Windows上的chef-client因NoSuchMethodError而失败

Question

先决条件

• Chef Sever正在与节点/工作站
相同的隔离网络上托管的虚拟机上运行
• 网络确实需要代理才能与互联网上的服务进行通信

问题

在Windows上引导特定节点后尝试运行'chef-client'会导致： -

knife winrm <machine> chef-client -m -x <user> -P <password> --verbose

[2017-03-15T07:48:28+00:00] INFO: *** Chef 12.19.36 ***
[2017-03-15T07:48:28+00:00] INFO: Platform: x64-mingw32
[2017-03-15T07:48:28+00:00] INFO: Chef-client pid: 16184
[2017-03-15T07:48:50+00:00] INFO: Client key C:\chef\client.pem is not present - registering
[2017-03-15T07:48:50+00:00] ERROR: Running exception handlers
[2017-03-15T07:48:50+00:00] ERROR: Exception handlers complete
[2017-03-15T07:48:50+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
[2017-03-15T07:48:50+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-03-15T07:48:50+00:00] FATAL: NoMethodError: undefined method `closed?' for nil:NilClass
Did you mean?  clone

正确地说，它没有找到client.pem并且第一次使用验证器但是在读取堆栈跟踪时，我可以看到根本原因是机器无法从厨师服务器获取私钥。见下文： -

>>>> Caused by Net::HTTPServerException: 407 "Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )"
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:120:in `error!'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:129:in `value'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:920:in `connect'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:852:in `start'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:1398:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http/basic_client.rb:70:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:340:in `block in send_http_request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:372:in `block in retrying_http_errors'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:370:in `loop'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:370:in `retrying_http_errors'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:333:in `send_http_request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:148:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:131:in `post'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:96:in `create'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:87:in `create_or_update'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:58:in `run'

我尝试了什么？

从厨师服务器手动创建和下载私钥 - 仍然可以在稍后阶段获得407。这让我相信实际上存在一些代理问题但是我能够从节点上与厨师服务器进行良好的沟通

我使用域控制器的凭据运行WinRM命令，因此我确定不存在权限，并且已在节点上启用了以下WinRM设置。

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig -transport:http
cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}
cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="3000"}
cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}
cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}
cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}
cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"}
cmd.exe /c netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any
cmd.exe /c net stop winrm 
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm 

更新在机器本地运行chef-client，甚至没有使用WinRM导致相同的错误。 在帖子中保留WinRM设置和命令以供历史参考

Knife.rb

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                "admin"
client_key               "#{current_dir}/admin_user.pem"
validation_client_name   'org-validator'
validation_key           "#{current_dir}/org-validator.pem"
chef_server_url          "https://chef.fqdn/organizations/org"
cookbook_path            ["#{current_dir}/../cookbooks"]

由bootstrap流程创建的Client.rb

log_level        :info
log_location     STDOUT

chef_server_url  "https://chef.fqdn/organizations/org"
validation_client_name "org-validator"

file_cache_path   "c:/chef/cache"
file_backup_path  "c:/chef/backup"
cache_options     ({:path => "c:/chef/cache/checksums", :skip_expires => true})

# Using default node name (fqdn)
trusted_certs_dir "c:/chef/trusted_certs"

值得注意的是，我在网络上的任何其他计算机上都没有遇到此问题。我很难找到来自chef-client或chef-server的更多调试信息。

ANSWER

如接受的答案中所述，该机器在Windows环境变量中设置了HTTP_PROXY，厨师会识别并尝试使用这些变量。解决方案是将no_proxy添加到client.rb或删除HTTP_PROXY环境变量。

no_proxy 'chef.fqdn'

Answer 1

如果Chef不需要代理，请取消设置代理环境变量或适当设置no_proxy。