单刀烹饪命令不能正常工作

Question

所以我在Ubnuntu12.04上运行Chef-Solo，在puTTy上运行Linux操作系统。我的最终目标是使用Chef部署一个Islandora/Drupal实例。然而，目前，我并没有取得太大的成功。下面是我运行过的命令：

knife solo prepare [user name]@[server name]

这给出了下面的输出：

WARNING: No knife configuration file found
Bootstrapping Chef...
Enter the password for biblio@giada:
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100 15934  100 15934    0     0  47449      0 --:--:-- --:--:-- --:--:-- 70504

Downloading Chef 11.12.2 for ubuntu...
downloading https://www.opscode.com      /chef/metadata?v=11.12.2&prerelease=false&
nightlies=false&p=ubuntu&pv=12.04&m=x86_64
  to file /tmp/install.sh.14381/metadata.txt
trying wget...
url     https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.12.2-1_amd64.deb
md5     cedd8a2df60a706e51f58adf8441971b
sha256  af53e7ef602be6228dcbf68298e2613d3f37eb061975992abc6cd2d318e4a0c0
downloaded metadata file looks valid...
     downloading https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.0/x86_64/chef_11.12.2-1_amd64.deb
  to file /tmp/install.sh.14381/chef_11.12.2-1_amd64.deb
trying wget...
Comparing checksum with sha256sum...
Installing Chef 11.12.2
installing with dpkg...
(Reading database ... 72031 files and directories currently installed.)
Preparing to replace chef 11.12.2-1 (using .../chef_11.12.2-1_amd64.deb) ...
Unpacking replacement chef ...
Setting up chef (11.12.2-1) ...
Thank you for installing Chef!
Generating node config 'nodes/giada.json'...

然后，当我运行以下命令时：

knife solo cook [user name]@[server name]

...I获取以下内容：

WARNING: No knife configuration file found
WARNING: solo.rb found, but since knife-solo v0.3.0 it is not used any more
WARNING: Please read the upgrade instructions: https://github.com/matschaffer/knife-solo/wiki/Upgrading-to-0.3.0
Running Chef on [server name]...
Checking Chef version...
Enter the password for [user name]@[server name]:
Uploading the kitchen...
[user name]@[server name]'s password:
WARNING: Local cookbook_path '/etc/chef/cookbooks' does not exist
[user name]@[server name]'s password:
[user name]@[server name]'s password:
WARNING: Local role_path './roles' does not exist
WARNING: Local data_bag_path './data_bags' does not exist
WARNING: Local environment_path './environments' does not exist
Generating solo config...
[user name]@[server name]'s password:
Running Chef...

[2014-05-01T12:56:51-04:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

验证所有HTTPS连接(推荐)

ssl_verify_mode :verify_peer

或者，仅验证与chef-server的连接

verify_api_cert true

若要检查SSL配置或排除错误，可以使用

类似这样的knife ssl check命令：

   knife ssl check -c /home/biblio/chef-solo/solo.rb

启动厨师客户端，版本11.12.2

编辑食谱...

汇聚0个resourcesRunning处理程序：

运行处理程序completeChef客户端已完成，在2.278793398秒内更新了0/0资源

在上面描述的情况下，我以root身份操作。根据Opscode的文档，一切都在它应该在的位置。但在我看来，这些警告告诉我有些事情不应该是这样的。有人能告诉我我错过了什么吗？谢谢!

Answer 1

在运行hidden命令的文件夹中，您需要有另一个隐藏文件夹，其中包含where配置文件。又名

.chef/knife.rb --这必须包括您的刀具设置。这是我的。

   cookbook_path    "cookbooks"
   node_path        "nodes"
   role_path        "roles"

   knife[:berkshelf_path]          = "cookbooks"
   knife[:aws_access_key_id]       = "#{ENV['AWS_ACCESS_KEY_ID']}"
   knife[:aws_secret_access_key]   = "#{ENV['AWS_SECRET_ACCESS_KEY']}"
   knife[:region]                  = "#{ENV['EC2_REGION']}"
   knife[:availability_zone]       = "#{ENV['EC2_AVAILABILITY_ZONE']}"
   knife[:ssh_user]                = "ubuntu"
   knife[:groups]                  = "default"
   knife[:solo]                    = true

正如您所看到的，我使用了环境变量(ENV)，因此我将其签入到版本控制中，而不会暴露秘密。要在OSX或Linux中执行此操作，您需要编辑~/.bash_profile和每个变量；

   export AWS_ACCESS_KEY_ID=REAL_KEY_GOES_HERE

然后通过运行source ~/.bash_profile来获取它。

还有一个有用的准备参数是-- run -list 'rolerole-name‘，这样当您运行cook时，它将自动使用正确的角色。

Answer 2

我曾经因为我的dna.json错误而得到这个错误。某些双引号不匹配。所以，首先我试着按照他们的建议去做(将ssl_verify_mode :verify_peer添加到配置文件中)，这没有什么区别；然后我知道这条消息只是误导。