关于在 macOS 10.13 上设置 Chef Push Jobs Client 的任何指示?
Any pointers on setting up Chef Push Jobs Client on macOS 10.13?
我正在尝试在 macOS 10.13 节点上设置 chef-push-jobs 客户端。
这是我目前所做的:
- 已从 Chef Downloads
安装适用于 macOS 的 push-jobs-client
创建了一个名为 push-jobs-client.rb 的配置文件,如下所示:
chef_server_url 'https://chef.XXXXX.com/organizations/XXXXX'
node_name 'default-macos-1013'
client_key '/opt/chef/embedded/ssl/cert.pem'
trusted_certs_dir '/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/spec/data/trusted_certs'
verify_api_cert true
ssl_verify_mode :verify_peer
allow_unencrypted true
log_level :info
log_location STDOUT
whitelist({"chef-client"=>"chef-client"})
Mixlib::Log::Formatter.show_time = false
运行 这个命令:
/usr/local/bin/pushy-client -c push-jobs-client.rb
错误信息:
/opt/push-jobs-client/embedded/lib/ruby/gems/2.4.0/gems/opscode-pushy-client-2.4.8/lib/pushy_client.rb:236:in
`rescue in get_config': Could not download push jobs config
(RuntimeError)
日志:
INFO: [jenkins03] Setting reconfigure deadline to 2018-05-04 12:05:31
+0200
INFO: [jenkins03] using config file path: '/opt/push-jobs-client/push-jobs-client.rb'
INFO: [jenkins03] Using node name: jenkins03
INFO: [jenkins03] Using org name: XXXXX
INFO: [jenkins03] Using Chef server: https://chef.XXXXX.com/organizations/XXXXX
INFO: [jenkins03] Using private key: /opt/chef/embedded/ssl/cert.pem
INFO: [jenkins03] Incarnation ID: 633f168d-c8c0-469e-a9c0-8d6658b3b3d5
INFO: [jenkins03] Allowing fallback to unencrypted connection: true
INFO: [jenkins03] Starting client ...
INFO: [jenkins03] Retrieving configuration from https://chef.XXXXX.com/organizations/XXXXX//pushy/config/jenkins03: ...
INFO: Could not download push jobs config
看起来连接和身份验证是成功的,但由于某些原因,push-jobs-client 无法从服务器检索配置。
我尝试直接在节点上的浏览器中手动从日志中获取 URL,我在浏览器中看到了 window:
{"error":["missing required authentication header(s) 'X-Ops-UserId', 'X-Ops-Timestamp', 'X-Ops-Sign', 'X-Ops-Content-Hash'"]}
所以我想知道我是否在配置中做错了什么?或者它可能是 macOS 的 push-jobs-client 中的错误?
我发现 /opt/chef/embedded/ssl/cert.pem 的 client_key 不是厨师服务器签名的 cient_key。在 /etc/chef/client.pem
找到了正确的客户端密钥
现在一切正常,但我会在这里留下答案,以防其他人遇到类似问题。
我正在尝试在 macOS 10.13 节点上设置 chef-push-jobs 客户端。
这是我目前所做的:
- 已从 Chef Downloads 安装适用于 macOS 的 push-jobs-client
创建了一个名为 push-jobs-client.rb 的配置文件,如下所示:
chef_server_url 'https://chef.XXXXX.com/organizations/XXXXX' node_name 'default-macos-1013' client_key '/opt/chef/embedded/ssl/cert.pem' trusted_certs_dir '/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/spec/data/trusted_certs' verify_api_cert true ssl_verify_mode :verify_peer allow_unencrypted true log_level :info log_location STDOUT whitelist({"chef-client"=>"chef-client"}) Mixlib::Log::Formatter.show_time = false
运行 这个命令:
/usr/local/bin/pushy-client -c push-jobs-client.rb
错误信息:
/opt/push-jobs-client/embedded/lib/ruby/gems/2.4.0/gems/opscode-pushy-client-2.4.8/lib/pushy_client.rb:236:in `rescue in get_config': Could not download push jobs config (RuntimeError)
日志:
INFO: [jenkins03] Setting reconfigure deadline to 2018-05-04 12:05:31
+0200
INFO: [jenkins03] using config file path: '/opt/push-jobs-client/push-jobs-client.rb'
INFO: [jenkins03] Using node name: jenkins03
INFO: [jenkins03] Using org name: XXXXX
INFO: [jenkins03] Using Chef server: https://chef.XXXXX.com/organizations/XXXXX
INFO: [jenkins03] Using private key: /opt/chef/embedded/ssl/cert.pem
INFO: [jenkins03] Incarnation ID: 633f168d-c8c0-469e-a9c0-8d6658b3b3d5
INFO: [jenkins03] Allowing fallback to unencrypted connection: true
INFO: [jenkins03] Starting client ...
INFO: [jenkins03] Retrieving configuration from https://chef.XXXXX.com/organizations/XXXXX//pushy/config/jenkins03: ...
INFO: Could not download push jobs config
看起来连接和身份验证是成功的,但由于某些原因,push-jobs-client 无法从服务器检索配置。
我尝试直接在节点上的浏览器中手动从日志中获取 URL,我在浏览器中看到了 window:
{"error":["missing required authentication header(s) 'X-Ops-UserId', 'X-Ops-Timestamp', 'X-Ops-Sign', 'X-Ops-Content-Hash'"]}
所以我想知道我是否在配置中做错了什么?或者它可能是 macOS 的 push-jobs-client 中的错误?
我发现 /opt/chef/embedded/ssl/cert.pem 的 client_key 不是厨师服务器签名的 cient_key。在 /etc/chef/client.pem
找到了正确的客户端密钥现在一切正常,但我会在这里留下答案,以防其他人遇到类似问题。