将 Chef-server 12 绑定到特定 IP 地址:连接拒绝连接到 https://127.0.0.1/users/,重试 1/5
Binding Chef-server 12 to specific IP address: Connection refused connecting to https://127.0.0.1/users/, retry 1/5
我们有多个应用程序 运行 在同一台服务器上但在不同的 IP 上(192.168.50.130:443 applicationA、192.168.50.131:443 applicationB 等等)
我们想在同一台机器上安装 Chef 服务器。默认情况下,厨师服务器的 nginx 侦听所有 IP 地址(0.0.0.0:443 和 0.0.0.0:80)。由于我们在同一端口 443 上有其他应用程序 运行,Chef 无法将其默认 ip 地址 (0.0.0.0) 绑定到端口 443。因此我们更改了 chef 的 nginx cookbooks 以绑定到特定的 ip 地址。现在我们在特定的 ip 192.168.56.137:443 上有了 Chef 服务器的 nginx 运行。只是想让你知道,在将 chef.example.ca 更改为特定 IP 地址后,我们也能够在浏览器上成功启动它。
真正的问题是当我们尝试使用 chef-server-ctl create-user 命令创建用户时。我们收到以下错误。
chef-server-ctl user-create user_name first_name last_name email password --filename FILE_NAME
出现 5 次错误并提示它放弃了。
ERROR: Connection refused connecting to https://127.0.0.1/users/, retry 1/5
这是我的 /etc/opscode/chef-server.rb
server_name = "chef.example.ca"
api_fqdn = server_name
notification_email = "NO-REPLY-CHEF@example.ca"
#######################
# nginx configuration #
#######################
nginx['url'] = "https://#{server_name}"
nginx['server_name'] = server_name
#nginx['ssl_certificate'] = "/etc/nginx-certs/chef/chef.example.ca.crt"
#nginx['ssl_certificate_key'] = "/etc/nginx-certs/chef/chef.example.ca.key"
#nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
/etc/hosts 文件:
192.168.56.137 chef.example.ca
你能帮我理解为什么 chef 仍然希望通过本地主机 (127.0.0.1) 连接,而 server_name 和 api_fqdn 的配置是 "chef.example.ca"。另外这个ip地址可以改成192.168.56.137吗?谢谢!
更改厨师的nginx 食谱后。我能够强制 Chef 服务器按照我的意愿监听特定的 IP 地址。
# default behavior to listen only on v4
"listen "+ node['private_chef']['nginx']['server_name'] +":#{listen_port};"
但是当我尝试登录到 web gui 时,出现以下错误
Chef-manage-ctl tail
2016-04-14_14:07:36.98112 I, [2016-04-14T11:07:36.974593 #51397] INFO -- : Started GET "/login" for 127.0.0.1 at 2016-04-14 11:07:36 -0300
2016-04-14_14:07:37.07912 I, [2016-04-14T11:07:37.077410 #51397] INFO -- : Processing by SessionsController#new as HTML
2016-04-14_14:07:37.40107 I, [2016-04-14T11:07:37.397369 #51397] INFO -- : Rendered sessions/new.html.erb within layouts/outside (171.2ms)
2016-04-14_14:07:37.43189 I, [2016-04-14T11:07:37.428147 #51397] INFO -- : Rendered shared/_header.html.erb (2.4ms)
2016-04-14_14:07:37.44882 I, [2016-04-14T11:07:37.447813 #51397] INFO -- : Rendered shared/_footer.html.haml (4.6ms)
2016-04-14_14:07:37.47773 I, [2016-04-14T11:07:37.476979 #51397] INFO -- : Rendered layouts/_client_config.html.erb (2.1ms)
2016-04-14_14:07:37.47985 I, [2016-04-14T11:07:37.479065 #51397] INFO -- : Rendered shared/_js.html.erb (0.9ms)
2016-04-14_14:07:37.48226 I, [2016-04-14T11:07:37.480695 #51397] INFO -- : Rendered shared/_marketo.html.erb (0.5ms)
2016-04-14_14:07:37.48230 I, [2016-04-14T11:07:37.481110 #51397] INFO -- : Completed 200 OK in 404ms (Views: 397.9ms)
2016-04-14_14:07:43.69537 I, [2016-04-14T11:07:43.691233 #51397] INFO -- : Started POST "/login" for 127.0.0.1 at 2016-04-14 11:07:43 -0300
2016-04-14_14:07:43.69540 I, [2016-04-14T11:07:43.692915 #51397] INFO -- : Processing by SessionsController#create as HTML
2016-04-14_14:07:43.69541 I, [2016-04-14T11:07:43.692999 #51397] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"ZF7NM8/Rtr+ObtRxdUZcIQfSohbaKYtGi751bHbm/HkHfGejnQ1peCG+lFXuHYsFS5e/OS6HtxZnU+rC5d+qgw==", "to"=>"", "username"=>"srinivd1", "password"=>"[FILTERED]", "commit"=>"Sign In"}
2016-04-14_14:07:43.95797 E, [2016-04-14T11:07:43.956971 #51397] ERROR -- : Connection refused - Connection refused connecting to https://localhost:444/authenticate_user, giving up
2016-04-14_14:07:43.95799 E, [2016-04-14T11:07:43.957083 #51397] ERROR -- : /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:305:in `rescue in retrying_http_errors'
