0
我有3個組件:節點,服務器和工作站。我沒有設置這些。我可以從工作站運行裁刀狀態,並返回當前結果(我相信這證實了從工作站到服務器的連接)。我可以成功地從節點本身運行chef-client(我相信這證實了從節點到服務器的連接+清楚地表明它已經被引導)。節點連接到廚師服務器,工作站連接廚師服務器,但引導相同的節點失敗
但嘗試再次引導失敗。我發現奇怪的一件事是,我注意到工作站上的/etc/chef/client.rb文件將其node_name行替換爲我試圖啓動的節點的名稱。也許這很正常?
我不能理清的一件事是,這個錯誤使得它看起來像/ someone /無法連接到廚師服務器;但是,如上所述,我確認工作站和節點都可以授權並連接到廚師服務器。
我一直在瀏覽文檔,但一個巨大的問題是模糊性。它會說「有些東西位於/etc/chef/client.rb」 - 確定,但在節點,服務器或工作站上?他們都有這個文件!
我認爲這可能是我的鑰匙,它在工作站上的〜/ .chef/knife.rb中用「client_key」這一行表示 - 但我不想改變它,以免我失去與服務器。但似乎很明顯,某處存在身份驗證故障 - 我只是在引導過程中找不到它。
[[email protected] chef]# cat client.rb
log_location STDOUT
chef_server_url "https://chefserver/organizations/domain"
validation_client_name "domain-validator"
node_name "workstation"
ssl_verify_mode :verify_none
trusted_certs_dir "/etc/chef/trusted_certs"
[[email protected] chef]# knife bootstrap node.domain.goes.here -N node -x user -i /home/user/.ssh/id_rsa --sudo --use-sudo-password --node-ssl-verify-mode none -r recipe[chef-client]
Doing old-style registration with the validation key at ~/.keys/domain-validator.pem...
Delete your validation key in order to use your user credentials instead
Connecting to node.domain.goes.here
node.domain.goes.here -----> Existing Chef installation detected
node.domain.goes.here Starting the first Chef Client run...
node.domain.goes.here Starting Chef Client, version 12.10.24
node.domain.goes.here
node.domain.goes.here ================================================================================
node.domain.goes.here Chef encountered an error attempting to load the node data for "node"
node.domain.goes.here ================================================================================
node.domain.goes.here
node.domain.goes.here Authentication Error:
node.domain.goes.here ---------------------
node.domain.goes.here Failed to authenticate to the chef server (http 401).
node.domain.goes.here
node.domain.goes.here Server Response:
node.domain.goes.here ----------------
node.domain.goes.here Invalid signature for user or client 'node'
node.domain.goes.here
node.domain.goes.here Relevant Config Settings:
node.domain.goes.here -------------------------
node.domain.goes.here chef_server_url "https://chefserver/organizations/domain"
node.domain.goes.here node_name "node"
node.domain.goes.here client_key "/etc/chef/client.pem"
node.domain.goes.here
node.domain.goes.here If these settings are correct, your client_key may be invalid, or
node.domain.goes.here you may have a chef user with the same client name as this node.
node.domain.goes.here
node.domain.goes.here Platform:
node.domain.goes.here ---------
node.domain.goes.here x86_64-linux
node.domain.goes.here
node.domain.goes.here
node.domain.goes.here Running handlers:
node.domain.goes.here [2016-12-13T13:51:26-05:00] ERROR: Running exception handlers
node.domain.goes.here Running handlers complete
node.domain.goes.here [2016-12-13T13:51:26-05:00] ERROR: Exception handlers complete
node.domain.goes.here Chef Client failed. 0 resources updated in 01 seconds
node.domain.goes.here [2016-12-13T13:51:26-05:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
node.domain.goes.here [2016-12-13T13:51:26-05:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
node.domain.goes.here [2016-12-13T13:51:26-05:00] ERROR: 401 "Unauthorized"
node.domain.goes.here [2016-12-13T13:51:26-05:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
[[email protected] chef]# cat client.rb
log_location STDOUT
chef_server_url "https:/chef/organizations/domain"
validation_client_name "domain-validator"
node_name "node"
ssl_verify_mode :verify_none
trusted_certs_dir "/etc/chef/trusted_certs"