Aru*_*n V 2 cookbook chef-infra chef-recipe
我的厨师服务器是 COMPUTE1(大写字母),工作站是 COMPUTE2(大写字母),我正在尝试将食谱上传到服务器。
user@COMPUTE2:~/chef-repo$ sudo knife cookbook upload sudo
Uploading sudo [0.1.0]
ERROR: SSL Validation failure connecting to host: compute1 - hostname "compute1" does not match the server certificate
ERROR: SSL Error connecting to https://compute1/bookshelf/organization-f6706bb676a02d03bc421056986ae96b/checksum-ad104e789f71ad37eed05e4122a4540f?AWSAccessKeyId=548e088de808a684f5e37f97cd23914214c30bf8&Expires=1463546366&Signature=OqudLFc%2BDjjL5jllpCvSdchuLeU%3D, retry 1/5
--------------------------
ERROR: SSL Validation failure connecting to host: compute1 - hostname "compute1" does not match the server certificate
ERROR: SSL Validation failure connecting to host: compute1 - hostname "compute1" does not match the server certificate
ERROR: SSL Validation failure connecting to host: compute1 - hostname "compute1" does not match the server certificate
ERROR: SSL Validation failure connecting to host: compute1 - hostname "compute1" does not match the server certificate
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://compute1/bookshelf/organization-f6706bb676a02d03bc421056986ae96b/checksum-1752f5088b4e1ab5a1a872bb87049ae1?AWSAccessKeyId=548e088de808a684f5e37f97cd23914214c30bf8&Expires=1463546371&Signature=IA2GQ%2BfNcc6nm6DCRI/L0NxtkP0%3D - hostname "compute1" does not match the server certificate
user@COMPUTE2:~/chef-repo$
我试过刀 ssl 检查,它返回一切正常。
user@COMPUTE2:~/chef-repo$ sudo knife ssl check
Connecting to host COMPUTE1:443
Successfully verified certificates from `COMPUTE1'
user@COMPUTE2:~/chef-repo$
刀 ssl 获取也工作正常
user@COMPUTE2:~/chef-repo$ sudo knife ssl fetch
WARNING: Certificates from COMPUTE1 will be fetched and placed in your trusted_cert
directory (/home/user/chef-repo/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for COMPUTE1 in /home/user/chef-repo/.chef/trusted_certs/COMPUTE1.crt
user@COMPUTE2:~/chef-repo$
我的主机名是大写字母。这就是这不起作用的原因吗?由于某些限制,我无法更改主机名。有人可以帮忙吗。
谢谢,
小智 7
可能有点晚了,但我希望它会帮助某人。
在 中添加以下条目knife.rb:
ssl_verify_mode :verify_none
这可以暂时解决问题,但永久的解决方案是从您的厨师服务器下载证书。
要下载证书,请将以下行添加到knife.rb文件中。
trusted_certs_dir "#{current_dir}/trusted_certs"
添加条目后,运行以下命令:
knife ssl fetch (这从厨师服务器获取证书并保存在trusted_certs目录下)
验证 *.cert 文件是否已经存在并运行以下命令。
knife ssl check (此命令验证已从厨师服务器下载的证书)
然后您可以运行knife node list以验证 ssl 证书问题是否消失。
| 归档时间: |
|
| 查看次数: |
8676 次 |
| 最近记录: |