windows 上的 chef-client 因 NoSuchMethodError 失败
chef-client on windows failing with NoSuchMethodError
先决条件
- Chef Sever 运行正在托管在与 node/workstation
相同的隔离网络上的虚拟机上
- 网络确实需要代理才能与 Internet 上的服务通信
问题
在 bootstrapping windows 上的 特定 节点后尝试 运行 'chef-client' 导致:-
knife winrm <machine> chef-client -m -x <user> -P <password> --verbose
[2017-03-15T07:48:28+00:00] INFO: *** Chef 12.19.36 ***
[2017-03-15T07:48:28+00:00] INFO: Platform: x64-mingw32
[2017-03-15T07:48:28+00:00] INFO: Chef-client pid: 16184
[2017-03-15T07:48:50+00:00] INFO: Client key C:\chef\client.pem is not present - registering
[2017-03-15T07:48:50+00:00] ERROR: Running exception handlers
[2017-03-15T07:48:50+00:00] ERROR: Exception handlers complete
[2017-03-15T07:48:50+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
[2017-03-15T07:48:50+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-03-15T07:48:50+00:00] FATAL: NoMethodError: undefined method `closed?' for nil:NilClass
Did you mean? clone
正确,它没有找到 client.pem 并且是第一次使用验证器但是在读取堆栈跟踪时,我可以看到根本原因是机器无法获取私钥来自厨师服务器。见下文:-
>>>> Caused by Net::HTTPServerException: 407 "Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )"
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:120:in `error!'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:129:in `value'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:920:in `connect'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:852:in `start'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:1398:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http/basic_client.rb:70:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:340:in `block in send_http_request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:372:in `block in retrying_http_errors'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:370:in `loop'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:370:in `retrying_http_errors'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:333:in `send_http_request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:148:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:131:in `post'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:96:in `create'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:87:in `create_or_update'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:58:in `run'
我尝试了什么?
从 Chef 服务器手动创建和下载私钥 - 稍后仍会收到 407。这让我相信实际上存在一些代理问题但是我能够从节点
很好地与厨师服务器通信
我已经 运行 使用域控制器凭据的 WinRM 命令,所以我确定不缺少权限并在节点上启用了以下 WinRM 设置。
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig -transport:http
cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}
cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="3000"}
cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}
cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}
cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}
cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"}
cmd.exe /c netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
Update 运行ning chef-client 在机器本地,甚至不使用 WinRM 也会导致相同的错误。 在 post 中保留 WinRM 设置和命令以供历史参考
Knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin_user.pem"
validation_client_name 'org-validator'
validation_key "#{current_dir}/org-validator.pem"
chef_server_url "https://chef.fqdn/organizations/org"
cookbook_path ["#{current_dir}/../cookbooks"]
Client.rb 由 bootstrap 进程创建
log_level :info
log_location STDOUT
chef_server_url "https://chef.fqdn/organizations/org"
validation_client_name "org-validator"
file_cache_path "c:/chef/cache"
file_backup_path "c:/chef/backup"
cache_options ({:path => "c:/chef/cache/checksums", :skip_expires => true})
# Using default node name (fqdn)
trusted_certs_dir "c:/chef/trusted_certs"
值得注意的是,我在网络上的任何其他机器上都没有遇到这个问题。我正在努力从 chef-client 或 chef-server 中找到更多调试信息。
回答
如已接受的答案中所述,机器在厨师识别并尝试使用的 windows 环境变量中设置了 HTTP_PROXY。解决方案是将 no_proxy 添加到 client.rb 或删除 HTTP_PROXY 环境变量。
no_proxy 'chef.fqdn'
如果 Chef 不需要代理,请取消设置代理环境变量或适当设置 no_proxy。
先决条件
- Chef Sever 运行正在托管在与 node/workstation 相同的隔离网络上的虚拟机上
- 网络确实需要代理才能与 Internet 上的服务通信
问题
在 bootstrapping windows 上的 特定 节点后尝试 运行 'chef-client' 导致:-
knife winrm <machine> chef-client -m -x <user> -P <password> --verbose
[2017-03-15T07:48:28+00:00] INFO: *** Chef 12.19.36 ***
[2017-03-15T07:48:28+00:00] INFO: Platform: x64-mingw32
[2017-03-15T07:48:28+00:00] INFO: Chef-client pid: 16184
[2017-03-15T07:48:50+00:00] INFO: Client key C:\chef\client.pem is not present - registering
[2017-03-15T07:48:50+00:00] ERROR: Running exception handlers
[2017-03-15T07:48:50+00:00] ERROR: Exception handlers complete
[2017-03-15T07:48:50+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
[2017-03-15T07:48:50+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-03-15T07:48:50+00:00] FATAL: NoMethodError: undefined method `closed?' for nil:NilClass
Did you mean? clone
正确,它没有找到 client.pem 并且是第一次使用验证器但是在读取堆栈跟踪时,我可以看到根本原因是机器无法获取私钥来自厨师服务器。见下文:-
>>>> Caused by Net::HTTPServerException: 407 "Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )"
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:120:in `error!'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:129:in `value'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:920:in `connect'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:852:in `start'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:1398:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http/basic_client.rb:70:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:340:in `block in send_http_request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:372:in `block in retrying_http_errors'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:370:in `loop'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:370:in `retrying_http_errors'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:333:in `send_http_request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:148:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:131:in `post'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:96:in `create'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:87:in `create_or_update'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:58:in `run'
我尝试了什么?
从 Chef 服务器手动创建和下载私钥 - 稍后仍会收到 407。这让我相信实际上存在一些代理问题但是我能够从节点
很好地与厨师服务器通信我已经 运行 使用域控制器凭据的 WinRM 命令,所以我确定不缺少权限并在节点上启用了以下 WinRM 设置。
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig -transport:http
cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}
cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="3000"}
cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}
cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}
cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}
cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"}
cmd.exe /c netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
Update 运行ning chef-client 在机器本地,甚至不使用 WinRM 也会导致相同的错误。 在 post 中保留 WinRM 设置和命令以供历史参考
Knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin_user.pem"
validation_client_name 'org-validator'
validation_key "#{current_dir}/org-validator.pem"
chef_server_url "https://chef.fqdn/organizations/org"
cookbook_path ["#{current_dir}/../cookbooks"]
Client.rb 由 bootstrap 进程创建
log_level :info
log_location STDOUT
chef_server_url "https://chef.fqdn/organizations/org"
validation_client_name "org-validator"
file_cache_path "c:/chef/cache"
file_backup_path "c:/chef/backup"
cache_options ({:path => "c:/chef/cache/checksums", :skip_expires => true})
# Using default node name (fqdn)
trusted_certs_dir "c:/chef/trusted_certs"
值得注意的是,我在网络上的任何其他机器上都没有遇到这个问题。我正在努力从 chef-client 或 chef-server 中找到更多调试信息。
回答
如已接受的答案中所述,机器在厨师识别并尝试使用的 windows 环境变量中设置了 HTTP_PROXY。解决方案是将 no_proxy 添加到 client.rb 或删除 HTTP_PROXY 环境变量。
no_proxy 'chef.fqdn'
如果 Chef 不需要代理,请取消设置代理环境变量或适当设置 no_proxy。