我有一个我无法解决的奇怪问题。我有一个Puppet环境,通过/etc/puppet/node.rb脚本使用Foreman作为ENC。主人正在为大约一百台主机提供服务。除了三个主机外,所有主机都运行良
触发在受影响的三台主机上运行目录时遇到的错误如下:
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Failed when searching for node myhost.mydomain.foo.bar: Failed to find myhost.mydomain.foo.bar via exec: Execution of '/etc/puppet/node.rb myhost.mydomain.foo.bar' returned :
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
手动运行/etc/puppet/node.rb myhost.mydomain.foo.bar返回:
---
classes:
bash:
common_packages:
cron:
customfacts:
fail2ban:
ntp:
puppet:
resolvconf:
ssh:
sysctl:
syslog_ng:
yum_repos:
zabbix:
parameters:
puppetmaster: mymaster.mydomain.foo.bar
hostgroup: Base/App servers
root_pw:
foreman_env: production
owner_name: Admin User
owner_email: devops@mydomain.foo.bar
foreman_subnets: []
foreman_interfaces:
- mac:
ip:
type: Interface
name: myhost.mydomain.foo.bar
attrs: {}
virtual: false
link: true
identifier: ''
managed: true
primary: true
provision: true
subnet:
environment: production
使用curl从master中获取节点定义可以正常工作:
curl -k -H 'Accept: pson' --cert /var/lib/puppet/ssl/certs/$(hostname -f).pem --key /var/lib/puppet/ssl/private_keys/$(hostname -f).pem "https://mymaster.mydomain.foo.bar:8140/production/node/$(hostname -f)?transaction_uuid=701fa6a0-3240-42f6-8ea1-209b86535dec&fail_on_404=true"
使用curl从master中获取目录也可以正常工作(这将返回一个庞大的,未格式化的目录):
curl -k -H 'Accept: pson' --cert /var/lib/puppet/ssl/certs/$(hostname -f).pem --key /var/lib/puppet/ssl/private_keys/$(hostname -f).pem "https://mymaster.mydomain.foo.bar:8140/production/catalog/$(hostname -f)"
通过执行
手动编译主服务器上的目录puppet master --compile myhost.mydomain.foo.bar > /tmp/myhost.mydomain.foo.bar.json
将json文件复制到代理上的以下位置:
/var/lib/puppet/client_data/catalog/
然后手动应用它:
puppet catalog apply --server=mymaster.mydomain.foo.bar --verbose --terminus=json
触发正确的目录运行。
我的代理的配置如下所示(所有主机都是一样的):
# This file is managed by Puppet
# Please do not edit this file
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
ca_server = myforeman.mydomain.foo.bar
server = mymaster.mydomain.foo.bar
environment = production
report = true
runinterval = 600
usecacheonfailure = true
我的主人配置如下:
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
autosign = $confdir/autosign.conf { mode = 664 }
show_diff = false
hiera_config = $confdir/hiera.yaml
environmentpath = /etc/puppet/environments
basemodulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
default_schedules = false
report = true
pluginsync = true
masterport = 8140
environment = production
certname = mymaster.mydomain.foo.bar
server = myforeman.mydomain.foo.bar
listen = false
splay = false
splaylimit = 1800
runinterval = 600
noop = false
configtimeout = 120
usecacheonfailure = true
[master]
autosign = $confdir/autosign.conf { mode = 664 }
reports = log, foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec
ca = false
ssldir = /var/lib/puppet/ssl
certname = mymaster.mydomain.foo.bar
parser = current
strict_variables = false
/etc/puppet/foreman.yaml配置如下:
---
:url: "https://myforeman.mydomain.foo.bar"
:ssl_ca: "/var/lib/puppet/ssl/certs/ca.pem"
:ssl_cert: "/var/lib/puppet/ssl/certs/mymaster.mydomain.foo.bar.pem"
:ssl_key: "/var/lib/puppet/ssl/private_keys/myforeman.mydomain.foo.bar.pem"
:user: "admin"
:password: "mypassword"
:puppetdir: "/var/lib/puppet"
:puppetuser: "puppet"
:facts: true
:timeout: 10
:threads: null
任何建议或协助都将受到高度赞赏!
更新:我在下面列出了Foreman的production.log中的一些信息。
Started GET "/node/myhost.mydomain.foo.bar?format=yml" for 172.16.2.109 at 2016-07-14 07:43:44 +0200
2016-07-14 07:43:44 [I] Processing by HostsController#externalNodes as YML
2016-07-14 07:43:44 [I] Parameters: {"name"=>"myhost.mydomain.foo.bar"}
2016-07-14 07:43:44 [I] Completed 201 Created in 283ms (Views: 11.0ms | ActiveRecord: 0.0ms)
2016-07-14 07:43:44 [I]
Started POST "/api/hosts/facts" for 172.16.2.109 at 2016-07-14 07:43:47 +0200
2016-07-14 07:43:47 [I] Processing by Api::V2::HostsController#facts as JSON
2016-07-14 07:43:47 [I] Parameters: {"certname"=>"myhost.mydomain.foo.bar", "name"=>"myhost.mydomain.foo.bar", "facts"=>"[FILTERED]", "apiv"=>"v2", :host=>{"name"=>"myhost.mydomain.foo.bar", "certname"=>"myhost.mydomain.foo.bar"}}
2016-07-14 07:43:47 [I] Import facts for 'myhost.mydomain.foo.bar' completed. Added: 1, Updated: 6, Deleted 0 facts
2016-07-14 07:43:49 [I]
Started POST "/api/reports" for 172.16.2.109 at 2016-07-14 07:44:48 +0200
2016-07-14 07:44:48 [I] Processing by Api::V2::ReportsController#create as JSON
2016-07-14 07:44:48 [I] Parameters: {"report"=>"[FILTERED]", "apiv"=>"v2"}
2016-07-14 07:44:48 [I] processing report for myhost.mydomain.foo.bar
2016-07-14 07:44:48 [I] Rendered dashboard/_reports_widget.html.erb (80.0ms)
2016-07-14 07:44:48 [I] Rendered dashboard/_distribution_widget.html.erb (38.4ms)
2016-07-14 07:44:48 [I] Rendered dashboard/index.html.erb within layouts/application (125.4ms)
2016-07-14 07:44:48 [I] Rendered common/_searchbar.html.erb (2.9ms)
2016-07-14 07:44:48 [I] Rendered home/_user_dropdown.html.erb (1.0ms)
2016-07-14 07:44:48 [I] Read fragment views/tabs_and_title_records-3 (0.1ms)
2016-07-14 07:44:48 [I] Rendered home/_topbar.html.erb (1.8ms)
2016-07-14 07:44:48 [I] Rendered layouts/base.html.erb (2.8ms)
2016-07-14 07:44:48 [I] Completed 200 OK in 185ms (Views: 41.9ms | ActiveRecord: 117.8ms)
2016-07-14 07:44:48 [I] Imported report for myhost.mydomain.foo.bar in 0.12 seconds
2016-07-14 07:44:48 [I] Completed 201 Created in 135ms (Views: 1.0ms | ActiveRecord: 0.0ms)
2016-07-14 07:44:51 [I]