2016-04-14_14:07:43.95799 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:291:in `retrying_http_errors'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:256:in `send_http_request'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:143:in `request'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:126:in `post'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/chef-manage/app/controllers/sessions_controller.rb:86:in `authenticate'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/chef-manage/app/controllers/sessions_controller.rb:27:in `create'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/implicit_render.rb:4:in `send_action'
2016-04-14_14:07:43.95801 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/abstract_controller/base.rb:198:in `process_action'
2016-04-14_14:07:43.95801 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/rendering.rb:10:in `process_action'
2016-04-14_14:07:43.95801 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:117:in `call'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:117:in `call'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:505:in `call'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:505:in `call'
2016-04-14_14:07:43.95803 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:92:in `__run_callbacks__'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:81:in `run_callbacks'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/abstract_controller/callbacks.rb:19:in `process_action'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/rescue.rb:29:in `process_action'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
2016-04-14_14:07:43.95805 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/notifications.rb:164:in `block in instrument'
2016-04-14_14:07:43.95805 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2016-04-14_14:07:43.95805 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/notifications.rb:164:in `instrument'
2016-04-14_14:07:43.95805 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/abstract_controller/base.rb:137:in `process'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionview-4.2.5.2/lib/action_view/rendering.rb:30:in `process'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal.rb:196:in `dispatch'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal.rb:237:in `block in action'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/routing/route_set.rb:74:in `call'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/routing/route_set.rb:74:in `dispatch'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/routing/route_set.rb:43:in `serve'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/journey/router.rb:30:in `each'
2016-04-14_14:07:43.95808 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/journey/router.rb:30:in `serve'
2016-04-14_14:07:43.95808 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/routing/route_set.rb:815:in `call'
2016-04-14_14:07:43.95808 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/etag.rb:24:in `call'
2016-04-14_14:07:43.95808 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/conditionalget.rb:38:in `call'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/head.rb:13:in `call'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/flash.rb:260:in `call'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:225:in `context'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:220:in `call'
2016-04-14_14:07:43.95810 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2016-04-14_14:07:43.95810 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2016-04-14_14:07:43.95810 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:88:in `__run_callbacks__'
2016-04-14_14:07:43.95810 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:81:in `run_callbacks'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/rack/logger.rb:38:in `call_app'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/rack/logger.rb:22:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/methodoverride.rb:22:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/runtime.rb:18:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2016-04-14_14:07:43.95813 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/static.rb:116:in `call'
