1

所以我在 Ubnuntu 12.04 上运行 Chef-Solo,并在 puTTy 上运行 Linux 操作系统。我的最终目标是使用 Chef 部署 Islandora/Drupal 的实例。但是,目前,我并没有取得太大的成功。这是我运行的命令:

knife solo prepare [user name]@[server name]

这给了我这个输出:

WARNING: No knife configuration file found
Bootstrapping Chef...
Enter the password for biblio@giada:
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100 15934  100 15934    0     0  47449      0 --:--:-- --:--:-- --:--:-- 70504

Downloading Chef 11.12.2 for ubuntu...
downloading https://www.opscode.com      /chef/metadata?v=11.12.2&prerelease=false&
nightlies=false&p=ubuntu&pv=12.04&m=x86_64
  to file /tmp/install.sh.14381/metadata.txt
trying wget...
url     https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.12.2-1_amd64.deb
md5     cedd8a2df60a706e51f58adf8441971b
sha256  af53e7ef602be6228dcbf68298e2613d3f37eb061975992abc6cd2d318e4a0c0
downloaded metadata file looks valid...
     downloading https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.0/x86_64/chef_11.12.2-1_amd64.deb
  to file /tmp/install.sh.14381/chef_11.12.2-1_amd64.deb
trying wget...
Comparing checksum with sha256sum...
Installing Chef 11.12.2
installing with dpkg...
(Reading database ... 72031 files and directories currently installed.)
Preparing to replace chef 11.12.2-1 (using .../chef_11.12.2-1_amd64.deb) ...
Unpacking replacement chef ...
Setting up chef (11.12.2-1) ...
Thank you for installing Chef!
Generating node config 'nodes/giada.json'...

然后当我运行这个:

knife solo cook [user name]@[server name]

...我明白了:

WARNING: No knife configuration file found
WARNING: solo.rb found, but since knife-solo v0.3.0 it is not used any more
WARNING: Please read the upgrade instructions: https://github.com/matschaffer/knife-solo/wiki/Upgrading-to-0.3.0
Running Chef on [server name]...
Checking Chef version...
Enter the password for [user name]@[server name]:
Uploading the kitchen...
[user name]@[server name]'s password:
WARNING: Local cookbook_path '/etc/chef/cookbooks' does not exist
[user name]@[server name]'s password:
[user name]@[server name]'s password:
WARNING: Local role_path './roles' does not exist
WARNING: Local data_bag_path './data_bags' does not exist
WARNING: Local environment_path './environments' does not exist
Generating solo config...
[user name]@[server name]'s password:
Running Chef...

[2014-05-01T12:56:51-04:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

```
  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

   # OR, Verify only connections to chef-server
   verify_api_cert true
 ```

To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:

```
   knife ssl check -c /home/biblio/chef-solo/solo.rb
 ```

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Starting Chef Client, version 11.12.2
Compiling Cookbooks...
Converging 0 resources

Running handlers:
Running handlers complete

Chef Client finished, 0/0 resources updated in 2.278793398 seconds

在上述情况下,我以 root 身份运行。根据 Opscode 的文档,一切都在它应该在的地方。但以我的思维方式,这些警告告诉我有些事情不应该是这样。谁能告诉我我错过了什么?谢谢!

4

2 回答 2

1

在您运行刀独奏命令的文件夹中,您需要有另一个带有刀配置文件的隐藏文件夹。又名

.chef/knife.rb - 这必须包括您的刀具设置。这是我的。

   cookbook_path    "cookbooks"
   node_path        "nodes"
   role_path        "roles"

   knife[:berkshelf_path]          = "cookbooks"
   knife[:aws_access_key_id]       = "#{ENV['AWS_ACCESS_KEY_ID']}"
   knife[:aws_secret_access_key]   = "#{ENV['AWS_SECRET_ACCESS_KEY']}"
   knife[:region]                  = "#{ENV['EC2_REGION']}"
   knife[:availability_zone]       = "#{ENV['EC2_AVAILABILITY_ZONE']}"
   knife[:ssh_user]                = "ubuntu"
   knife[:groups]                  = "default"
   knife[:solo]                    = true

如您所见,我正在使用环境变量 (ENV),因此我将其检查到版本控制中而不暴露秘密。要在 OSX 或 Linux 中执行此操作,您需要编辑 ~/.bash_profile 和每个变量;

   export AWS_ACCESS_KEY_ID=REAL_KEY_GOES_HERE

然后通过运行 source ~/.bash_profile 来获取它。

还有一个有用的准备参数是 --run-list 'role[role-name]' 所以当你运行厨师时它会自动使用正确的角色。

于 2014-05-07T20:08:14.477 回答
0

我曾经收到此错误,因为我的 dna.json 错误。一些双引号不匹配。所以首先我尝试按照他们的建议进行操作(将 ssl_verify_mode :verify_peer 添加到配置文件中),这没有任何区别;然后我知道这个消息只是误导。

于 2014-06-23T23:20:39.990 回答