo。然后,我在我的食谱目录中编辑了
vagrant文件
。并添加了以下内容:chef.client_key_path=“/vagrant/.chef/client.pem”然后运行刀客户端创建命令生成client.pem密钥,并将其指向cookbook的.chef目录。这在正确的位置创建了pem文件,我能够
vagrant up
没有问题。我想我只需要添加一个:shell供应器。我需要更多的阅读,但我想我可以把这一行删掉,在运行中创建pem密钥。
berks init
chef_client
设置为供应器