2016-04-14_14:07:43.95813 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/sendfile.rb:113:in `call'
2016-04-14_14:07:43.95813 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/ssl.rb:24:in `call'
2016-04-14_14:07:43.95813 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/sentry-raven-0.15.1/lib/raven/integrations/rack.rb:54:in `call'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/engine.rb:518:in `call'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/application.rb:165:in `call'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/railtie.rb:194:in `public_send'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/railtie.rb:194:in `method_missing'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:580:in `process_client'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-worker-killer-0.4.3/lib/unicorn/worker_killer.rb:52:in `process_client'
2016-04-14_14:07:43.95815 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-worker-killer-0.4.3/lib/unicorn/worker_killer.rb:92:in `process_client'
2016-04-14_14:07:43.95815 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:674:in `worker_loop'
2016-04-14_14:07:43.95815 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:529:in `spawn_missing_workers'
2016-04-14_14:07:43.95816 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:140:in `start'
2016-04-14_14:07:43.95816 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/bin/unicorn:126:in `<top (required)>'
2016-04-14_14:07:43.95816 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/bin/unicorn:23:in `load'
2016-04-14_14:07:43.95816 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/bin/unicorn:23:in `<main>'
2016-04-14_14:07:44.02026 I, [2016-04-14T11:07:44.016528 #51397] INFO -- : Rendered errors/error_500.haml within layouts/outside (2.0ms)
2016-04-14_14:07:44.02028 I, [2016-04-14T11:07:44.018118 #51397] INFO -- : Rendered shared/_header.html.erb (0.4ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.018601 #51397] INFO -- : Rendered shared/_footer.html.haml (0.3ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.019163 #51397] INFO -- : Rendered layouts/_client_config.html.erb (0.4ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.019458 #51397] INFO -- : Rendered shared/_js.html.erb (0.1ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.019674 #51397] INFO -- : Rendered shared/_marketo.html.erb (0.1ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.019874 #51397] INFO -- : Completed 500 Internal Server Error in 327ms (Views: 5.9ms)
我想你想要的设置是lb['vip'] = 'whatever'。也就是说,Chef Server 是一种设备,希望能够完全控制整个盒子。您不应该 运行 它与其他服务在同一台机器上。要么把它放在自己的 VM 中,要么使用 LXC/D 之类的东西将它锁定在容器中。
好的,经过一些挖掘和检查,没有本地方法可以限制 nginx 正在侦听的 IP,所以最好的方法是使用另一个端口。
由于您最初的问题是 SSL 端口,因此让 chef 下一个使用 443 的另一个 Web 服务器的支持方法是更改 nginx ssl 端口(从 The documentation 使用这种 chef-server.rb配置:
nginx['ssl_port']=444
然后你必须相应地配置你的客户,以便在你给他们 chef-server 时使用正确的端口 url。
提醒:在 chef-server.rb 中进行任何更改后,您必须 运行 chef-server-ctl reconfigure 更新服务配置和命令行工具。
如果您想知道为什么不支持对特定 IP 的限制,这是我使用修改后的 chef-server.rb 挖掘代码的结果 I强烈反对这种使用,它会在每次更新时崩溃,除非提出拉取请求来改变这种行为:
根本原因是 this line 在 nginx_chef_api_lb.conf.erb 模板使用的 nginx erb helper 中。
# default behavior to listen only on v4
"listen #{listen_port};"
因此您必须修改 private-chef cookbook 以使其侦听特定 IP,将 lb['vip'] 作为模板的一部分可能值得 PR。 (旁注:我发誓它已经这样使用了)
然后为了从外部正常工作,nginx 现在应该是服务器,使用 api_fqdn 应该足够了,因为所有其他属性如果未设置则采用此值(摘自 here:
def gen_api_fqdn_default
PrivateChef["lb"]["api_fqdn"] ||= PrivateChef['api_fqdn']
PrivateChef["lb"]["web_ui_fqdn"] ||= PrivateChef['api_fqdn']
PrivateChef["nginx"]["server_name"] ||= PrivateChef['api_fqdn']
PrivateChef["nginx"]["url"] ||= "https://#{PrivateChef['api_fqdn']}"
end
但是 chef-server-ctl 配置(即 pivotal.rb)采用 lb['vip'] 值而不是 api_fqdn 值。
所以一个有效的 chef-server.rb 文件可能是:
api_fqdn = "chef.example.ca"
lb['vip'] = server_name
notification_email = "NO-REPLY-CHEF@example.ca"
我们有多个应用程序 运行 在同一台服务器上但在不同的 IP 上(192.168.50.130:443 applicationA、192.168.50.131:443 applicationB 等等)
