服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Mcollective无法设置完整的SSLvalidation模式错误
Intereting Posts
中央日志存储库 在Bash中,文件以“ – ”开始 Windowspipe理框架4.0通过GPO 两个testing站点之一只加载铬,而不是IE或FF(内部服务器错误) Server 2008 AD文件夹权限行为? nginx error_log报告“bind()为0.0.0.0:80失败(48:地址已经在使用)” 通过“Gmail”帐户发送电子邮件的Postfix错误 系统崩溃 – 重启日志中包含“^ @” 如何添加额外的数据库到我的MySQL复制奴隶(只读)? 我可以让我的用户创build虚拟机吗? 在Amazon EC2 AMI上安装MySQL 5.6 OpenLDAP不会启动 – 启动OpenLDAP:slapdrm:不能删除`/ var / lib / ldap / alock' 如何在公司networking内部下载可执行文件? 我怎样才能find我的子网掩码? 无法更新密码。 为新密码提供的值不符合域的长度,复杂度或历史要求

Mcollective无法设置完整的SSLvalidation模式错误

我试图根据“学习木偶4”的手册使用jorhett / puppet-mcollective模块设置MCollective。 运行“mco ping”,“mco inventory node_name”等后出现以下错误

警告2016/08/11 07:21:19:activemq.rb:346:在`救援ssl_parameters'无法设置完整的SSLvalidation模式,回落到未validation:RuntimeError:证书,密钥和CA必须提供validationSSL模式

这里是我的configuration: Hiera hostname / puppetserver.yaml 

# hostname/puppetserver.yaml classes: - mcollective::middleware - mcollective::client # Middleware configuration mcollective::client_password: 'VpOS62qqpH3NEVEtP8rQsS2tpq6xwgOJEXsABjYDvoI=' mcollective::middleware::keystore_password: 'k7Dj+On3xGmQPX7CuCxgXaOFwHZFdKICeQQFpWlzg6E=' mcollective::middleware::truststore_password: 'k7Dj+On3xGmQPX7CuCxgXaOFwHZFdKICeQQFpWlzg6E='

Hiera common.yaml 

 --- puppet::status: 'running' puppet::enabled: true # every node installs the server classes: - mcollective::server # The Puppet Server will host the middleware mcollective::hosts: - 'puppet.example.com' mcollective::collectives: - 'mcollective' mcollective::connector: 'activemq' mcollective::connector_ssl: true mcollective::connector_ssl_type: 'anonymous' # Access passwords mcollective::server_password: 'h3Vh7JGGkyWxuehCvScXRwZmIZYRHtDDDxuS1W68XAQ=' mcollective::psk_key: 'y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw=' mcollective::facts::cronjob::run_every: 10 mcollective::server::package_ensure: 'latest' mcollective::plugin::agents: puppet: version: 'latest' mcollective::client::unix_group: vagrant mcollective::client::package_ensure: 'latest' mcollective::plugin::clients: puppet: version: 'latest'

Mcollective server.cfg 

 # /etc/mcollective/server.cfg libdir = /usr/libexec/mcollective libdir = /opt/puppetlabs/mcollective/plugins classesfile = /opt/puppetlabs/puppet/cache/state/classes.txt daemonize = 1 direct_addressing = 1 main_collective = mcollective collectives = mcollective # ActiveMQ connector settings: connector = activemq plugin.activemq.heartbeat_interval = 30 plugin.activemq.pool.size = 1 plugin.activemq.pool.1.host = puppet.example.com plugin.activemq.pool.1.port = 61614 plugin.activemq.pool.1.user = server plugin.activemq.pool.1.password = h3Vh7JGGkyWxuehCvScXRwZmIZYRHtDDDxuS1W68XAQ= plugin.activemq.pool.1.ssl = true plugin.activemq.pool.1.ssl.fallback = true # Send these messages to keep the Stomp connection alive. # This solves NAT and firewall timeout problems. registerinterval = 600 # Security provider securityprovider = psk plugin.psk = y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw= # Facts factsource = yaml plugin.yaml = /etc/puppetlabs/mcollective/facts.yaml # Puppet resource control plugin.puppet.resource_allow_managed_resources = true plugin.puppet.resource_type_whitelist = none # Logging logger_type = syslog loglevel = info logfacility = user

Mcollective client.cfg 

 # Connector libdir = /usr/libexec/mcollective libdir = /opt/puppetlabs/mcollective/plugins direct_addressing = 1 main_collective = mcollective collectives = mcollective connector = activemq plugin.activemq.heartbeat_interval = 30 plugin.activemq.pool.size = 1 plugin.activemq.pool.1.host = puppet.example.com plugin.activemq.pool.1.port = 61614 plugin.activemq.pool.1.user = client plugin.activemq.pool.1.password = VpOS62qqpH3NEVEtP8rQsS2tpq6xwgOJEXsABjYDvoI= plugin.activemq.pool.1.ssl = true plugin.activemq.pool.1.ssl.fallback = true # Security provider securityprovider = psk plugin.psk = y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw= plugin.psk.callertype = uid # Discovery default_discovery_method = mc direct_addressing_threshold = 10 default_discovery_options = # Miscellaneous settings color = 1 rpclimitmethod = first # Performance settings direct_addressing_threshold = 10 ttl = 60 # Logging logger_type = console loglevel = warn

我也有同样的确切问题,但我发现在/etc/puppetlabs/mcollective/server.cfg和mcollective / puppet上的/etc/puppetlabs/mcollective/client.cfg中添加以下内容(如下所示)服务器解决我的问题。 请务必重新启动mcollective服务以实现效果。

我把这个添加到client.cfg / server.cfg文件中: 

 plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/puppet/ssl/private_keys/puppet.esxi.com.pem plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/puppet/ssl/certs/puppet.esxi.com.pem

在我添加条目之前: 

 [root@puppet ~]# mco ping warn 2016/11/30 09:02:29: activemq.rb:374:in `rescue in ssl_parameters' Failed to set full SSL verified mode, falling back to u nverified: RuntimeError: cert, key and ca has to be supplied for verified SSL mode media.center time=13.37 ms dns1 time=53.16 ms puppet.esxi.com time=53.84 ms keeppass time=54.47 ms splunk time=55.11 ms lychee time=55.78 ms nfs-share time=56.41 ms dns2 time=57.09 ms ansible time=57.68 ms

之后: 

 [root@puppet ~]# mco ping media.center time=13.44 ms keeppass time=53.12 ms nfs-share time=54.44 ms puppet.esxi.com time=55.37 ms dns2 time=56.15 ms ansible time=56.94 ms dns1 time=57.76 ms splunk time=58.57 ms lychee time=59.38 ms