我刚刚完成了安装 chef-server教程参见 Chef 的网站,使用 ec2 实例作为我的 chef-server(t2.medium Ubuntu 16.04 AMI),使用我的笔记本电脑作为工作站,也运行 Ubuntu 16.04。
看来我已成功设置 chef-workstation 和 chef-server。但是,找不到我的“user.pem”密钥。这很不正常,因为我的 pem 密钥已使用“scp”成功从 chef-server 拉到 chef-workstation。我可以在我的工作站上的 chef-repo 目录中看到它们。
有人可以帮我找出为什么找不到我的 pem 密钥吗?
来自我的厨师工作站:
~/chef-repo/
我跑:
knife ssl fetch
我得到:
WARNING: Certificates from ec2-XX-XX-XXX-XXX.us-west-1.compute.amazonaws.com will be fetched and placed in your trusted_cert
directory (/home/user/chef-repo/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for ec2-XX-XX-XXX-XXX_us-west-1_compute_amazonaws_com in /home/user/chef-repo/.chef/trusted_certs/ec2-XX-XX-XXX-XXX_us-west-1_compute_amazonaws_com.crt
所以现在我有:
'/chef-repo/.chef/trusted_certs/ec2-52-53-255-252_us-west-1_compute_amazonaws_com.crt'
文件如预期。
接下来我运行:
knife ssl check
我得到:
Connecting to host ec2-XX-XX-XXX-XXX.us-west-1.compute.amazonaws.com:443
Successfully verified certificates from `ec2-XX-XX-XXX-XXX.us-west-1.compute.amazonaws.com'
但是当我跑步时:
knife client list
我得到:
WARN: Failed to read the private key /user.pem: #<Errno::ENOENT: No such file or directory @ rb_sysopen - /user.pem>
Your private key could not be loaded from /user.pem
Check your configuration file and ensure that your private key is readable
我的“knife.rb.”设置是:
log_level :info
log_location STDOUT
node_name "user"
client_key "#{current_dir}/user.pem"
validation_client_name "myorg_shortname-validator"
validation_key "#{current_dir}/myorg_shortname-validator.pem"
chef_server_url "https://ec2-XX-XX-XXX-XXX.us-west-1.compute.amazonaws.com/organizations/myorg_shortname"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]
在我的 chef-server 上,我的 /etc/hosts 和 /etc/hostname 设置均为:
ip-XXX-XX-XX-XX.us-west-1.compute.internal
奇怪的是,我必须将“knife.rb”中的“chef_server_url”设置为:
ec2-XX-XX-XXX-XXX_us-west-1_compute_amazonaws_com
而不是:
ip-XXX-XX-XX-XX.us-west-1.compute.internal
否则它就取不到我的钥匙
我错过了什么?
答案1
我希望我没有浪费任何人的时间。我发现问题出在我的“knife.rb”设置的顶部。当我在某件事上花费太多时间时,就会发生这种情况,而我真的需要休息一下。
我缺少“knife.rb”顶部的目录路径:
current_dir = File.dirname(__FILE__)
所以我的“knife.rb”现在看起来像这样:
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name 'user'
client_key "#{current_dir}/user.pem"
validation_client_name 'digitalocean-validator'
validation_key "#{current_dir}/myorg-validator.pem"
chef_server_url 'https://ec2-XX-XX-XXX-XXX.us-west-1.compute.amazonaws.com/organizations/myorg'
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
希望我至少能帮助到经历过这种情况的人。保重。
答案2
为什么 chef 无法从我的 users.pem 中读取私钥?
WARN: Failed to read the private key /root/chef-repo/.chef/xxxx.pem : #<Errno::ENOENT: No such file or directory @ rb_sysopen - /root/chef-repo/.chef/xxxx.pem >
ERROR: Your private key could not be loaded from /root/chef-repo/.chef/admin.pem
Check your configuration file and ensure that your private key is readable
我已经交叉检查/etc/hosts了/etc/hostnameknife.rb 中的服务器 IP 地址。我在 knife.rb 文件中写了第一行。