java - JClouds-Chef 未引导和配置虚拟机

Question

我正在尝试获取以下内容JClouds-Chef代码 (v1.7.3) 在全新的 Linux VM 上引导 Chef 客户端，然后执行运行列表以使用应用程序堆栈实际配置该 VM (典型_app):

public class ChefPlugin {
    public static void main(String[] args) {
        ChefPlugin.provision();
        System.out.println("And done!");
        System.exit(0);
    }

    public static provision() {
        String vmIp = "myapp01";
        String vmSshUsername = "myadmin";
        String vmSshPassword = "12345";

        String endpoint = "https://mychefserver";
        String client = "myuser";
        String validator = "chef-validator";
        String clientCredential = Files.toString(new File("C:\\Users\\myuser\\sandbox\\chef\\myuser.pem"), Charsets.UTF_8);
        String validatorCredential = Files.toString(new File("C:\\Users\\myuser\\sandbox\\chef\\chef-validator.pem"), Charsets.UTF_8);

        Properties props = new Properties();
        props.put(ChefProperties.CHEF_VALIDATOR_NAME, validator);
        props.put(ChefProperties.CHEF_VALIDATOR_CREDENTIAL, validatorCredential);
        props.put(Constants.PROPERTY_RELAX_HOSTNAME, "true");
        props.put(Constants.PROPERTY_TRUST_ALL_CERTS, "true");

        System.out.println("Setup complete.");

        ChefContext ctx = ContextBuilder.newBuilder("chef")
            .endpoint(endpoint)
            .credentials(client, clientCredential)
            .overrides(props)
            .modules(ImmutableSet.of(new SshjSshClientModule())) //
            .buildView(ChefContext.class);
        ChefService chef = ctx.getChefService();

        List<String> runlist = new RunListBuilder().addRole("typicalapp").build();

        ArrayList<String> runList2 = new ArrayList<String>();
        for(String item : runlist) {
            runList2.add(item);
        }

        BootstrapConfig bootstrapConfig = BootstrapConfig.builder().runList(runList2).build();

        System.out.println("Configured the bootstrapper.");

        chef.updateBootstrapConfigForGroup("jclouds-chef", bootstrapConfig);
        Statement bootstrap = chef.createBootstrapScriptForGroup("jclouds-chef");
        SshClient.Factory sshFactory = ctx.unwrap().utils()
            .injector().getInstance(Key.get(new TypeLiteral<SshClient.Factory>() {}));
        SshClient ssh = sshFactory.create(HostAndPort.fromParts(vmIp, 22),
        LoginCredentials.builder().user(vmSshUsername).password(vmSshPassword).build());

        ssh.connect();

        System.out.println("Connected to SSH.");
        try {
            String rawScript = bootstrap.render(OsFamily.UNIX);
            System.out.println("Raw script rendered.");
            ExecResponse result = ssh.exec(rawScript);

            System.out.println("Bootstrap script executed...");
        } catch(Throwable t) {
            System.out.println("Exception: " + t.getMessage());
        } finally {
            ssh.disconnect();
            System.out.println("SSH closed.");
        }
    }
}

当我运行此命令时，我从 SLF4J 获得以下输出:

Setup complete.
Configured the bootstrapper.
[main] INFO net.schmizz.sshj.common.SecurityUtils - BouncyCastle registration succeeded
[main] WARN net.schmizz.sshj.DefaultConfig - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
[main] INFO net.schmizz.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0_8_1_SNAPSHOT
[main] INFO net.schmizz.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1
Connected to SSH.
Raw script rendered.
[main] INFO net.schmizz.sshj.connection.channel.direct.SessionChannel - Will request to exec `setupPublicCurl || exit 1
curl -q -s -S -L --connect-timeout 10 --max-time 600 --retry 20 -X GET  https://www.opscode.com/chef/install.sh |(bash)
mkdir -p /etc/chef
cat >> /etc/chef/client.rb <<-'END_OF_JCLOUDS_FILE'
    require 'rubygems'
    require 'ohai'
    o = Ohai::System.new
    o.all_plugins
    node_name "jclouds-chef-" + o[:ipaddress]
    log_level :info
    log_location STDOUT
    validation_client_name "chef-validator"
    chef_server_url "https://mychefserver"
END_OF_JCLOUDS_FILE
cat >> /etc/chef/validation.pem <<-'END_OF_JCLOUDS_FILE'
    -----BEGIN RSA PRIVATE KEY-----
    <omitted for security purposes>
    -----END RSA PRIVATE KEY-----

END_OF_JCLOUDS_FILE
cat >> /etc/chef/first-boot.json <<-'END_OF_JCLOUDS_FILE'
    {"id":"jclouds-chef","run_list":["role[typical_app]"]}
END_OF_JCLOUDS_FILE
chef-client -j /etc/chef/first-boot.json
`
Bootstrap script executed...
[main] INFO net.schmizz.sshj.transport.TransportImpl - Disconnected - BY_APPLICATION
SSH closed.
And done!

