Proxy

centos + chef + vagrant的“網路無法訪問”

  • September 5, 2013

我正在嘗試編寫一個 Vagrantfile 來在 CentOS 6.4 映像上安裝 nginx。

在我的 Vagrantfile 中,我有(ip 已編輯):

 config.vm.provision :shell,
  :inline => "echo \"export http_proxy=http://10.0.0.1:3128\; export https_proxy=https://10.0.0.1:3128\" >> /etc/profile"

 config.vm.provision :shell,
  :inline => "echo \"export HTTP_PROXY=http://10.0.0.1:3128\; export HTTPS_PROXY=https://10.0.0.1:3128\" >> /etc/profile"

  config.vm.provision :shell,
   :inline => "echo \"proxy=http://10.0.0.1:3128\" >> /etc/yum.conf"

 config.vm.provision "chef_solo" do |chef|
   chef.add_recipe "nginx"
   chef.json = {
     "http_proxy" => "http://10.0.0.1:3128",
     "https_proxy" => "https://10.0.0.1:3128",
     "nginx" => {
       "install_method" => "package"
     }
   }
 end

當我執行它時,一切都很順利,直到它嘗試執行 yum 並嘗試安裝 GPG 文件,當我收到錯誤消息時:

Bringing machine 'default' up with 'virtualbox' provider...
[default] Importing base box 'Base-CentOS-6.4'...

Progress: 10%
Progress: 20%
Progress: 40%
Progress: 60%
Progress: 80%
Progress: 90%
[default] Matching MAC address for NAT networking...
[default] Setting the name of the VM...
[default] Clearing any previously set forwarded ports...
[default] Creating shared folders metadata...
[default] Clearing any previously set network interfaces...
[default] Preparing network interfaces based on configuration...
[default] Forwarding ports...
[default] -- 22 => 2222 (adapter 1)
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
[default] VM booted and ready for use!
[default] Mounting shared folders...
[default] -- /vagrant
[default] -- /tmp/vagrant-chef-1/chef-solo-1/cookbooks
[default] Running provisioner: shell...
[default] Running: inline script
[default] Running provisioner: shell...
[default] Running: inline script
[default] Running provisioner: shell...
[default] Running: inline script
[default] Running provisioner: chef_solo...
Generating chef JSON and uploading...
Running chef-solo...
[2013-08-22T01:24:00+00:00] INFO: Forking chef instance to converge...
[2013-08-22T01:24:00+00:00] INFO: *** Chef 11.6.0 ***
[2013-08-22T01:24:00+00:00] INFO: Setting the run_list to ["recipe[nginx]"] from JSON
[2013-08-22T01:24:00+00:00] INFO: Run List is [recipe[nginx]]
[2013-08-22T01:24:00+00:00] INFO: Run List expands to [nginx]
[2013-08-22T01:24:00+00:00] INFO: Starting Chef Run for localhost
[2013-08-22T01:24:00+00:00] INFO: Running start handlers
[2013-08-22T01:24:00+00:00] INFO: Start handlers complete.
[2013-08-22T01:24:01+00:00] INFO: ohai plugins will be at: /etc/chef/ohai_plugins
[2013-08-22T01:24:01+00:00] INFO: remote_directory[/etc/chef/ohai_plugins] created directory /etc/chef/ohai_plugins
[2013-08-22T01:24:01+00:00] INFO: remote_directory[/etc/chef/ohai_plugins] mode changed to 755
[2013-08-22T01:24:01+00:00] INFO: cookbook_file[/etc/chef/ohai_plugins/README] created file /etc/chef/ohai_plugins/README
[2013-08-22T01:24:01+00:00] INFO: cookbook_file[/etc/chef/ohai_plugins/README] updated file contents /etc/chef/ohai_plugins/README
[2013-08-22T01:24:01+00:00] INFO: cookbook_file[/etc/chef/ohai_plugins/README] mode changed to 644
[2013-08-22T01:24:01+00:00] INFO: ohai[custom_plugins] reloaded
[2013-08-22T01:24:01+00:00] WARN: Cloning resource attributes for service[nginx] from prior resource (CHEF-3694)
[2013-08-22T01:24:01+00:00] WARN: Previous service[nginx]: /tmp/vagrant-chef-1/chef-solo-1/cookbooks/nginx/recipes/default.rb:44:in `from_file'
[2013-08-22T01:24:01+00:00] WARN: Current  service[nginx]: /tmp/vagrant-chef-1/chef-solo-1/cookbooks/nginx/recipes/default.rb:51:in `from_file'
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] created file /etc/chef/ohai_plugins/nginx.rb
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] updated file contents /etc/chef/ohai_plugins/nginx.rb
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] owner changed to 0
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] group changed to 0
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] mode changed to 755
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] sending reload action to ohai[reload_nginx] (immediate)
[2013-08-22T01:24:01+00:00] INFO: ohai[reload_nginx] reloaded
[2013-08-22T01:24:01+00:00] INFO: Adding RPM-GPG-KEY-EPEL-6 GPG key to /etc/pki/rpm-gpg/
[2013-08-22T01:24:12+00:00] INFO: remote_file[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6] created file /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

