Estou tentando configurar o MCollective usando o módulo jorhett/puppet-mcollective, de acordo com o manual do livro "Learning Puppet 4". Estou recebendo o seguinte erro após executar "mco ping", "mco inventary node_name" etc.
warning 2016/08/11 07:21:19: activemq.rb:346:in `rescue in ssl_parameters' Falha ao definir o modo verificado SSL completo, voltando para não verificado: RuntimeError: cert, key e ca devem ser fornecidos para verificado modo SSL
Aqui estão minhas configurações: Hiera hostname/puppetserver.yaml
# hostname/puppetserver.yaml
classes:
- mcollective::middleware
- mcollective::client
# Middleware configuration
mcollective::client_password: 'VpOS62qqpH3NEVEtP8rQsS2tpq6xwgOJEXsABjYDvoI='
mcollective::middleware::keystore_password: 'k7Dj+On3xGmQPX7CuCxgXaOFwHZFdKICeQQFpWlzg6E='
mcollective::middleware::truststore_password: 'k7Dj+On3xGmQPX7CuCxgXaOFwHZFdKICeQQFpWlzg6E='
Hiera common.yaml
---
puppet::status: 'running'
puppet::enabled: true
# every node installs the server
classes:
- mcollective::server
# The Puppet Server will host the middleware
mcollective::hosts:
- 'puppet.example.com'
mcollective::collectives:
- 'mcollective'
mcollective::connector: 'activemq'
mcollective::connector_ssl: true
mcollective::connector_ssl_type: 'anonymous'
# Access passwords
mcollective::server_password: 'h3Vh7JGGkyWxuehCvScXRwZmIZYRHtDDDxuS1W68XAQ='
mcollective::psk_key: 'y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw='
mcollective::facts::cronjob::run_every: 10
mcollective::server::package_ensure: 'latest'
mcollective::plugin::agents:
puppet:
version: 'latest'
mcollective::client::unix_group: vagrant
mcollective::client::package_ensure: 'latest'
mcollective::plugin::clients:
puppet:
version: 'latest'
Mcollective server.cfg
# /etc/mcollective/server.cfg
libdir = /usr/libexec/mcollective
libdir = /opt/puppetlabs/mcollective/plugins
classesfile = /opt/puppetlabs/puppet/cache/state/classes.txt
daemonize = 1
direct_addressing = 1
main_collective = mcollective
collectives = mcollective
# ActiveMQ connector settings:
connector = activemq
plugin.activemq.heartbeat_interval = 30
plugin.activemq.pool.size = 1
plugin.activemq.pool.1.host = puppet.example.com
plugin.activemq.pool.1.port = 61614
plugin.activemq.pool.1.user = server
plugin.activemq.pool.1.password = h3Vh7JGGkyWxuehCvScXRwZmIZYRHtDDDxuS1W68XAQ=
plugin.activemq.pool.1.ssl = true
plugin.activemq.pool.1.ssl.fallback = true
# Send these messages to keep the Stomp connection alive.
# This solves NAT and firewall timeout problems.
registerinterval = 600
# Security provider
securityprovider = psk
plugin.psk = y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw=
# Facts
factsource = yaml
plugin.yaml = /etc/puppetlabs/mcollective/facts.yaml
# Puppet resource control
plugin.puppet.resource_allow_managed_resources = true
plugin.puppet.resource_type_whitelist = none
# Logging
logger_type = syslog
loglevel = info
logfacility = user
Mcollective client.cfg
# Connector
libdir = /usr/libexec/mcollective
libdir = /opt/puppetlabs/mcollective/plugins
direct_addressing = 1
main_collective = mcollective
collectives = mcollective
connector = activemq
plugin.activemq.heartbeat_interval = 30
plugin.activemq.pool.size = 1
plugin.activemq.pool.1.host = puppet.example.com
plugin.activemq.pool.1.port = 61614
plugin.activemq.pool.1.user = client
plugin.activemq.pool.1.password = VpOS62qqpH3NEVEtP8rQsS2tpq6xwgOJEXsABjYDvoI=
plugin.activemq.pool.1.ssl = true
plugin.activemq.pool.1.ssl.fallback = true
# Security provider
securityprovider = psk
plugin.psk = y2Z2BzcsRFXCBidywQafyJoELH5bIkmZzXGssLLMVsw=
plugin.psk.callertype = uid
# Discovery
default_discovery_method = mc
direct_addressing_threshold = 10
default_discovery_options =
# Miscellaneous settings
color = 1
rpclimitmethod = first
# Performance settings
direct_addressing_threshold = 10
ttl = 60
# Logging
logger_type = console
loglevel = warn
Eu também estava tendo exatamente os mesmos problemas, mas descobri que adicionar o seguinte (mostrado abaixo) tanto no quanto no
/etc/puppetlabs/mcollective/server.cfgservidor/etc/puppetlabs/mcollective/client.cfgmcollective/puppet resolveu meu problema. Certifique-se de reiniciar omcollectiveserviço para que o efeito ocorra.Eu adicionei isso aos arquivos
client.cfg/ :server.cfgAntes de adicionar as entradas:
Mais tarde: