chef server reconfigure error - 用户名不能包含“<”或以“[”开头

时间:2017-07-07 03:14:14

标签: ruby postgresql chef

我正在尝试将Chef服务器12.15安装到RHEL7.3上,作为一个没有连接到Internet的独立服务器。

通过rpm安装后,我将以下行添加到/etc/opscode/chef-server.rb

# cat /etc/opscode/chef-server.rb 
bootstrap['enable']=false
oc_chef_pedant['debug_org_creation']=true

在全新安装Chef Server后运行chef-server-ctl reconfigure

然后,我运行chef-server-ctl reconfigure,并发生以下输出。 根据我的理解,主要错误似乎是User name may not contain "<" or start with "[",但我不知道为什么会插入包含其中一个字符的用户。

# chef-server-ctl reconfigure
... (apparently successful up through 'Recipe: private-chef::erchef_database'
Recipe: private-chef::bifrost_database
  * private_chef_pg_user[bifrost] action create
    - Create PostgreSQL user bifrost
    -   Set password
  * private_chef_pg_user[bifrost_ro] action create
    - Create PostgreSQL user bifrost_ro
    -   Set password
  * private_chef_pg_database[bifrost] action create
    - Create database bifrost
  * private_chef_pg_sqitch[/opt/opscode/embedded/service/oc_bifrost/db] action deploy
    - Deploying schema from /opt/opscode/embedded/service/oc_bifrost/db
    * execute[sqitch_deploy_/opt/opscode/embedded/service/oc_bifrost/db] action run

      ================================================================================
      Error executing action `run` on resource 'execute[sqitch_deploy_/opt/opscode/embedded/service/oc_bifrost/db]'
      ================================================================================

      Mixlib::ShellOut::ShellCommandFailed
      ------------------------------------
      Expected process to exit with [0, 1], but received '2'
      ---- Begin output of sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify ----
      STDOUT: Adding metadata tables to bifrost
      STDERR: User name may not contain "<" or start with "["
      ---- End output of sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify ----
      Ran sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify returned 2

      Resource Declaration:
      ---------------------
      # In /var/opt/opscode/local-mode-cache/cookbooks/private-chef/providers/pg_sqitch.rb

       11:     execute "sqitch_deploy_#{new_resource.name}" do
       12:       command <<-EOM.gsub(/\s+/," ").strip!
       13:         sqitch --engine pg
       14:                --db-name #{new_resource.database}
       15:                --db-host #{new_resource.hostname}
       16:                --db-port #{new_resource.port}
       17:                --db-user #{new_resource.username}
       18:                --top-dir #{new_resource.name}
       19:                deploy #{target} --verify
       20:       EOM
       21:       environment "PERL5LIB" => "", # force us to use omnibus perl
       22:                   "PGPASSWORD" => new_resource.password
       23:
       24:       # Sqitch Return Codes
       25:       # 0 - when changes are applied
       26:       # 1 - when everything is ok but no changes were made
       27:       # 2(+?) - when an error occurs.
       28:       returns [0,1]
       29:     end
       30:   end

      Compiled Resource:
      ------------------
      # Declared in /var/opt/opscode/local-mode-cache/cookbooks/private-chef/providers/pg_sqitch.rb:11:in `block (2 levels) in class_from_file'

      execute("sqitch_deploy_/opt/opscode/embedded/service/oc_bifrost/db") do
        action [:run]
        retries 0
        retry_delay 2
        default_guard_interpreter :execute
        command "sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify"
        backup 5
        environment {"PERL5LIB"=>"", "PGPASSWORD"=>"50c444fb5d49a81e73e8412e4cc5b33ffe51e249ebd509731cbec7d44e3e7a5a03b8b054eeddce00e6fe352c02b9ce41d39d"}
        returns [0, 1]
        user nil
        declared_type :execute
        cookbook_name "private-chef"
      end

      Platform:
      ---------
      x86_64-linux


    ================================================================================
    Error executing action `deploy` on resource 'private_chef_pg_sqitch[/opt/opscode/embedded/service/oc_bifrost/db]'
    ================================================================================

