1. 首页
  2. 问答
  3. 无法以非root用户身份运行Chef cron recipe

无法以非root用户身份运行Chef cron recipe

2016-11-07 99 views
0

我站在一个新的环境中,Chef节点必须以非root用户身份运行chef-client。 (我创建了一个chef-userrwx的权限/etc/chef/client.rb点每another SO question正确的客户端密钥)。下面是我的测试配方:无法以非root用户身份运行Chef cron recipe

cron "clientrun2m" do 
    minute '*/2' 
    command "/bin/chef-client" 
    action :create 
    user "chef-user" 
end

当我登录到目标节点为chef-user,我尝试(失败)执行chef-client(不与sudo)并获取以下信息。看起来错误在于资源的聚合,与用户权限或私钥无关。 (我可以运行这个食谱,减去user "chef-user"行,并且在另一个节点上没有问题的情况下sudo'd)。为什么这个配方不适合我的非root用户?

Installing Cookbook Gems: 
Compiling Cookbooks... 
Converging 2 resources 
Recipe: cron-delvalidate2m::2min_cu 
    * cron[clientrun2m] action create[2016-11-07T11:53:22-05:00] INFO: Processing cron[clientrun2m] action create (cron-delvalidate2m::2min_cu line 7) 


    ================================================================================ 
    Error executing action `create` on resource 'cron[clientrun2m]' 
    ================================================================================ 

    Chef::Exceptions::Cron 
    ---------------------- 
    Error updating state of clientrun2m, exit: 1 

    Resource Declaration: 
    --------------------- 
    # In /home/chef-user/.chef/cache/cookbooks/cron-delvalidate2m/recipes/2min_cu.rb 

     7: cron "clientrun2m" do 
     8: minute '*/2' 
     9: command "/bin/chef-client" 
    10: action :create 
    11: user "chef-user" 
    12: end 
    13: 

    Compiled Resource: 
    ------------------ 
    # Declared in /home/chef-user/.chef/cache/cookbooks/cron-delvalidate2m/recipes/2min_cu.rb:7:in `from_file' 

    cron("clientrun2m") do 
     action [:create] 
     retries 0 
     retry_delay 2 
     default_guard_interpreter :default 
     minute "*/2" 
     hour "*" 
     day "*" 
     month "*" 
     weekday "*" 
     command "/bin/chef-client" 
     user "chef-user" 
     declared_type :cron 
     cookbook_name "cron-delvalidate2m" 
     recipe_name "2min_cu" 
    end 

    Platform: 
    --------- 
    x86_64-linux 

[2016-11-07T11:53:22-05:00] INFO: Running queued delayed notifications before re-raising exception 

Running handlers: 
[2016-11-07T11:53:22-05:00] ERROR: Running exception handlers 
Running handlers complete 
[2016-11-07T11:53:22-05:00] ERROR: Exception handlers complete 
Chef Client failed. 0 resources updated in 01 seconds 
[2016-11-07T11:53:22-05:00] INFO: Sending resource update report (run-id: 92566ddb-e078-44b2-b862-be34da4a18b4) 
[2016-11-07T11:53:22-05:00] INFO: Unable to access cache at /var/chef. Switching cache to /home/chef-user/.chef 
[2016-11-07T11:53:22-05:00] INFO: Unable to access cache at /var/chef. Switching cache to /home/chef-user/.chef 
[2016-11-07T11:53:22-05:00] FATAL: Stacktrace dumped to /home/chef-user/.chef/cache/chef-stacktrace.out 
[2016-11-07T11:53:22-05:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report 
[2016-11-07T11:53:22-05:00] ERROR: cron[clientrun2m] (cron-delvalidate2m::2min_cu line 7) had an error: Chef::Exceptions::Cron: Error updating state of clientrun2m, exit: 1 
[2016-11-07T11:53:22-05:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

并引用上面第三行到最后一行中提到的stacktrace.out文件。

[[email protected] ~]$ cat /home/chef-user/.chef/cache/chef-stacktrace.out 
Generated at 2016-11-07 11:53:22 -0500 
Chef::Exceptions::Cron: cron[clientrun2m] (cron-delvalidate2m::2min_cu line 7) had an error: Chef::Exceptions::Cron: Error updating state of clientrun2m, exit: 1 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:231:in `write_crontab' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:157:in `block in action_create' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/mixin/why_run.rb:52:in `add_action' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider.rb:176:in `converge_by' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:156:in `action_create' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider.rb:145:in `run_action' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource.rb:603:in `run_action' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:69:in `run_action' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `block (2 levels) in converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `each' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `block in converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/resource_list.rb:94:in `block in execute_each_resource' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:85:in `step' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/resource_list.rb:92:in `execute_each_resource' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:96:in `converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:669:in `block in converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:664:in `catch' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:664:in `converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:703:in `converge_and_save' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:283:in `run' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:302:in `block in fork_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:290:in `fork' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:290:in `fork_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:255:in `block in run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/local_mode.rb:44:in `with_server_connectivity' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:243:in `run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:451:in `block in interval_run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:450:in `loop' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:450:in `interval_run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:434:in `run_application' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:60:in `run' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/bin/chef-client:26:in `<top (required)>' 
/bin/chef-client:54:in `load' 
/bin/chef-client:54:in `<main>' 

