我正在尝试使用自定义模板进行引导。这是我正在使用的引导命令
knife bootstrap 1.2.3.4 -t D:\chef-starter\chef-repo\.chef\bootstrap\chefbootstrap-linux.erb -x root -P XXXX -N chefclientrhel -r "recipe[starter]" -j '{"bootstrap_directory":"/etc/chef/prod/prov","chef_client_package":"/tmp/chef-13.6.4-1.el7.x86_64.rpm","instance_id":"12345-678910"}'
这是我的相关代码模板。还有其他一些与此问题无关的代码,因此被跳过。
bash -c '
<%= "export http_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%>
<%# Get bootstrap command-line attributes (from -j flag) -%>
<% if @config[:first_boot_attributes]['chef_client_package'] -%>
chef_client_rpm="<%= @config[:first_boot_attributes]['chef_client_package'] %>"
<% else -%>
chef_client_rpm="/etc/chef/chef-11.12.4-1.el6.x86_64.rpm"
<% end -%>
<% if @config[:first_boot_attributes]['bootstrap_directory'] -%>
<% bootstrap_directory = @config[:first_boot_attributes]['bootstrap_directory'] -%>
<% else -%>
<% bootstrap_directory = "/etc/chef/chefdefault" -%>
<% end -%>
bootstrap_directory=<%= bootstrap_directory %>
awk NF > <%= bootstrap_directory %>/validation.pem <<'EOP'
<%= validation_key %>
EOP
chmod 0600 <%= bootstrap_directory %>/validation.pem
<% if @chef_config[:encrypted_data_bag_secret] -%>
awk NF > <%= bootstrap_directory %>/encrypted_data_bag_secret <<'EOP'
<%= encrypted_data_bag_secret %>
EOP
chmod 0600 <%= bootstrap_directory %>/encrypted_data_bag_secret
<% end -%>
<% # Find the trusted_certs directory relative to the directory containing
# the config_file (knife.rb). Use the first *.crt file from that directory. -%>
<% cert_path = Dir[File.dirname(@config[:config_file]) + "/trusted_certs/*.crt"][0] -%>
<% cert_file = cert_path[cert_path.rindex('/')+1..-1] -%>
echo Writing server cert file <%= cert_file %> to trusted_certs...
mkdir -p <%= bootstrap_directory %>/trusted_certs
cat > <%= bootstrap_directory %>/trusted_certs/<%= cert_file %> <<'EOP'
<%= ::File.read(cert_path) %>
EOP
echo Server cert file written.
<% #customize client.rb file, e.g. specify log file and level etc, replace original input for var config_content -%>
<%
client_rb = config_content
client_rb.gsub!(':auto',':info')
client_rb.gsub!("/etc/chef" ,bootstrap_directory + "/")
puts client_rb
-%>
cat > <%= bootstrap_directory %>/client.rb <<'EOP'
<%= client_rb %>
ssl_verify_mode :verify_peer
log_level :info
<%= "client_key \"" + bootstrap_directory + "/client.pem\"" %>
<%= "validation_key \"" + bootstrap_directory + "/validation1.pem\"" %>
<%= "http_retry_count 5" %>
<%= "http_retry_delay 5" %>
<%= "rest_timeout 300" %>
<%= "require \"" + bootstrap_directory + "/SuccessReport.rb\"" %>
<%= "require \"" + bootstrap_directory + "/FailureReport.rb\"" %>
<%= "report_handlers << SuccessReport::RunningResults.new" %>
<%= "exception_handlers << FailureReport::RunningResults.new" %>
EOP
<% # Double any backslashes to solve Linux-only problem where half are getting lost on way to first-boot.json -%>
cat > <%= bootstrap_directory %>/first-boot.json <<'EOP'
<%= first_boot.to_json.gsub('$','\$').gsub('\\', '\\\\\\\\') %>
EOP
<% # customize to sub out the old bootstrap directory -%>
<%
new_start_chef = "/usr/bin/sudo -n " + start_chef
new_start_chef.gsub!("/etc/chef/" ,bootstrap_directory + "/")
new_start_chef.gsub!("-j" , "-c " +bootstrap_directory + "/client.rb -j")
-%>
echo <%= new_start_chef %>
<%= new_start_chef %>'
每次我在引导时出现以下错误
ERROR: The file /etc/chef/prod/prov/validation.pem or :raw_key option does not contain a correctly formatted private key.
当我打开validation.pem时,它中有false。就这样。我不知道为什么会这样。在我的厨师服务器上,我使用以下命令创建了组织
chef-server-ctl org-create my 'For customer my' --association_user user1 --filename my-validator.pem
我尝试将my-validator.pem文件压缩到chef服务器上的/ etc / chef目录并重命名为validation.pem,但仍然没有在客户端上复制正确的验证文件。知道为什么吗?
答案 0 :(得分:0)
好吧我弄明白了这个问题。问题是knife.rb和bootstrap命令都没有validation_key。将validation_key添加到knife.rb之后,我在节点上正确获得了validation.pem文件。虽然我在引导时仍然遇到401错误。