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    execute[sqitch_deploy_/opt/opscode/embedded/service/oc_bifrost/db] (/var/opt/opscode/local-mode-cache/cookbooks/private-chef/providers/pg_sqitch.rb line 11) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0, 1], but received '2'
    ---- Begin output of sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify ----
    STDOUT: Adding metadata tables to bifrost
    STDERR: User name may not contain "<" or start with "["
    ---- End output of sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify ----
    Ran sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify returned 2

    Resource Declaration:
    ---------------------
    # In /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/bifrost_database.rb

     42: private_chef_pg_sqitch "/opt/opscode/embedded/service/oc_bifrost/db" do
     43:   hostname postgres_attrs['vip']
     44:   port     postgres_attrs['port']
     45:   username  postgres_attrs['db_superuser']
     46:   password PrivateChef.credentials.get('postgresql', 'db_superuser_password')
     47:   database "bifrost"
     48:   action :nothing
     49: end

    Compiled Resource:
    ------------------
    # Declared in /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/bifrost_database.rb:42:in `from_file'

    private_chef_pg_sqitch("/opt/opscode/embedded/service/oc_bifrost/db") do
      action [:nothing]
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      declared_type :private_chef_pg_sqitch
      cookbook_name "private-chef"
      recipe_name "bifrost_database"
      hostname "127.0.0.1"
      port 5432
      username "opscode-pgsql"
      password "50c444fb5d49a81e73e8412e4cc5b33ffe51e249ebd509731cbec7d44e3e7a5a03b8b054eeddce00e6fe352c02b9ce41d39d"
      database "bifrost"
    end

    Platform:
    ---------
    x86_64-linux


Running handlers:
Running handlers complete
Chef Client failed. 17 resources updated in 33 seconds
[2017-07-07T11:34:23+09:00] FATAL: Stacktrace dumped to /var/opt/opscode/local-mode-cache/chef-stacktrace.out
[2017-07-07T11:34:23+09:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-07-07T11:34:23+09:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: private_chef_pg_sqitch[/opt/opscode/embedded/service/oc_bifrost/db] (private-chef::bifrost_database line 42) had an error: Mixlib::ShellOut::ShellCommandFailed: execute[sqitch_deploy_/opt/opscode/embedded/service/oc_bifrost/db] (/var/opt/opscode/local-mode-cache/cookbooks/private-chef/providers/pg_sqitch.rb line 11) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0, 1], but received '2'
---- Begin output of sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify ----
STDOUT: Adding metadata tables to bifrost
STDERR: User name may not contain "<" or start with "["
---- End output of sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify ----
Ran sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_bifrost/db deploy --verify returned 2

有谁知道上述错误的原因是什么?我该如何解决?

任何细节都将受到赞赏,例如应该创建什么用户。我不懂Ruby语言,所以不幸的是,查看源代码并没有那么富有成效。

作为更多信息,可能有用且相关,在我试图安装它时,在版本12.14之前出现了这个问题,并且在运行reconfigure 3次之后,最终它显然没有任何更改配置,但由于神秘的http 500 /数据库错误,我无法添加管理员用户。 (有关可能相关问题的详细信息,请参阅Chef forum上的帖子。

没有听到对上述帖子的回复,我尝试卸载12.14并从头开始用12.15,只是发现同样的问题被重现。

帮助表示赞赏。

更新

正如从版本12.14的相同问题所预期的那样,在第三次运行chef-server-cfg reconfigure之后,命令成功完成,输出如下:

