所以我在Ubnuntu 12.04上使用Linux操作系统上运行Chef-Solo。我的最终目标是使用Chef部署Islandora / Drupal的实例。但是,目前,我没有取得多大成功。这是我运行的命令:
knife solo prepare [user name]@[server name]
给了我这个输出:
WARNING: No knife configuration file found
Bootstrapping Chef...
Enter the password for biblio@giada:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 15934 100 15934 0 0 47449 0 --:--:-- --:--:-- --:--:-- 70504
Downloading Chef 11.12.2 for ubuntu...
downloading https://www.opscode.com /chef/metadata?v=11.12.2&prerelease=false&
nightlies=false&p=ubuntu&pv=12.04&m=x86_64
to file /tmp/install.sh.14381/metadata.txt
trying wget...
url https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.12.2-1_amd64.deb
md5 cedd8a2df60a706e51f58adf8441971b
sha256 af53e7ef602be6228dcbf68298e2613d3f37eb061975992abc6cd2d318e4a0c0
downloaded metadata file looks valid...
downloading https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.0/x86_64/chef_11.12.2-1_amd64.deb
to file /tmp/install.sh.14381/chef_11.12.2-1_amd64.deb
trying wget...
Comparing checksum with sha256sum...
Installing Chef 11.12.2
installing with dpkg...
(Reading database ... 72031 files and directories currently installed.)
Preparing to replace chef 11.12.2-1 (using .../chef_11.12.2-1_amd64.deb) ...
Unpacking replacement chef ...
Setting up chef (11.12.2-1) ...
Thank you for installing Chef!
Generating node config 'nodes/giada.json'...
然后我跑这个:
knife solo cook [user name]@[server name]
......我明白了:
WARNING: No knife configuration file found
WARNING: solo.rb found, but since knife-solo v0.3.0 it is not used any more
WARNING: Please read the upgrade instructions: https://github.com/matschaffer/knife-solo/wiki/Upgrading-to-0.3.0
Running Chef on [server name]...
Checking Chef version...
Enter the password for [user name]@[server name]:
Uploading the kitchen...
[user name]@[server name]'s password:
WARNING: Local cookbook_path '/etc/chef/cookbooks' does not exist
[user name]@[server name]'s password:
[user name]@[server name]'s password:
WARNING: Local role_path './roles' does not exist
WARNING: Local data_bag_path './data_bags' does not exist
WARNING: Local environment_path './environments' does not exist
Generating solo config...
[user name]@[server name]'s password:
Running Chef...
[2014-05-01T12:56:51-04:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.
To fix this issue add an entry like this to your configuration file:
```
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer
# OR, Verify only connections to chef-server
verify_api_cert true
```
To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:
```
knife ssl check -c /home/biblio/chef-solo/solo.rb
```
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Starting Chef Client, version 11.12.2
Compiling Cookbooks...
Converging 0 resources
Running handlers:
Running handlers complete
Chef Client finished, 0/0 resources updated in 2.278793398 seconds
在上述情况下,我以root身份运行。根据Opscode的文档,一切都应该是它的所在。但就我的思维方式而言,这些警告告诉我一些事情并非如此。谁能告诉我我失踪了什么?谢谢!
答案 0 :(得分:1)
在运行knife solo命令的文件夹中,您需要另一个带有刀配置文件的隐藏文件夹。又名
.chef / knife.rb - 这必须包括您的刀具设置。这是我的。
cookbook_path "cookbooks"
node_path "nodes"
role_path "roles"
knife[:berkshelf_path] = "cookbooks"
knife[:aws_access_key_id] = "#{ENV['AWS_ACCESS_KEY_ID']}"
knife[:aws_secret_access_key] = "#{ENV['AWS_SECRET_ACCESS_KEY']}"
knife[:region] = "#{ENV['EC2_REGION']}"
knife[:availability_zone] = "#{ENV['EC2_AVAILABILITY_ZONE']}"
knife[:ssh_user] = "ubuntu"
knife[:groups] = "default"
knife[:solo] = true
正如您所看到的,我正在使用环境变量(ENV),所以我将其检查到版本控制而不暴露秘密。要在OSX或Linux中执行此操作,您需要编辑〜/ .bash_profile以及每个变量;
export AWS_ACCESS_KEY_ID=REAL_KEY_GOES_HERE
然后通过运行来源它,源〜/ .bash_profile。
另一个有用的准备参数是--run-list'role [role-name]',因此当你运行cook时它会自动使用正确的角色。
答案 1 :(得分:0)
我曾经遇到过这个错误,因为我的dna.json错了。一些双引号不匹配。 所以首先我尝试做他们建议的事情(将ssl_verify_mode:verify_peer添加到配置文件中),这没有任何区别;然后我知道这个消息只是误导。