未能设置完整的SSL验证模式错误

Question

根据“学习木偶4”的手册，我正在尝试使用jorhett/傀儡- manual模块来设置MCollective。在运行“getting”、"mco库存node_name“等操作后，我会收到以下错误。

2016/08/11 07:21:19: activemq.rb:346:in‘ssl_parameters中的救援’未能设置完整的SSL验证模式，回到未验证的模式: RuntimeError: cert、key和ca必须为验证的SSL模式提供

这是我的心声:希拉的主人/木偶

# hostname/puppetserver.yaml
classes:
- mcollective::middleware
- mcollective::client
# Middleware configuration
mcollective::client_password: 'VpOS62qqpH3NEVEtP8rQsS2tpq6xwgOJEXsABjYDvoI='
mcollective::middleware::keystore_password: 'k7Dj+On3xGmQPX7CuCxgXaOFwHZFdKICeQQFpWlzg6E='
mcollective::middleware::truststore_password: 'k7Dj+On3xGmQPX7CuCxgXaOFwHZFdKICeQQFpWlzg6E='

Hiera common.yaml

---
puppet::status: 'running'
puppet::enabled: true

# every node installs the server
classes:
  - mcollective::server
# The Puppet Server will host the middleware
mcollective::hosts:
  - 'puppet.example.com'
mcollective::collectives:
  - 'mcollective'
mcollective::connector: 'activemq'
mcollective::connector_ssl: true
mcollective::connector_ssl_type: 'anonymous'
# Access passwords
mcollective::server_password: 'h3Vh7JGGkyWxuehCvScXRwZmIZYRHtDDDxuS1W68XAQ='
mcollective::psk_key: 'y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw='
mcollective::facts::cronjob::run_every: 10
mcollective::server::package_ensure: 'latest'
mcollective::plugin::agents:
  puppet:
    version: 'latest'
mcollective::client::unix_group: vagrant
mcollective::client::package_ensure: 'latest'
mcollective::plugin::clients:
  puppet:
    version: 'latest'

多集体server.cfg

# /etc/mcollective/server.cfg
libdir = /usr/libexec/mcollective
libdir = /opt/puppetlabs/mcollective/plugins
classesfile = /opt/puppetlabs/puppet/cache/state/classes.txt
daemonize = 1
direct_addressing = 1
main_collective = mcollective
collectives = mcollective                                                       

# ActiveMQ connector settings:
connector = activemq
plugin.activemq.heartbeat_interval = 30
plugin.activemq.pool.size = 1
plugin.activemq.pool.1.host = puppet.example.com
plugin.activemq.pool.1.port = 61614
plugin.activemq.pool.1.user = server
plugin.activemq.pool.1.password = h3Vh7JGGkyWxuehCvScXRwZmIZYRHtDDDxuS1W68XAQ=
plugin.activemq.pool.1.ssl = true
plugin.activemq.pool.1.ssl.fallback = true

# Send these messages to keep the Stomp connection alive.
# This solves NAT and firewall timeout problems.
registerinterval = 600

# Security provider
securityprovider = psk
plugin.psk = y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw=

# Facts
factsource = yaml
plugin.yaml = /etc/puppetlabs/mcollective/facts.yaml

# Puppet resource control
plugin.puppet.resource_allow_managed_resources = true
plugin.puppet.resource_type_whitelist = none

# Logging
logger_type = syslog
loglevel = info
logfacility = user

多集体client.cfg

# Connector
libdir = /usr/libexec/mcollective
libdir = /opt/puppetlabs/mcollective/plugins
direct_addressing = 1
main_collective = mcollective
collectives = mcollective                                                                                                                                       

connector = activemq
plugin.activemq.heartbeat_interval = 30
plugin.activemq.pool.size = 1
plugin.activemq.pool.1.host = puppet.example.com
plugin.activemq.pool.1.port = 61614
plugin.activemq.pool.1.user = client
plugin.activemq.pool.1.password = VpOS62qqpH3NEVEtP8rQsS2tpq6xwgOJEXsABjYDvoI=
plugin.activemq.pool.1.ssl = true
plugin.activemq.pool.1.ssl.fallback = true

# Security provider
securityprovider = psk
plugin.psk = y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw=
plugin.psk.callertype = uid

# Discovery
default_discovery_method = mc
direct_addressing_threshold = 10
default_discovery_options =

# Miscellaneous settings
color = 1
rpclimitmethod = first

# Performance settings
direct_addressing_threshold = 10
ttl = 60

# Logging
logger_type = console
loglevel = warn

Answer 1

我也遇到了同样的问题，但我发现在/etc/puppetlabs/mcollective/server.cfg和/etc/puppetlabs/mcollective/client.cfg中添加以下内容(如下所示)解决了我的问题。一定要重新启动mcollective服务，这样效果才会发生。

我将其添加到client.cfg / server.cfg文件中：

plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/puppet/ssl/private_keys/puppet.esxi.com.pem
plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/puppet/ssl/certs/puppet.esxi.com.pem

在我添加条目之前：

[root@puppet ~]# mco ping
warn 2016/11/30 09:02:29: activemq.rb:374:in `rescue in ssl_parameters' Failed to set full SSL verified mode, falling back to u                                                                                                              nverified: RuntimeError: cert, key and ca has to be supplied for verified SSL mode
media.center                             time=13.37 ms
dns1                                     time=53.16 ms
puppet.esxi.com                          time=53.84 ms
keeppass                                 time=54.47 ms
splunk                                   time=55.11 ms
lychee                                   time=55.78 ms
nfs-share                                time=56.41 ms
dns2                                     time=57.09 ms
ansible                                  time=57.68 ms

之后：

[root@puppet ~]# mco ping
media.center                             time=13.44 ms
keeppass                                 time=53.12 ms
nfs-share                                time=54.44 ms
puppet.esxi.com                          time=55.37 ms
dns2                                     time=56.15 ms
ansible                                  time=56.94 ms
dns1                                     time=57.76 ms
splunk                                   time=58.57 ms
lychee                                   time=59.38 ms