流浪汉在厨师节点上创建了不正确的client.pem（我认为） [英] Vagrant creating an incorrect client.pem on chef node (I think)

问题描述

我正在使用Vagrant创建一个Chef节点，它旋转了图像，然后初始的Chef-Client运行失败。当我SSH进入机器时，删除 /etc/chef/client.pem ，然后再次运行 sudo Chef-client ，它成功了，但是没有我从流浪汉那里传入的run_list。故障看起来是这样的：

  $流浪汉
使计算机默认与 vsphere提供程序一起运行... 
 ==>默认值：使用以下设置调用vSphere CloneVM：
 ==>默认值：-模板VM：myOrg / vm / myFolder / vagrantchefnode 
 ==>默认值：-目标VM：myOrg / vm / myFolder / test2 
 ==>默认值：等待SSH可用... 
 ==>默认值：新虚拟机已成功克隆并启动
 ==>默认：Rsyncing文件夹：/home/user/.vagrant.d/boxes/test2/ => / vagrant 
 ==>默认值：运行预配器：chef_client ... 
 ==>默认值：创建文件夹以保存客户端密钥... 
 ==>默认值：上传厨师客户端验证密钥... 
生成厨师JSON并上传... 
 ==>默认值：运行Chef-client ... 
 ==>默认值：stdin：不是tty 
 ==>默认值：[2014-10-02T16：11：19-05：00]信息：分叉厨师实例收敛... 
 ==>默认值：[2014-10-02T16：11：19-05：00]信息：***厨师11.16.2 *** 
 ==>默认值：[2014-10-02T16：11：19-05：00]信息：Chef-client pid：6080 
 ==>默认值：[2014-10-02T16：11：21-05：00]信息：HTTP请求返回401未经授权：错误
 
 ==>默认值：无法通过Chef服务器（http 401）进行身份验证。 
 
 ==>默认值：无法通过身份验证为 test2。确保您的node_name和客户端密钥正确。 
 
 ==>默认值：chef_server_url https://server.myorg.com 
 ==>默认值：node_name test2 
 ==>默认值：client_key /etc/chef/client.pem 
  

这些是我的Vagrantfiles：

1）带包装盒的Vagrantfile：

 ＃-*-模式：ruby-*-
＃vi：set ft = ruby​​：
 
 Vagrant.configure（ 2）do | config | 
 config.vm.provider：vsphere做| vsphere | 
 vsphere.host ='vsphereserver.myorg.com'
 vsphere.compute_resource_name ='TestDev'
 vsphere.user ='vagrantadmin'
 vsphere.password ='密码'
 vsphere.insecure = true 
结束
 
 config.ssh.username ='auto'
 config.ssh.private_key_path ='〜/ .vagrant.d / id_rsa'
 end 
  

2）我主目录中的Vagrantfile（〜/ .vagrant。 d）：

 ＃-*-模式：ruby-*-
＃vi：set ft = ruby​​：
 
 Vagrant.configure（ 2）做| config | 
 config.vm.box ='vsphere'
 
 config.vm.provider：vsphere do | vsphere | 
 vsphere.template_name ='vagrantchefnode'
结束
 
 config.vm.provision chef_client，id： chef do | chef | 
 Chef.provisioning_path = / etc / chef 
 Chef.chef_server_url = https://chefserver.myorg.com 
 Chef.validation_key_path = /home/user/.vagrant。 d / chef / validation.pem 
＃cook.client_key_path = /etc/chef/client.pem 
 Chef.validation_client_name =厨师验证器 
 Chef.custom_config_path = / home / user / .vagrant.d / Vagrantfile.chef 
 Chef.delete_node =真
 Chef.delete_client =真
 Chef.add_role基本 
结束
结束
  

3）项目目录中的Vagrantfile（〜/ .vagrant.d / boxes / Chefnode1）：

 ＃-*-模式：红宝石-*-
＃vi：设置ft = ruby​​：
 
 Vagrant.configure（ 2）做| config | 
 
 config.vm.provider：vsphere do | vsphere | 
＃vsphere.template_name ='chefnode'
 vsphere.customization_spec_name ='test2'
 vsphere.name ='test2'
结束
 
 config.vm .provision chef_client，id： chef do | chef | 
 Chef.node_name = test2 
 Chef.add_role dev 
结束
结束
  

我尝试取消第二个Vagrantfile中的Chef.client_key_path的注释，但没有任何效果。当我将其全部放在一个Vagrantfile中时，这似乎工作得很好，但是我想运行多台计算机，而无需将所有设置都复制到每个Vagrantfile中。

解决方案

您遇到了两个问题

/etc/chef/client.pem

听起来您的基本映像具有 /etc/chef/client.pem 文件已就位，将无法通过身份验证。您需要从基本映像中删除它，以便在首次运行时由Chef创建一个新的节点/客户端。