我们想在同一台机器上安装 Chef 服务器。默认情况下,厨师服务器的 nginx 侦听所有 IP 地址(0.0.0.0:443 和 0.0.0.0:80)。由于我们在同一端口 443 上有其他应用程序 运行,Chef 无法将其默认 ip 地址 (0.0.0.0) 绑定到端口 443。因此我们更改了 chef 的 nginx cookbooks 以绑定到特定的 ip 地址。现在我们在特定的 ip 192.168.56.137:443 上有了 Chef 服务器的 nginx 运行。只是想让你知道,在将 chef.example.ca 更改为特定 IP 地址后,我们也能够在浏览器上成功启动它。
真正的问题是当我们尝试使用 chef-server-ctl create-user 命令创建用户时。我们收到以下错误。
chef-server-ctl user-create user_name first_name last_name email password --filename FILE_NAME
出现 5 次错误并提示它放弃了。
ERROR: Connection refused connecting to https://127.0.0.1/users/, retry 1/5
这是我的 /etc/opscode/chef-server.rb
server_name = "chef.example.ca"
api_fqdn = server_name
notification_email = "NO-REPLY-CHEF@example.ca"
#######################
# nginx configuration #
#######################
nginx['url'] = "https://#{server_name}"
nginx['server_name'] = server_name
#nginx['ssl_certificate'] = "/etc/nginx-certs/chef/chef.example.ca.crt"
#nginx['ssl_certificate_key'] = "/etc/nginx-certs/chef/chef.example.ca.key"
#nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
/etc/hosts 文件:
192.168.56.137 chef.example.ca
你能帮我理解为什么 chef 仍然希望通过本地主机 (127.0.0.1) 连接,而 server_name 和 api_fqdn 的配置是 "chef.example.ca"。另外这个ip地址可以改成192.168.56.137吗?谢谢!
更改厨师的nginx 食谱后。我能够强制 Chef 服务器按照我的意愿监听特定的 IP 地址。
# default behavior to listen only on v4
"listen "+ node['private_chef']['nginx']['server_name'] +":#{listen_port};"
但是当我尝试登录到 web gui 时,出现以下错误
Chef-manage-ctl tail
2016-04-14_14:07:36.98112 I, [2016-04-14T11:07:36.974593 #51397] INFO -- : Started GET "/login" for 127.0.0.1 at 2016-04-14 11:07:36 -0300
2016-04-14_14:07:37.07912 I, [2016-04-14T11:07:37.077410 #51397] INFO -- : Processing by SessionsController#new as HTML
2016-04-14_14:07:37.40107 I, [2016-04-14T11:07:37.397369 #51397] INFO -- : Rendered sessions/new.html.erb within layouts/outside (171.2ms)
2016-04-14_14:07:37.43189 I, [2016-04-14T11:07:37.428147 #51397] INFO -- : Rendered shared/_header.html.erb (2.4ms)
2016-04-14_14:07:37.44882 I, [2016-04-14T11:07:37.447813 #51397] INFO -- : Rendered shared/_footer.html.haml (4.6ms)
2016-04-14_14:07:37.47773 I, [2016-04-14T11:07:37.476979 #51397] INFO -- : Rendered layouts/_client_config.html.erb (2.1ms)
2016-04-14_14:07:37.47985 I, [2016-04-14T11:07:37.479065 #51397] INFO -- : Rendered shared/_js.html.erb (0.9ms)
2016-04-14_14:07:37.48226 I, [2016-04-14T11:07:37.480695 #51397] INFO -- : Rendered shared/_marketo.html.erb (0.5ms)
2016-04-14_14:07:37.48230 I, [2016-04-14T11:07:37.481110 #51397] INFO -- : Completed 200 OK in 404ms (Views: 397.9ms)
2016-04-14_14:07:43.69537 I, [2016-04-14T11:07:43.691233 #51397] INFO -- : Started POST "/login" for 127.0.0.1 at 2016-04-14 11:07:43 -0300
2016-04-14_14:07:43.69540 I, [2016-04-14T11:07:43.692915 #51397] INFO -- : Processing by SessionsController#create as HTML
2016-04-14_14:07:43.69541 I, [2016-04-14T11:07:43.692999 #51397] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"ZF7NM8/Rtr+ObtRxdUZcIQfSohbaKYtGi751bHbm/HkHfGejnQ1peCG+lFXuHYsFS5e/OS6HtxZnU+rC5d+qgw==", "to"=>"", "username"=>"srinivd1", "password"=>"[FILTERED]", "commit"=>"Sign In"}
2016-04-14_14:07:43.95797 E, [2016-04-14T11:07:43.956971 #51397] ERROR -- : Connection refused - Connection refused connecting to https://localhost:444/authenticate_user, giving up
2016-04-14_14:07:43.95799 E, [2016-04-14T11:07:43.957083 #51397] ERROR -- : /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:305:in `rescue in retrying_http_errors'
2016-04-14_14:07:43.95799 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:291:in `retrying_http_errors'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:256:in `send_http_request'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:143:in `request'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/chef-11.16.2/lib/chef/http.rb:126:in `post'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/chef-manage/app/controllers/sessions_controller.rb:86:in `authenticate'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/chef-manage/app/controllers/sessions_controller.rb:27:in `create'
