Chef infra 为什么Chef使用本地IP地址来同步我的食谱?
对于一个不在本地网络上且我成功引导的服务器,我注意到Chef将尝试使用本地IP地址同步烹饪书。这是故意的吗?这没有道理 例如,当我这样做的时候Chef infra 为什么Chef使用本地IP地址来同步我的食谱?,chef-infra,Chef Infra,对于一个不在本地网络上且我成功引导的服务器,我注意到Chef将尝试使用本地IP地址同步烹饪书。这是故意的吗?这没有道理 例如,当我这样做的时候 knife ssh collab "sudo chef-client" --manual-list --ssh-user user --ssh-password '***' 例如,这将失败并显示错误消息 collab Starting Chef Client, version 11.18.6 collab resolving cookbooks fo
knife ssh collab "sudo chef-client" --manual-list --ssh-user user --ssh-password '***'
例如,这将失败并显示错误消息
collab Starting Chef Client, version 11.18.6
collab resolving cookbooks for run list: ["ok"]
collab Synchronizing Cookbooks:
collab [2015-04-22T08:35:12+02:00] ERROR: Error connecting to https://192.168.1.132/bookshelf/organization-bf7e66f665c6aa8c3ae2e3e39bf13aee/checksum-835c9d84484e285baa65e05771e42868?AWSAccessKeyId=e61fd655bf64a6cfa43f147867c9e5aa46fc84b5&Expires=1429713256&Signature=RbykDisyo4qo569Mv9e22WGPf1k%3D, retry 1/5
因此,Chef正在使用我的Chef服务器192.168.1.132的本地IP地址。为什么不使用FQDN
我的本地knife.rb
中的chef\u server\u url
具有FQDN。节点上的/etc/chef/client.rb
也是如此
因此,没有在何处配置此IP。厨师为什么要这样做
更新
我尝试更新/etc/opscode/chef server.rb
api_fqdn = "chef.mydomain.com"
bookshelf['vip'] = "chef.mydomain.com"
在sudo chef server ctl reconfigure
之后,我可以在/etc/opscode/chef server running.json中看到我的域名,但错误消息仍然存在
我还尝试了完全重新启动Chef服务器,只是为了确定
地址仍然显示在json文件中
ostraaten@chef:~$ sudo grep '192.168.1.132' /etc/opscode/chef-server-running.json
[sudo] password for ostraaten:
"vrrp_instance_ipaddress": "192.168.1.132",
"vrrp_instance_vrrp_unicast_bind": "192.168.1.132",
更新
日志显示chef\u server\u url
现在是正确的
....
collab Networking Error:
collab -----------------
collab Error connecting to https://192.168.1.132/bookshelf/organization-bf7e66f665c6aa8c3ae2e3e39bf13aee/checksum-835c9d84484e285baa65e05771e42868?AWSAccessKeyId=e61fd655bf64a6cfa43f147867c9e5aa46fc84b5&Expires=1429721409&Signature=BiPwn2iUia3klWTYQGwKDPs8kAQ%3D - Connection timed out - connect(2)
.... (lines deleted)
collab
collab Your chef_server_url may be misconfigured, or the network could be down.
collab
collab Relevant Config Settings:
collab -------------------------
collab chef_server_url "https://chef.mydomain.com/organizations/gbx"
错误的目标是bookshelf
,chef server的类似s3的商店服务
要使用虚拟IP(来自防火墙或服务器上特定接口的NAT),您必须调整chef server.rb
文件,请参阅
该文件位于chef 12和enterprise chef 11的/etc/opscode
下
如果您使用的是开源chef server 11,则它位于/etc/chef server
下
您可能会在名为chef server running.json
的文件中的相同位置看到实际配置(格式略有不同,但您会看到需要更改的键)
要更改以使用VIP的密钥:
api_fqdn = "my_server.domain.local"
bookshelf['vip'] = "my_server.domain.local"
在此运行chef server ctl后,重新配置,并检查.json文件中剩余的本地IP/主机名
在HA拓扑的情况下,需要根据以下内容设置一些其他配置选项:
这应该足够了
关于我的特殊情况(警告我使用的是chef server 11开源),我以以下内容结束:
bookshelf['ha'] = true
bookshelf['vip'] = "server.domain.local"
bookshelf['url'] = "https://server.domain.local"
bookshelf['listen'] = "0.0.0.0"
chef_expander['ha'] = true
chef_solr['ha'] = true
erchef['ha'] = true
lb['vip'] = "my vip (existing vrrp IP on the server)"
lb['api_fqdn'] = 'myserver.domain.local'
lb['web_ui_fqdn'] = 'myserver.domain.local'
lb['debug'] = false
nginx['ha'] = true
nginx['server_name'] = 'myserver.domain.local'
nginx['url'] = 'https://myserver.domain.local'
nginx['non_ssl_port']=800
postgresql['ha'] = true
rabbitmq['ha'] = true
chef_server_webui['ha'] = true
grep'192.168.1.132'/etc/opscode/chef服务器运行.json
的结果是什么?显示192.168.1.132
查看更新您处于HA拓扑中,请参阅,谢谢,我在
上添加了ProxyPreserveHost,这为我修复了它;)
bookshelf['ha'] = true
bookshelf['vip'] = "server.domain.local"
bookshelf['url'] = "https://server.domain.local"
bookshelf['listen'] = "0.0.0.0"
chef_expander['ha'] = true
chef_solr['ha'] = true
erchef['ha'] = true
lb['vip'] = "my vip (existing vrrp IP on the server)"
lb['api_fqdn'] = 'myserver.domain.local'
lb['web_ui_fqdn'] = 'myserver.domain.local'
lb['debug'] = false
nginx['ha'] = true
nginx['server_name'] = 'myserver.domain.local'
nginx['url'] = 'https://myserver.domain.local'
nginx['non_ssl_port']=800
postgresql['ha'] = true
rabbitmq['ha'] = true
chef_server_webui['ha'] = true