我无法让厨师来引导节点。这是使用自签名证书。
Connecting to 10.100.248.13
10.100.248.13 Starting first Chef Client run...
10.100.248.13 Starting Chef Client, version 12.0.1
10.100.248.13 Creating a new client identity for bh-jb using the validator key.
10.100.248.13 [2014-12-15T19:26:03-08:00] ERROR: SSL Validation failure connecting to host: chefserver.domain.com - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
10.100.248.13
10.100.248.13 ================================================================================
10.100.248.13 Chef encountered an error attempting to create the client "bh-jb"
10.100.248.13 ================================================================================
10.100.248.13
10.100.248.13 [2014-12-15T19:26:03-08:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
10.100.248.13 Chef Client failed. 0 resources updated in 1.776998404 seconds
10.100.248.13 [2014-12-15T19:26:03-08:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
10.100.248.13 [2014-12-15T19:26:03-08:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
刀检查
$ knife ssl check
Connecting to host chefserver.domain.com:443
Successfully verified certificates from `chefserver.domain.com'
这是我的knife.rb文件。
# See http://docs.getchef.com/config_rb_knife.html for more information on knife configuration options
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "epardee"
client_key "#{current_dir}/sysmonuser.pem"
validation_client_name "sysmon-validator"
validation_key "#{current_dir}/sysmon-validator.pem"
chef_server_url "https://chefserver.domain.com/organizations/sysmon"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
下载最新版本的Chef DK
$ chef -v
Chef Development Kit Version: 0.3.5
$ knife -v
Chef: 11.18.0.rc.1
我花了一整天的时间试图解决这个问题。
答案 0 :(得分:1)
您在工作站上使用Chef 12吗?如果是这样,它应copy over the trusted certs for you。这是Chef 12中的一个新功能,所以如果你仍然在11或12的预发行版本就可以做到这一点。否则,请尝试从目标节点而不是工作站运行ssl检查。
答案 1 :(得分:0)
我相信这就是您所寻找的:Chef 12: Fix Untrusted Self Signed Certificates
厨师昨天发表了上述文章。 Chef服务器12默认启用SSL验证。并且Chef server 12附带的SSL证书是自签名证书,您必须信任这些证书,如上文所述。