2016-04-14_14:07:43.95800 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/implicit_render.rb:4:in `send_action'
2016-04-14_14:07:43.95801 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/abstract_controller/base.rb:198:in `process_action'
2016-04-14_14:07:43.95801 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/rendering.rb:10:in `process_action'
2016-04-14_14:07:43.95801 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:117:in `call'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:117:in `call'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:505:in `call'
2016-04-14_14:07:43.95802 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:505:in `call'
2016-04-14_14:07:43.95803 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:92:in `__run_callbacks__'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:81:in `run_callbacks'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/abstract_controller/callbacks.rb:19:in `process_action'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/rescue.rb:29:in `process_action'
2016-04-14_14:07:43.95804 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
2016-04-14_14:07:43.95805 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/notifications.rb:164:in `block in instrument'
2016-04-14_14:07:43.95805 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2016-04-14_14:07:43.95805 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/notifications.rb:164:in `instrument'
2016-04-14_14:07:43.95805 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/abstract_controller/base.rb:137:in `process'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionview-4.2.5.2/lib/action_view/rendering.rb:30:in `process'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal.rb:196:in `dispatch'
2016-04-14_14:07:43.95806 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_controller/metal.rb:237:in `block in action'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/routing/route_set.rb:74:in `call'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/routing/route_set.rb:74:in `dispatch'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/routing/route_set.rb:43:in `serve'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2016-04-14_14:07:43.95807 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/journey/router.rb:30:in `each'
2016-04-14_14:07:43.95808 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/journey/router.rb:30:in `serve'
2016-04-14_14:07:43.95808 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/routing/route_set.rb:815:in `call'
2016-04-14_14:07:43.95808 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/etag.rb:24:in `call'
2016-04-14_14:07:43.95808 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/conditionalget.rb:38:in `call'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/head.rb:13:in `call'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/flash.rb:260:in `call'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:225:in `context'
2016-04-14_14:07:43.95809 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:220:in `call'
2016-04-14_14:07:43.95810 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2016-04-14_14:07:43.95810 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2016-04-14_14:07:43.95810 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:88:in `__run_callbacks__'
2016-04-14_14:07:43.95810 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/callbacks.rb:81:in `run_callbacks'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2016-04-14_14:07:43.95811 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/rack/logger.rb:38:in `call_app'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/rack/logger.rb:22:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/methodoverride.rb:22:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/runtime.rb:18:in `call'
2016-04-14_14:07:43.95812 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/activesupport-4.2.5.2/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2016-04-14_14:07:43.95813 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/static.rb:116:in `call'
