我正在尝试在macOS 10.13节点上设置chef-push-jobs客户端。
这是我到目前为止所做的:
创建了一个名为push-jobs-client.rb的配置文件,如下所示:
chef_server_url 'https://chef.XXXXX.com/organizations/XXXXX'
node_name 'default-macos-1013'
client_key '/opt/chef/embedded/ssl/cert.pem'
trusted_certs_dir '/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/spec/data/trusted_certs'
verify_api_cert true
ssl_verify_mode :verify_peer
allow_unencrypted true
log_level :info
log_location STDOUT
whitelist({"chef-client"=>"chef-client"})
Mixlib::Log::Formatter.show_time = false
执行此命令:
/usr/local/bin/pushy-client -c push-jobs-client.rb
错误讯息:
/opt/push-jobs-client/embedded/lib/ruby/gems/2.4.0/gems/opscode-pushy-client-2.4.8/lib/pushy_client.rb:236:in `get in get_config':无法下载推送作业配置 (RuntimeError)
日志:
INFO: [jenkins03] Setting reconfigure deadline to 2018-05-04 12:05:31
+0200
INFO: [jenkins03] using config file path: '/opt/push-jobs-client/push-jobs-client.rb'
INFO: [jenkins03] Using node name: jenkins03
INFO: [jenkins03] Using org name: XXXXX
INFO: [jenkins03] Using Chef server: https://chef.XXXXX.com/organizations/XXXXX
INFO: [jenkins03] Using private key: /opt/chef/embedded/ssl/cert.pem
INFO: [jenkins03] Incarnation ID: 633f168d-c8c0-469e-a9c0-8d6658b3b3d5
INFO: [jenkins03] Allowing fallback to unencrypted connection: true
INFO: [jenkins03] Starting client ...
INFO: [jenkins03] Retrieving configuration from https://chef.XXXXX.com/organizations/XXXXX//pushy/config/jenkins03: ...
INFO: Could not download push jobs config
所以看起来连接和身份验证成功但由于某种原因,push-jobs-client无法从服务器检索配置。
我试图直接在节点上的浏览器中手动从日志中获取URL,我在浏览器窗口中看到了这一点:
{"error":["missing required authentication header(s) 'X-Ops-UserId', 'X-Ops-Timestamp', 'X-Ops-Sign', 'X-Ops-Content-Hash'"]}
所以我想知道我的配置是否有任何错误?或者它可能是macOS的push-jobs-client中的一个错误?
答案 0 :(得分:0)
我发现/opt/chef/embedded/ssl/cert.pem中的client_key不是由chef服务器签名的cient_key。在/etc/chef/client.pem
中找到了正确的客户端密钥现在一切正常,但我会留下答案,以防其他人有类似的问题。