Ubuntu

MCollective 守護程序未綁定網路套接字

  • August 18, 2012

我剛剛使用 puppet-enterprise-2.0-ubuntu-10.04-amd64.tar.gz(從http://puppetlabs.com/misc/pe-files/下載)在 Ubuntu 10.04 LTS 上安裝了 PE,現在相同機器正在執行主機、控制台和代理角色。

我似乎對 MCollective 伺服器有疑問,儘管它似乎開始正常,但它並沒有按應有的方式打開埠 61613。

守護程序啟動正常

$ sudo /etc/init.d/pe-mcollective start
* Starting mcollective daemon                  [ OK ] 

出現是PS

$ ps aux | grep mcol | grep -v grep
root     25636  0.0  0.5  64680 12056 ?        S    07:21   0:00 /opt/puppet/bin/ruby /opt/puppet/sbin/mcollectived --pid /var/run/pe-mcollective.pid

Pid 文件包含正確的值

$ sudo cat /var/run/pe-mcollective.pid
25636

但是我沒有看到任何程序在埠 61613 上偵聽

$ sudo netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      2395/mysqld     
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      25542/memcached 
tcp        0      0 0.0.0.0:8140            0.0.0.0:*               LISTEN      25620/pe-httpd  
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      10096/apache2   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2345/sshd       
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2822/master     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      25620/pe-httpd  

當我查看日誌時,我在 mcollective 伺服器和客戶端日誌中都看到了錯誤

$ sudo tail -f /var/log/pe-*/*
==> /var/log/pe-puppet-dashboard/mcollective_client.log <==
I, [2011-12-20T07:26:22.731870 #30944]  INFO -- : stomp.rb:79:in `on_connectfail' Connction to stomp://mcollective@puppetmaster.example.org:61613 failed on attempt 1646

==> /var/log/pe-mcollective/mcollective.log <==
I, [2011-12-20T07:26:24.852641 #25636]  INFO -- : stomp.rb:79:in `on_connectfail' Connction to stomp://mcollective@puppetmaster.example.org:61613 failed on attempt 20

當我檢查 mcollective ruby​​ 腳本 /opt/puppet/sbin/mcollectived 時,我可以看到它引用了具有以下配置指令的配置文件 /etc/puppetlabs/mcollective/server.cfg:

plugin.stomp.pool.size = 1
plugin.stomp.pool.host1 = puppetmaster.example.org
plugin.stomp.pool.port1 = 61613
plugin.stomp.pool.user1 = mcollective
plugin.stomp.pool.password1 = ***************
plugin.stomp.pool.ssl1 = true
plugin.stomp.base64 = true

我可以解析plugin.stomp.pool.host1,如果我將plugin.stomp.pool.port1例如更改為 61614 我看到它反映在上面提到的 mcollective.log 錯誤中。我設置了loglevel = debug但它沒有給我更多提示。我手動執行了腳本(/opt/puppet/bin/ruby /opt/puppet/sbin/mcollectived),但它也沒有給我任何線索。

問:如何進一步解決此問題?

問題在於 java 密鑰庫:

pe-activemq 開始正常

$ sudo /etc/init.d/pe-activemq start
* pe-activemq started

然而,通過觀看 PS,我注意到 activemq 嘗試啟動但幾乎立即失敗。我修改了啟動腳本來做一些調試:

start() {
   echo -n "Starting $APP_NAME... "
   getpid
   if [ "X$pid" = "X" ]
   then
       # original command
       # COMMAND_LINE="$CMDNICE $WRAPPER_CMD $WRAPPER_CONF wrapper.syslog.ident=$APP_NAME wrapper.pidfile=$PIDFILE wrapper.daemonize=TRUE $ANCHORPROP $IGNOREPROP $LOCKPROP"
       # custom command with deamonize=FALSE
       COMMAND_LINE="$CMDNICE $WRAPPER_CMD $WRAPPER_CONF wrapper.syslog.ident=$APP_NAME wrapper.pidfile=$PIDFILE wrapper.daemonize=FALSE $ANCHORPROP $IGNOREPROP $LOCKPROP"
       echo "executing [$COMMAND_LINE]"

啟動 pe-activemq 出現以下錯誤

jvm 1    | ERROR | Failed to start ActiveMQ JMS Message Broker. Reason: java.io.IOException: Transport Connector could not be registered in JMX: Failed to bind to server socket: stomp+ssl://0.0.0.0:61613 due to: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.DefaultSSLContextImpl)

看起來像是密鑰庫的問題。/opt/puppet/activemq/conf/activemq-wrapper.conf 配置文件為您提供以下詳細資訊:

set.default.ACTIVEMQ_BASE=/opt/puppet/activemq
wrapper.working.dir=/var/log/pe-activemq
[...]
# Enable SSL of the Stomp Connection (Note, this provides encryption only as per #10596)
wrapper.java.additional.7=-Djavax.net.ssl.keyStorePassword=puppet
wrapper.java.additional.8=-Djavax.net.ssl.keyStore=%ACTIVEMQ_BASE%/conf/broker.ks
# The trust store need not be present.
wrapper.java.additional.9=-Djavax.net.ssl.trustStorePassword=puppet
wrapper.java.additional.10=-Djavax.net.ssl.trustStore=%ACTIVEMQ_BASE%/conf/broker.ts

僅供參考 /opt/puppet/activemq/conf 是 /etc/puppetlabs/activemq 的符號連結 在該目錄中,broket.ts 文件存在,但缺少 broker.ks

基於這個頁面(http://activemq.apache.org/how-do-i-use-ssl.html),我做了以下

$ cd /etc/puppetlabs/activemq
$ sudo keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
=> provided puppet password everywhere

然後activemq開始正常

jvm 1    |  INFO | Using Persistence Adapter: KahaDBPersistenceAdapter[/opt/puppet/activemq/data/kahadb]
jvm 1    |  INFO | KahaDB is version 3
jvm 1    |  INFO | Recovering from the journal ...
jvm 1    |  INFO | Recovery replayed 1 operations from the journal in 0.022 seconds.
jvm 1    |  INFO | ActiveMQ 5.5.0 JMS Message Broker (localhost) is starting
jvm 1    |  INFO | For help or more information please see: http://activemq.apache.org/
jvm 1    |  INFO | Installing StaticsBroker
jvm 1    |  INFO | Starting StatisticsBroker
jvm 1    |  INFO | Listening for connections at: tcp://myserver:61616
jvm 1    |  INFO | Connector openwire Started
jvm 1    |  INFO | Listening for connections at: stomp+ssl://myserver:61613
jvm 1    |  INFO | Connector stomp+ssl Started
jvm 1    |  INFO | ActiveMQ JMS Message Broker (localhost, ID:myserver-44300-1324455724257-0:1) started
jvm 1    |  INFO | jetty-7.1.6.v20100715
jvm 1    |  INFO | ActiveMQ WebConsole initialized.
jvm 1    |  INFO | Initializing Spring FrameworkServlet 'dispatcher'
jvm 1    |  INFO | ActiveMQ Console at http://0.0.0.0:8161/admin
jvm 1    |  INFO | WebApp@2109578614 at http://0.0.0.0:8161/camel
jvm 1    |  INFO | WebApp@2109578614 at http://0.0.0.0:8161/demo
jvm 1    |  INFO | WebApp@2109578614 at http://0.0.0.0:8161/fileserver
jvm 1    |  INFO | Started SelectChannelConnector@0.0.0.0:8161

問題解決了

引用自:https://serverfault.com/questions/342653