2016-04-14_14:07:43.95813 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/rack-1.6.4/lib/rack/sendfile.rb:113:in `call'
2016-04-14_14:07:43.95813 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/ssl.rb:24:in `call'
2016-04-14_14:07:43.95813 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/sentry-raven-0.15.1/lib/raven/integrations/rack.rb:54:in `call'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/engine.rb:518:in `call'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/application.rb:165:in `call'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/railtie.rb:194:in `public_send'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/railties-4.2.5.2/lib/rails/railtie.rb:194:in `method_missing'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:580:in `process_client'
2016-04-14_14:07:43.95814 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-worker-killer-0.4.3/lib/unicorn/worker_killer.rb:52:in `process_client'
2016-04-14_14:07:43.95815 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-worker-killer-0.4.3/lib/unicorn/worker_killer.rb:92:in `process_client'
2016-04-14_14:07:43.95815 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:674:in `worker_loop'
2016-04-14_14:07:43.95815 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:529:in `spawn_missing_workers'
2016-04-14_14:07:43.95816 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:140:in `start'
2016-04-14_14:07:43.95816 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/gems/unicorn-4.9.0/bin/unicorn:126:in `<top (required)>'
2016-04-14_14:07:43.95816 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/bin/unicorn:23:in `load'
2016-04-14_14:07:43.95816 /opt/chef-manage/embedded/service/gem/ruby/2.2.0/bin/unicorn:23:in `<main>'
2016-04-14_14:07:44.02026 I, [2016-04-14T11:07:44.016528 #51397] INFO -- : Rendered errors/error_500.haml within layouts/outside (2.0ms)
2016-04-14_14:07:44.02028 I, [2016-04-14T11:07:44.018118 #51397] INFO -- : Rendered shared/_header.html.erb (0.4ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.018601 #51397] INFO -- : Rendered shared/_footer.html.haml (0.3ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.019163 #51397] INFO -- : Rendered layouts/_client_config.html.erb (0.4ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.019458 #51397] INFO -- : Rendered shared/_js.html.erb (0.1ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.019674 #51397] INFO -- : Rendered shared/_marketo.html.erb (0.1ms)
2016-04-14_14:07:44.02029 I, [2016-04-14T11:07:44.019874 #51397] INFO -- : Completed 500 Internal Server Error in 327ms (Views: 5.9ms)
我想你想要的设置是lb['vip'] = 'whatever'。也就是说,Chef Server 是一种设备,希望能够完全控制整个盒子。您不应该 运行 它与其他服务在同一台机器上。要么把它放在自己的 VM 中,要么使用 LXC/D 之类的东西将它锁定在容器中。
好的,经过一些挖掘和检查,没有本地方法可以限制 nginx 正在侦听的 IP,所以最好的方法是使用另一个端口。
由于您最初的问题是 SSL 端口,因此让 chef 下一个使用 443 的另一个 Web 服务器的支持方法是更改 nginx ssl 端口(从 The documentation 使用这种 chef-server.rb配置:
nginx['ssl_port']=444
然后你必须相应地配置你的客户,以便在你给他们 chef-server 时使用正确的端口 url。
提醒:在 chef-server.rb 中进行任何更改后,您必须 运行 chef-server-ctl reconfigure 更新服务配置和命令行工具。
如果您想知道为什么不支持对特定 IP 的限制,这是我使用修改后的 chef-server.rb 挖掘代码的结果 I强烈反对这种使用,它会在每次更新时崩溃,除非提出拉取请求来改变这种行为:
根本原因是 this line 在 nginx_chef_api_lb.conf.erb 模板使用的 nginx erb helper 中。
# default behavior to listen only on v4
"listen #{listen_port};"
因此您必须修改 private-chef cookbook 以使其侦听特定 IP,将 lb['vip'] 作为模板的一部分可能值得 PR。 (旁注:我发誓它已经这样使用了)
然后为了从外部正常工作,nginx 现在应该是服务器,使用 api_fqdn 应该足够了,因为所有其他属性如果未设置则采用此值(摘自 here:
def gen_api_fqdn_default
PrivateChef["lb"]["api_fqdn"] ||= PrivateChef['api_fqdn']
PrivateChef["lb"]["web_ui_fqdn"] ||= PrivateChef['api_fqdn']
PrivateChef["nginx"]["server_name"] ||= PrivateChef['api_fqdn']
PrivateChef["nginx"]["url"] ||= "https://#{PrivateChef['api_fqdn']}"
end
但是 chef-server-ctl 配置(即 pivotal.rb)采用 lb['vip'] 值而不是 api_fqdn 值。
所以一个有效的 chef-server.rb 文件可能是:
api_fqdn = "chef.example.ca"
lb['vip'] = server_name
notification_email = "NO-REPLY-CHEF@example.ca"