【发布时间】:2015-01-03 02:58:21
【问题描述】:
我正在尝试使用 yum cookbook 作为依赖项在 CentOs 机器上安装 nginx。
这就是我的 nginx/recipe/default.rb 的样子,
#
# Cookbook Name:: nginxl
# Recipe:: default
#
# Copyright 2014, YOUR_COMPANY_NAME
#
# All rights reserved - Do Not Redistribute
#
include_recipe "yum"
case node["platform"] #Create Yum Repository for Nginx
when "redhat"
yum_repository "nginx" do
name 'nginx_repo'
baseurl 'http://nginx.org/packages/rhel/7/$basearch/';
enabled true
gpgcheck false
action :create
end
when "centos"
yum_repository "nginx" do
name 'nginx_repo'
baseurl 'http://nginx.org/packages/centos/7/$basearch/';
enabled true
gpgcheck false
action :create
end
end
package "nginx" do #Install Nginx package
version "1.6.2-1.el7.ngx"
action :install
end
template "nginx.conf" do #Create Nginx Configuration in the specified path
source "nginx.conf.erb"
path "#{node['nginx']['dir']}/nginx.conf"
action :create
mode 0644
end
template "default.conf" do #Create SSL,Proxy,Logs configuration in the specified path
source "default.conf.erb"
path "#{node['nginx']['dir']}/conf.d/default.conf"
action :create
mode 0644
end
directory "#{node['nginx']['ssl_directory']}" do
action :create
end
cookbook_file "nginx.crt" do #Drops the SSL Certificate from Files to the specified path.
path "#{node['nginx']['ssl_directory']}/nginx.crt"
action :create
end
cookbook_file "nginx.key" do #Drops the SSL Key from Files to the specified path.
path "#{node['nginx']['ssl_directory']}/nginx.key"
action :create
end
service "nginx" do
supports :restart => :true
action [:enable, :start]
end
在客户端服务器上尝试运行“sudo chef-client”时,我收到以下错误:
[centos@ip-172-31-26-206 ~]$ sudo chef-client
[2015-01-02T05:49:19+00:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.
To fix this issue add an entry like this to your configuration file:
```
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer
# OR, Verify only connections to chef-server
verify_api_cert true
```
To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:
```
knife ssl check -c /etc/chef/client.rb
```
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Starting Chef Client, version 11.16.4
resolving cookbooks for run list: ["yum", "nginx"]
Synchronizing Cookbooks:
- yum
- nginx
Compiling Cookbooks...
Converging 9 resources
Recipe: yum::default
* yum_globalconfig[/etc/yum.conf] action create
* template[/etc/yum.conf] action create (up to date)
(up to date)
Recipe: nginx::default
* yum_repository[nginx_repo] action create
* template[/etc/yum.repos.d/nginx_repo.repo] action create (up to date)
* execute[yum-makecache-nginx_repo] action nothing (skipped due to action :nothing)
* ruby_block[yum-cache-reload-nginx_repo] action nothing (skipped due to action :nothing)
(up to date)
* package[nginx] action install (up to date)
* template[nginx.conf] action create (up to date)
* template[default.conf] action create (up to date)
* directory[/etc/nginx/ssl] action create (up to date)
* cookbook_file[nginx.crt] action create (up to date)
* cookbook_file[nginx.key] action create (up to date)
* service[nginx] action enable (up to date)
* service[nginx] action start
================================================================================
Error executing action `start` on resource 'service[nginx]'
================================================================================
Chef::Exceptions::Exec
----------------------
/bin/systemctl start nginx returned 1, expected 0
Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/nginx/recipes/default.rb
67: service 'nginx' do
68: supports :restart => :true
69: action [:enable, :start]
70: end
Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/nginx/recipes/default.rb:67:in `from_file'
service("nginx") do
provider Chef::Provider::Service::Systemd
action [:enable, :start]
supports {:restart=>:true}
retries 0
retry_delay 2
guard_interpreter :default
service_name "nginx"
enabled true
pattern "nginx"
cookbook_name "nginx"
recipe_name "default"
end
Running handlers:
[2015-01-02T05:49:21+00:00] ERROR: Running exception handlers
Running handlers complete
[2015-01-02T05:49:21+00:00] ERROR: Exception handlers complete
[2015-01-02T05:49:21+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 2.227299679 seconds
[2015-01-02T05:49:21+00:00] ERROR: service[nginx] (nginx::default line 67) had an error:
Chef::Exceptions::Exec: /bin/systemctl start nginx returned 1, expected 0
[2015-01-02T05:49:21+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
编辑:只有当我在我的 nginx.conf 中为目录 lisitng 添加以下代码时才会发生这种情况
server {
listen 443;
server_name <%= node['nginx']['server_name'] %>;
location / {
source <%= node['nginx']['source'] %>;
autoindex on;
}
}
【问题讨论】:
-
nginx 日志说什么?似乎服务无法启动,可能是由于缺少属性或证书中的某些内容而导致配置中的错误指令(您没有为证书文件设置所有者或模式,我不确定 nginx 是否允许这样做)。
-
它运行良好,但是当我将以下代码添加到 nginx.conf 文件时,出现问题:
server { listen 443; server_name <%= node['nginx']['server_name'] %>; location /{ source <%= node['nginx']['source'] %>; autoindex on; } } -
编辑你的问题,cmets 不利于代码格式化,而且读起来很乱。属性定义是否正确,
node['nginx']['server_name']是否正确解析为此服务器上的 IP?厨师运行后的结果配置是否符合您的预期以及 nginx 错误日志中的内容是否未启动?我很确定它会告诉你出了什么问题。 -
好的,我会检查nginx错误日志。
-
nginx 错误日志:
2015/01/02 05:49:21 [emerg] 11196#0: unknown directive "source" in /etc/nginx/nginx.conf:30
标签: nginx chef-infra cookbook