或者（但我不建议这样做），您可以使用Shell设置程序，然后再进行厨师-客户端设置程序，然后将其删除。缺点是每次调用无业游民的规定都会导致尝试用厨师服务器创建客户端。

空运行列表

对于运行列表更改，创建新的Chef节点时，只有在Chef运行成功后才保存其运行列表。由于失败，因此您的厨师服务器未存储运行列表。然后，您直接登录并运行Chef-client时，它会询问服务器您的运行列表，该列表不存在，因此您运行了一个空的运行列表。

I'm using Vagrant to create a chef node, and it spins up the image and then the initial chef-client run fails. When I ssh into the machine, delete /etc/chef/client.pem, and run sudo chef-client again, it succeeds, but without the run_list that I passed in from vagrant. This is what the failure looks like:

$ vagrant up
Bringing machine 'default' up with 'vsphere' provider...
==> default: Calling vSphere CloneVM with the following settings:
==> default:  -- Template VM: myOrg/vm/myFolder/vagrantchefnode
==> default:  -- Target VM: myOrg/vm/myFolder/test2
==> default: Waiting for SSH to become available...
==> default: New virtual machine successfully cloned and started
==> default: Rsyncing folder: /home/user/.vagrant.d/boxes/test2/ => /vagrant
==> default: Running provisioner: chef_client...
==> default: Creating folder to hold client key...
==> default: Uploading chef client validation key...
Generating chef JSON and uploading...
==> default: Running chef-client...
==> default: stdin: is not a tty
==> default: [2014-10-02T16:11:19-05:00] INFO: Forking chef instance to converge...
==> default: [2014-10-02T16:11:19-05:00] INFO: *** Chef 11.16.2 ***
==> default: [2014-10-02T16:11:19-05:00] INFO: Chef-client pid: 6080
==> default: [2014-10-02T16:11:21-05:00] INFO: HTTP Request Returned 401 Unauthorized: error

==> default: Failed to authenticate to the chef server (http 401).

==> default: Failed to authenticate as 'test2'. Ensure that your node_name and client key are correct.

==> default: chef_server_url   "https://server.myorg.com"
==> default: node_name         "test2"
==> default: client_key        "/etc/chef/client.pem"

These are my Vagrantfiles:

1) The Vagrantfile packaged with the box:

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.provider :vsphere do |vsphere|
    vsphere.host = 'vsphereserver.myorg.com'
    vsphere.compute_resource_name = 'TestDev'
    vsphere.user = 'vagrantadmin'
    vsphere.password = 'password'
    vsphere.insecure = true
  end

  config.ssh.username = 'auto'
  config.ssh.private_key_path = '~/.vagrant.d/id_rsa'
end

2) The Vagrantfile in my home directory (~/.vagrant.d):

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.box = 'vsphere'

  config.vm.provider :vsphere do |vsphere|
    vsphere.template_name = 'vagrantchefnode'
  end

  config.vm.provision "chef_client", id: "chef" do |chef|
    chef.provisioning_path = "/etc/chef"
    chef.chef_server_url = "https://chefserver.myorg.com"
    chef.validation_key_path = "/home/user/.vagrant.d/chef/validation.pem"
#    chef.client_key_path = "/etc/chef/client.pem"
    chef.validation_client_name = "chef-validator"
    chef.custom_config_path = "/home/user/.vagrant.d/Vagrantfile.chef"
    chef.delete_node = true
    chef.delete_client = true
    chef.add_role "base"
  end
end

3) Vagrantfile from the project directory (~/.vagrant.d/boxes/chefnode1):

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  config.vm.provider :vsphere do |vsphere|
#    vsphere.template_name = 'chefnode'
    vsphere.customization_spec_name = 'test2'
    vsphere.name = 'test2'
  end

  config.vm.provision "chef_client", id: "chef" do |chef|
    chef.node_name = "test2"
    chef.add_role "dev"
  end
end

I've tried uncommenting out the chef.client_key_path in the second Vagrantfile, with no effect. This seemed to work just fine when I had it all in one Vagrantfile, but I want to run multiple machines without copying all the settings into each Vagrantfile.

I have a full log with the --debug tag, if anybody wants it.

解决方案

You have two issues going on

/etc/chef/client.pem

It sounds like your base image has a /etc/chef/client.pem file already in place, which will fail to authenticate. You need to remove this from your base image so that a new node/client is created with chef on first run.

Alternately (but I don't suggest it), you can use a shell provisioner, before you chef-client provisioner, and just delete it with that. The downside is that every call to vagrant provision will result in a new attempt to create the client with chef-server.

Empty run list

As for the run-list changing, when a new chef node is created, its runlist is only saved if the chef run succeeds. Since it failed, your chef-server didn't store the runlist. When you then login directly and run chef-client, it asked the server for your runlist, which didn't exist, so you ran an empty runlist.

这篇关于流浪汉在厨师节点上创建了不正确的client.pem（我认为）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！