>>>> Caused by Chef::Exceptions::Cron: Error updating state of clientrun2m, exit: 1 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:231:in `write_crontab' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:157:in `block in action_create' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/mixin/why_run.rb:52:in `add_action' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider.rb:176:in `converge_by' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:156:in `action_create' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider.rb:145:in `run_action' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource.rb:603:in `run_action' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:69:in `run_action' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `block (2 levels) in converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `each' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `block in converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/resource_list.rb:94:in `block in execute_each_resource' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:85:in `step' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/resource_list.rb:92:in `execute_each_resource' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:96:in `converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:669:in `block in converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:664:in `catch' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:664:in `converge' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:703:in `converge_and_save' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:283:in `run' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:302:in `block in fork_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:290:in `fork' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:290:in `fork_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:255:in `block in run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/local_mode.rb:44:in `with_server_connectivity' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:243:in `run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:451:in `block in interval_run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:450:in `loop' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:450:in `interval_run_chef_client' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:434:in `run_application' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:60:in `run' 
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/bin/chef-client:26:in `<top (required)>' 
/bin/chef-client:54:in `load'

来源

2016-11-07 yamori

+0

作为日志(两个致命级行)在声明添加到crontab

# Removes any crontab job of 'chef-client' before inserting the new 'chef-client' crontab job (for every 2 mins) execute "clientrun2m" do command "crontab -l | grep -v chef-client | crontab - && (crontab -l; echo \"*/2 * * * * /bin/chef-client\") | crontab -" action :run end # Delete the validation.pem for security reasons file "/etc/chef/validation.pem" do action :delete end

删除厨师的客户端,堆栈跟踪将很有助于找到失败的根本原因。看起来像更换crontab时的错误(或者写错了地方,假设为root),但是通过提供帮助我们来帮助你,而不必重现它。 – Tensibai

+0

相关的代码应该是[这里](read_crontab)尝试命令'crontab -l -u chef-user'作为'chef-user',看看它是否有错误。 – Tensibai

+0

@Tensibai,道歉我第一次读取输出时错过了堆栈跟踪文件。现附上。当我运行你的'crontab'时,我得到了“必须有特权才能使用-u”,看起来像这是一个[未解决的问题或争议点] [1]与Chef的cron provider [1]:https:// github。 com/chef/chef/issues/2491 – yamori

回答

0

我找到了this open issue。当指定非root用户时,厨师的cron提供程序不会与节点的crontab命令正确对接。修正可能在积压。

对于我自己的用途,我需要让我的节点以非root用户身份运行。我能够破解一些自定义食谱来复制我需要的功能。

RECIPE1:厨师客户端从crontab中

# Removes any crontab job of 'chef-client' 
execute "clientrun2m" do 
    command "crontab -l | grep -v chef-client | crontab -" 
    action :run 
end 

# Delete the validation.pem for security reasons 
file "/etc/chef/validation.pem" do 
    action :delete 
end

来源

2016-11-07 22:23:57 yamori

+0

作为一种解决方法,此答案是正确的,但仅仅是为了说明它:除非有人为我们更新补丁程序,否则这不太可能被修复。一般来说,我们只是支持(如投入了大量改进资源),因为工作站管理和cron的非root用户正在运行,但在该用例中并没有太多提及。对不起,我建议您解决,如果你可以切换到以root身份运行Chef。 – coderanger

+0

@coderanger,抱歉挑剔,但为了清晰起见:“...一般[厨师?]只能真正支持作为工作站管理的[root?]运行......”?否则,你能澄清你的第二句话,也许特定于cron?谢谢。 – yamori

+1

是的,我们==厨师维护者。主要的非根用例用于Mac和Windows工作站管理,为此,我们都确保事情顺利进行,并有足够的用户告诉我们什么时候中断。作为非root用户在Chef中做unix-y server-y的东西只是一个很小的领域,所以没有经过很好的测试,也没有太多的开发时间。 – coderanger

相关问题

 相关问题