Deprecated features used!
  An attempt was made to change sysvinit_id from "SV" to nil by calling sysvinit_id(nil). In Chef 12, this does a get rather
    - /var/opt/opscode/local-mode-cache/cookbooks/enterprise/recipes/runit.rb:31:in `block in from_file'
   See https://docs.chef.io/deprecations_custom_resource_cleanups.html for further details.
  Cloning resource attributes for runit_service[redis_lb] from prior resource
Previous runit_service[redis_lb]: /var/opt/opscode/local-mode-cache/cookbooks/enterprise/definitions/component_runit_service.
Current  runit_service[redis_lb]: /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/redis_lb.rb:83:in `from_fi
    - /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/redis_lb.rb:83:in `from_file'
   See https://docs.chef.io/deprecations_resource_cloning.html for further details.
  Cloning resource attributes for directory[/var/opt/opscode/nginx/etc/addon.d] from prior resource
Previous directory[/var/opt/opscode/nginx/etc/addon.d]: /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/oc_i
Current  directory[/var/opt/opscode/nginx/etc/addon.d]: /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/ngin
    - /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/nginx.rb:35:in `block in from_file'
   See https://docs.chef.io/deprecations_resource_cloning.html for further details.
  Chef::Platform.find_provider_for_node is deprecated at 1 location:
    - /opt/opscode/embedded/lib/ruby/2.2.0/forwardable.rb:188:in `execute_each_resource'
   See https://docs.chef.io/deprecations_chef_platform_methods.html for further details.
  Chef::Platform.find_provider is deprecated at 1 location:
    - /opt/opscode/embedded/lib/ruby/2.2.0/forwardable.rb:188:in `execute_each_resource'
   See https://docs.chef.io/deprecations_chef_platform_methods.html for further details.
  Chef::Platform.find is deprecated at 1 location:
   See https://docs.chef.io/deprecations_chef_platform_methods.html for further details.

Chef Client finished, 385/973 resources updated in 02 minutes 21 seconds
Chef Server Reconfigured!

在显然成功重新配置之后,尝试添加管理员用户失败,内部服务器错误500:

# chef-server-ctl user-create admin admin admin 'username@example.com' 'password'
ERROR: Server returned error 500 for https://127.0.0.1/users/, retrying 1/5 in 4s
ERROR: Server returned error 500 for https://127.0.0.1/users/, retrying 2/5 in 5s
ERROR: Server returned error 500 for https://127.0.0.1/users/, retrying 3/5 in 11s
ERROR: Server returned error 500 for https://127.0.0.1/users/, retrying 4/5 in 30s
ERROR: Server returned error 500 for https://127.0.0.1/users/, retrying 5/5 in 61s
ERROR: internal server error
Response: internal service error

来自time的postgresql的日志显示如下,当时没有其他消息。

# chef-server-ctl tail postgresql
2017-07-07_08:15:31.54798              AND name = $2
2017-07-07_08:15:31.54799              AND expires_at > CURRENT_TIMESTAMP at time zone 'utc'
2017-07-07_08:15:31.54799            ORDER BY type DESC
2017-07-07_08:16:32.56806 ERROR:  relation "keys_by_name" does not exist at character 87
2017-07-07_08:16:32.56810 STATEMENT:  SELECT id, org_id, name, authz_id, type, key_name, public_key, key_version
2017-07-07_08:16:32.56811             FROM keys_by_name
2017-07-07_08:16:32.56811            WHERE (org_id = $1 OR org_id = 'global')
2017-07-07_08:16:32.56811              AND name = $2
2017-07-07_08:16:32.56812              AND expires_at > CURRENT_TIMESTAMP at time zone 'utc'
2017-07-07_08:16:32.56812            ORDER BY type DESC

# grep -r '07_08:16' /var/log/opscode
/var/log/opscode/postgresql/9.2/current:2017-07-07_08:16:32.56806 ERROR:  relation "keys_by_name" does not exist at character 87
/var/log/opscode/postgresql/9.2/current:2017-07-07_08:16:32.56810 STATEMENT:  SELECT id, org_id, name, authz_id, type, key_name, public_key, key_version
/var/log/opscode/postgresql/9.2/current:2017-07-07_08:16:32.56811             FROM keys_by_name
/var/log/opscode/postgresql/9.2/current:2017-07-07_08:16:32.56811            WHERE (org_id = $1 OR org_id = 'global')
/var/log/opscode/postgresql/9.2/current:2017-07-07_08:16:32.56811              AND name = $2
/var/log/opscode/postgresql/9.2/current:2017-07-07_08:16:32.56812              AND expires_at > CURRENT_TIMESTAMP at time zone 'utc'
/var/log/opscode/postgresql/9.2/current:2017-07-07_08:16:32.56812            ORDER BY type DESC
/var/log/opscode/opscode-erchef/current:2017-07-07_08:16:32.57107 [error] {<<"method=POST; path=/users/; status=500; ">>,"Internal Server Error"}

