我们使用AWS管理的Chef服务器在AWS上使用Terraform Chef配置器。 Terraform能够:
Chef-client达到生成私钥的程度,然后出现此错误:
aws_instance.machine (chef): ERROR: Not Allowed
aws_instance.machine (chef): Response: <html>
aws_instance.machine (chef): <head><title>405 Not Allowed</title></head>
aws_instance.machine (chef): <body bgcolor="white">
aws_instance.machine (chef): <center><h1>405 Not Allowed</h1></center>
aws_instance.machine (chef): <hr><center>nginx</center>
aws_instance.machine (chef): </body>
aws_instance.machine (chef): </html>
以下是配置:
provider "aws" { }
resource "aws_instance" "test" {
ami = "ami-xxxxxxxx"
instance_type = "t2.micro"
vpc_security_group_ids = ["sg-xxxxxxx"]
subnet_id = "subnet-xxxxxx"
key_name = "Test"
tags {
Name = "test"
}
provisioner "chef" {
server_url = "https://<chef server url>"
user_name = "user"
user_key = "${file("~/.chef/user.pem")}"
node_name = "test"
run_list = ["role[app]"]
on_failure = "continue"
recreate_client = true
version = "12.16.42"
fetch_chef_certificates = false
ssl_verify_mode = ":verify_none"
environment = "test"
client_options = [
"verbose_logging = true"
]
}
connection {
type = "ssh"
user = "ssh-user"
private_key = "${file("../keys/ssh-user.pem")}"
bastion_host = "1.1.1.1"
}
}
导致此错误的原因是什么?如何修复?
提前致谢!
修改
我启用了Terraform日志记录TF_LOG=1,发现主厨客户端正在尝试引用不在节点上的PEM文件:
sudo knife client show test -c /etc/chef/client.rb -u user --key /etc/chef/user.pem > /dev/null 2>&1
和
sudo knife client create test -d -f /etc/chef/client.pem -c /etc/chef/client.rb -u user --key /etc/chef/user.pem