================================================================================
Error executing action `create` on resource 'remote_file[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6]'
================================================================================


Errno::ENETUNREACH
------------------
Network is unreachable - connect(2)


Resource Declaration:
---------------------
# In /tmp/vagrant-chef-1/chef-solo-1/cookbooks/yum/providers/key.rb

61:       remote_file "/etc/pki/rpm-gpg/#{new_resource.key}" do
62:         source new_resource.url
63:         mode "0644"
64:         notifies :run, "execute[import-rpm-gpg-key-#{new_resource.key}]", :immediately
65:       end
66:     end



Compiled Resource:
------------------
# Declared in /tmp/vagrant-chef-1/chef-solo-1/cookbooks/yum/providers/key.rb:61:in `block in class_from_file'

remote_file("/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6") do
 provider Chef::Provider::RemoteFile
 action "create"
 retries 0
 retry_delay 2
 path "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6"
 backup 5
 atomic_update true
 source ["http://mirror.aarnet.edu.au/pub/epel/RPM-GPG-KEY-EPEL-6"]
 use_etag true
 use_last_modified true
 cookbook_name :yum
 mode "0644"
end



[2013-08-22T01:25:20+00:00] INFO: Running queued delayed notifications before re-raising exception
[2013-08-22T01:25:20+00:00] ERROR: Running exception handlers
[2013-08-22T01:25:20+00:00] ERROR: Exception handlers complete
[2013-08-22T01:25:20+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2013-08-22T01:25:20+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.
[Finished in 126.4s with exit code 127]

並且堆棧跟踪具有(加上堆棧跟踪):

[root@localhost ~]# cat /var/chef/cache/chef-stacktrace.out
Generated at 2013-08-22 01:25:20 +0000
Errno::ENETUNREACH: remote_file[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6] (/tmp/vagrant-chef-1/chef-solo-1/cookbooks/yum/providers/key.rb line 61) had an error: Errno::ENETUNREACH: Network is unreachable - connect(2)

當我 ssh 進入盒子時,檢查代理並嘗試捲曲密鑰,我沒有問題。

[drew@mymachine dev-environment]$ vagrant ssh
Last login: Thu Aug 22 01:25:36 2013 from 10.0.0.2
Welcome to your Vagrant-built virtual machine.
[vagrant@localhost ~]$ echo -e "$http_proxy"" - ""$https_proxy""\n""$HTTP_PROXY"" - ""$HTTPS_PROXY"
http://10.0.0.1:3128 - https://10.0.0.1:3128
http://10.0.0.1:3128 - https://10.0.0.1:3128

[vagrant@localhost ~]$ curl "http://mirror.aarnet.edu.au/pub/epel/RPM-GPG-KEY-EPEL-6"
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1
JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B
...
XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==
=V/6I
-----END PGP PUBLIC KEY BLOCK-----
[vagrant@localhost ~]$

我也可以愉快地在盒子裡使用 yum 沒有任何問題。

我在公司網路中的代理伺服器後面,所以我想也許廚師沒有註意代理設置。我的問題是以前有沒有其他人經歷過這種情況,或者對在代理後面執行廚師有任何見解,他們正在獲得無法訪問的網路?

我在想如果我不能修復它,只需在廚師執行之前下載並安裝密鑰,但我想知道這裡是否發生了其他事情。

我認為 chef-solo 不支持代理配置。 http://docs.opscode.com/config_rb_solo.html

您可以嘗試創建另一個半空的廚師食譜,它將在“vagrant up”環境中獲取您的 http_proxy 變數。

就像是:

 ENV['http_proxy'] = "http://10.0.0.1:3128"
 ENV['https_proxy'] = "https://10.0.0.1:3128"

然後將該配方添加到您的 vagrant 文件執行的第一步中:

 chef.add_recipe '[my_http_recipe]'

希望這可以幫助

您需要直接在 chef 對像上設置屬性:

config.vm.provision :chef_solo do |chef|
 chef.http_proxy = $http_proxy
 chef.https_proxy = $https_proxy
 chef.no_proxy = $no_proxy

此外,我建議使用vagrant-proxyconf外掛,而不是手動呼叫 shell 腳本來設置環境變數。請注意,這不會傳播到 chef_solo,不要從上面的程式碼片段中刪除配置。

配置如下:

$http_proxy  = "http://10.10.1.1:4128/"
$https_proxy = "http://10.10.1.1:4128/"
$no_proxy    =  "localhost,127.0.0.1,.ag.hermle.de"

Vagrant.configure("2") do |config|
 config.proxy.http     = $http_proxy
 config.proxy.https    = $https_proxy
 config.proxy.no_proxy = $no_proxy

更新:可能 vagrant-proxyconf 將來會支持廚師代理配置,請參閱https://github.com/tmatilai/vagrant-proxyconf/issues/19

引用自:https://serverfault.com/questions/532808