因此,从这一点来看,似乎数据库仍未按应用程序的预期完全构建。不完全清楚此错误是否与先前的错误有关,例如是否可能是症状。

为什么数据库架构/插入查询失败?我该如何解决?

1 个答案:

答案 0 :(得分:0)

事实证明,我切换到root用户的用户FROM的GECOS字段有一个'&lt;'在其中,如下:

# getent passwd origuser
origuser:x:111:111:My Name <username@example.com>:/home/origuser:/bin/bash

该用户名(可能是因为它是执行sudo su -的用户)被sqitch用作默认用户名,用于管理Chef数据库的数据库更改工具/ Perl模块。将堆栈跟踪添加到抛出User name may not contain "<" or start with "["错误的Sqitch.pm部分显示了这么多:

# /opt/opscode/embedded/bin/sqitch --engine pg --db-name bifrost --db-host 127.0.0.1 --db-port 5432 --db-user opscode-pgsql --top-dir /opt/opscode/embedded/service/oc_
Trace begun at /opt/opscode/embedded/lib/perl5/site_perl/5.18.1/App/Sqitch.pm line 32
App::Sqitch::__ANON__('My Name <username@example.com>') called at /opt/opscode/embedded/lib/perl5/site_perl/5.18.1/App/Sqitch/Role/DBIEngine.pm line 321
App::Sqitch::Role::DBIEngine::register_project('App::Sqitch::Engine::pg=HASH(0xd204e0)') called at /opt/opscode/embedded/lib/perl5/site_perl/5.18.1/App/Sqitch/Engine.pm line 130
App::Sqitch::Engine::deploy('App::Sqitch::Engine::pg=HASH(0xd204e0)', undef, 'all', 0) called at /opt/opscode/embedded/lib/perl5/site_perl/5.18.1/App/Sqitch/Command/deploy.pm line 90
App::Sqitch::Command::deploy::execute('App::Sqitch::Command::deploy=HASH(0x3a02f00)') called at /opt/opscode/embedded/lib/perl5/site_perl/5.18.1/App/Sqitch.pm line 311
App::Sqitch::try {...}  at /opt/opscode/embedded/lib/perl5/site_perl/5.18.1/Try/Tiny.pm line 98
eval {...} at /opt/opscode/embedded/lib/perl5/site_perl/5.18.1/Try/Tiny.pm line 94
Try::Tiny::try('CODE(0x39a37e8)', 'Try::Tiny::Catch=REF(0x2aa19c0)') called at /opt/opscode/embedded/lib/perl5/site_perl/5.18.1/App/Sqitch.pm line 325
App::Sqitch::go('App::Sqitch') called at /opt/opscode/embedded/bin/sqitch line 16
User name may not contain "<" or start with "["

(对于用户名的这种选择似乎记录不足至少,但sqitch的制造商承认这是一项正在进行的工作。

无论如何,在从用户名中删除特殊字符后,卸载Chef服务器,包括删除以前创建的所有目录,并重新安装完整的Chef服务器,添加用户的命令成功:

# chef-server-ctl user-create admin admin admin 'username@example.com' 'password'
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

因此,服务器安装和用户看起来很成功,它将进入下一步。

目前还不完全清楚上述与用户名相关的故障如何/是否/为何会导致其他部署问题,但至少上述步骤将解决问题,并且似乎与Chef论坛的常见讨论一致,以重新安装和/或运行reconfigure