当我通过 SSH 连接到服务器 (myapp01) 时，如果我运行 which ruby​​，我会看到 Ruby 已安装。然而，which Chef-client 不产生输出，which java 也不产生输出。服务器上也没有 /etc/chef 目录。这让我认为我的代码只部分工作，并且可能只在虚拟机上安装 Ruby，而没有其他任何东西。最重要的是，除非我在“And did!”打印语句之后放置一个 System.exit(0) ，否则代码永远不会退出。这让我觉得有一个后台/工作线程(可能是一个 SSH 进程在服务器上做某事)没有返回/完成。

这里没有抛出任何错误或异常。

我的问题:

1. 谁能明白为什么这段代码不起作用(我的意思是，“工作”似乎只是部分安装了 Chef 客户端，甚至没有安装 Java，而 Java 是典型_app 角色)？
2. 我的代码中是否遗漏了任何阻止后台线程完成的内容？为什么它永远不会退出？

要重现，请使用以下 Maven POM 获取依赖项，然后完全按照原样运行上面的代码(只需使用您自己的 Chef 服务器和 Linux VM)。

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <properties>
        <jclouds.version>1.7.3</jclouds.version>
    </properties>
    <groupId>com.mycompany.app</groupId>
    <artifactId>my-app</artifactId>
    <version>1.0-SNAPSHOT</version>
    <dependencies>
        <dependency>
            <groupId>org.apache.jclouds.driver</groupId>
            <artifactId>jclouds-sshj</artifactId>
            <version>${jclouds.version}</version>
        </dependency>
        <dependency>
            <groupId>org.apache.jclouds.api</groupId>
            <artifactId>chef</artifactId>
            <version>${jclouds.version}</version>
        </dependency>
    </dependencies>
</project>

更新:这是我在运行 @Ignasi Barrera 的建议更改后得到的 /tmp/stderr 文件:

--2014-07-22 10:58:14--  https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/13.04/x86_64/chef_11.12.8-2_amd64.deb
Resolving opscode-omnibus-packages.s3.amazonaws.com (opscode-omnibus-packages.s3.amazonaws.com)... 176.32.100.240
Connecting to opscode-omnibus-packages.s3.amazonaws.com (opscode-omnibus-packages.s3.amazonaws.com)|176.32.100.240|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 33399362 (32M) [application/x-debian-package]
Saving to: ‘/tmp/install.sh.10185/chef_11.12.8-2_amd64.deb’

    0K .......... .......... .......... .......... ..........  0%  908K 36s
   50K .......... .......... .......... .......... ..........  0% 1.13M 32s
  100K .......... .......... .......... .......... ..........  0% 26.9M 22s
  150K .......... .......... .......... .......... ..........  0% 1.36M 22s
  200K .......... .......... .......... .......... ..........  0% 17.2M 18s
... omitted for brevity
32400K .......... .......... .......... .......... .......... 99% 2.64M 0s
32450K .......... .......... .......... .......... .......... 99% 26.2M 0s
32500K .......... .......... .......... .......... .......... 99% 31.9M 0s
32550K .......... .......... .......... .......... .......... 99% 6.12M 0s
32600K .......... ......                                     100% 4.09M=7.1s

2014-07-22 10:58:22 (4.49 MB/s) - ‘/tmp/install.sh.10185/chef_11.12.8-2_amd64.deb’ saved [33399362/33399362]

Answer 1

这里的主要挑战是您尝试在不使用 jclouds 计算服务的情况下在节点上运行脚本。该代码使用 jclouds-chef 生成一条语句，但该语句假定由 jclouds 计算服务执行，该服务有自己的机制来呈现其执行的脚本。

为了获取完整的原始脚本并能够使用原始 SSH 连接直接执行它，必须手动完成一些操作。特别是，jclouds-chef 脚本假设定义了一些 bash 函数，而以这种方式呈现脚本时这些函数会丢失。

您应该按如下方式更改 rawString 字符串的创建:

StringBuilder rawScript = new StringBuilder();

Map<String, String> resolvedFunctions = ScriptBuilder.resolveFunctionDependenciesForStatements(
    new HashMap<String, String>(), ImmutableSet.of(bootstrap), OsFamily.UNIX);

ScriptBuilder.writeFunctions(resolvedFunctions, OsFamily.UNIX, rawScript);
rawScript.append(bootstrap.render(OsFamily.UNIX));

ssh.put("/tmp/chef-bootstrap.sh", rawScript.toString());
ExecResponse result = ssh.exec("bash /tmp/chef-bootstrap.sh");

这样最终的脚本将具有所有依赖的函数。另请注意，我没有直接运行脚本，而是更改了代码以上传它，然后在本地运行该文件。这将帮助您排除脚本失败时发生的问题。

另请注意，该脚本将在每次运行时生成 /etc/chef 目录的内容，因此在再次运行之前，您可能需要删除该目录。