Puppet
Mcollective 無法設置完整的 SSL 驗證模式錯誤
根據“Learning Puppet 4”一書中的手冊,我正在嘗試使用 jorhett/puppet-mcollective 模組設置 MCollective。執行“mco ping”、“mco inventory node_name”等後出現以下錯誤。
警告 2016/08/11 07:21:19:activemq.rb:346:in `rescue in ssl_parameters’ 無法設置完整的 SSL 驗證模式,退回到未驗證:RuntimeError:必須提供證書、密鑰和 ca 以進行驗證SSL 模式
這是我的配置:Hiera 主機名/puppetserver.yaml
# hostname/puppetserver.yaml classes: - mcollective::middleware - mcollective::client # Middleware configuration mcollective::client_password: 'VpOS62qqpH3NEVEtP8rQsS2tpq6xwgOJEXsABjYDvoI=' mcollective::middleware::keystore_password: 'k7Dj+On3xGmQPX7CuCxgXaOFwHZFdKICeQQFpWlzg6E=' mcollective::middleware::truststore_password: 'k7Dj+On3xGmQPX7CuCxgXaOFwHZFdKICeQQFpWlzg6E='
Hiera common.yaml
--- puppet::status: 'running' puppet::enabled: true # every node installs the server classes: - mcollective::server # The Puppet Server will host the middleware mcollective::hosts: - 'puppet.example.com' mcollective::collectives: - 'mcollective' mcollective::connector: 'activemq' mcollective::connector_ssl: true mcollective::connector_ssl_type: 'anonymous' # Access passwords mcollective::server_password: 'h3Vh7JGGkyWxuehCvScXRwZmIZYRHtDDDxuS1W68XAQ=' mcollective::psk_key: 'y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw=' mcollective::facts::cronjob::run_every: 10 mcollective::server::package_ensure: 'latest' mcollective::plugin::agents: puppet: version: 'latest' mcollective::client::unix_group: vagrant mcollective::client::package_ensure: 'latest' mcollective::plugin::clients: puppet: version: 'latest'
集體伺服器.cfg
# /etc/mcollective/server.cfg libdir = /usr/libexec/mcollective libdir = /opt/puppetlabs/mcollective/plugins classesfile = /opt/puppetlabs/puppet/cache/state/classes.txt daemonize = 1 direct_addressing = 1 main_collective = mcollective collectives = mcollective # ActiveMQ connector settings: connector = activemq plugin.activemq.heartbeat_interval = 30 plugin.activemq.pool.size = 1 plugin.activemq.pool.1.host = puppet.example.com plugin.activemq.pool.1.port = 61614 plugin.activemq.pool.1.user = server plugin.activemq.pool.1.password = h3Vh7JGGkyWxuehCvScXRwZmIZYRHtDDDxuS1W68XAQ= plugin.activemq.pool.1.ssl = true plugin.activemq.pool.1.ssl.fallback = true # Send these messages to keep the Stomp connection alive. # This solves NAT and firewall timeout problems. registerinterval = 600 # Security provider securityprovider = psk plugin.psk = y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw= # Facts factsource = yaml plugin.yaml = /etc/puppetlabs/mcollective/facts.yaml # Puppet resource control plugin.puppet.resource_allow_managed_resources = true plugin.puppet.resource_type_whitelist = none # Logging logger_type = syslog loglevel = info logfacility = user
Mcollective 客戶端**.cfg**
# Connector libdir = /usr/libexec/mcollective libdir = /opt/puppetlabs/mcollective/plugins direct_addressing = 1 main_collective = mcollective collectives = mcollective connector = activemq plugin.activemq.heartbeat_interval = 30 plugin.activemq.pool.size = 1 plugin.activemq.pool.1.host = puppet.example.com plugin.activemq.pool.1.port = 61614 plugin.activemq.pool.1.user = client plugin.activemq.pool.1.password = VpOS62qqpH3NEVEtP8rQsS2tpq6xwgOJEXsABjYDvoI= plugin.activemq.pool.1.ssl = true plugin.activemq.pool.1.ssl.fallback = true # Security provider securityprovider = psk plugin.psk = y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw= plugin.psk.callertype = uid # Discovery default_discovery_method = mc direct_addressing_threshold = 10 default_discovery_options = # Miscellaneous settings color = 1 rpclimitmethod = first # Performance settings direct_addressing_threshold = 10 ttl = 60 # Logging logger_type = console loglevel = warn
我也遇到了同樣的問題,但我發現在 mcollective/puppet 伺服器上
/etc/puppetlabs/mcollective/server.cfg
和上添加以下內容(如下所示)解決了我的問題。/etc/puppetlabs/mcollective/client.cfg
請務必重新啟動mcollective
服務以使效果生效。我將此添加到
client.cfg
/server.cfg
文件中:plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/puppet/ssl/private_keys/puppet.esxi.com.pem plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/puppet/ssl/certs/puppet.esxi.com.pem
在我添加條目之前:
[root@puppet ~]# mco ping warn 2016/11/30 09:02:29: activemq.rb:374:in `rescue in ssl_parameters' Failed to set full SSL verified mode, falling back to u nverified: RuntimeError: cert, key and ca has to be supplied for verified SSL mode media.center time=13.37 ms dns1 time=53.16 ms puppet.esxi.com time=53.84 ms keeppass time=54.47 ms splunk time=55.11 ms lychee time=55.78 ms nfs-share time=56.41 ms dns2 time=57.09 ms ansible time=57.68 ms
然後:
[root@puppet ~]# mco ping media.center time=13.44 ms keeppass time=53.12 ms nfs-share time=54.44 ms puppet.esxi.com time=55.37 ms dns2 time=56.15 ms ansible time=56.94 ms dns1 time=57.76 ms splunk time=58.57 ms lychee time=59.38 ms