Chef集中管理工具实践之 (1) 环境部署


目录结构
Chef集中管理工具实践之 (0) 什么是Chef
Chef集中管理工具实践之 (1) 环境部署
Chef集中管理工具实践之 (2) 服务器配置
Chef集中管理工具实践之 (3) 自定义配置

本文内容
Chef集中配置管理工具实践之 (1) 环境部署

参考资料
http://wiki.opscode.com/pages/viewpage.action?pageId=24773429
http://wiki.opscode.com/display/chef/Installing+Chef+Server+on+Debian+or+Ubuntu+using+Packages
http://wiki.opscode.com/display/chef/Workstation+Setup+for+Debian+and+Ubuntu
http://wiki.opscode.com/display/chef/Knife+Bootstrap

环境介绍
OS: Ubuntu 10.10 Server 64-bit //经过验证在12.04.1以及12.10上也成功实现部署。
Servers:
chef-server:10.6.1.170
chef-workstation:10.6.1.171
chef-client-1:10.6.1.172
chef-client-2:10.6.1.173

1. 安装配置Chef Server
编辑hosts
ubuntu@chef-server:~$ sudo vim /etc/hosts

127.0.0.1	localhost

10.6.1.170 chef-server
10.6.1.171 chef-workstation
10.6.1.172 chef-client-1
10.6.1.173 chef-client-2

注意:
将本机的hostname在/etc/hosts中添加一条IP解析记录,这一点非常重要。
因为后面在安装chef-server的过程中,会首先安装rabbitmq-server,缺少该解析记录的话,会导致rabbitma-server启动失败,进而影响到所有其它chef-server软件包的正常安装,如果不清楚这一点的话,会给问题的排查带来很大的不便。

创建 /etc/apt/sources.list.d/opscode.list
ubuntu@chef-server:~$ sudo echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" | sudo tee /etc/apt/sources.list.d/opscode.list

添加GPG Key
ubuntu@chef-server:~$ sudo mkdir -p /etc/apt/trusted.gpg.d
ubuntu@chef-server:~$ sudo gpg --keyserver keys.gnupg.net --recv-keys 83EF826A
ubuntu@chef-server:~$ sudo gpg --export packages@opscode.com | sudo tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null

ubuntu@chef-server:~$ sudo apt-get update
ubuntu@chef-server:~$ sudo apt-get install opscode-keyring

安装NTP时间服务器,Chef需要确保workstation与所有client与server的时钟一致
ubuntu@chef-server:~$ sudo apt-get install ntp

更新现有系统
ubuntu@chef-server:~$ sudo apt-get upgrade

安装chef-server软件包
ubuntu@chef-server:~$ sudo apt-get install chef chef-server

输入URL: http://chef-server:4000

输入密码: chef-server

该过程执行了如下过程:
安装Chef Server以及所依赖的软件包如Merb,CouchDB,RabbitMQ等共300多个软件包
启动CouchDB,RabbitMQ
启动chef-server-api并运行在4000端口
启动chef-server-webui并运行在4040端口
启动chef-solr-indexer并自动连接到rabbitmq-server
启动chef-solr,chef-client
在目录/etc/chef中创建相关的配置文件

安装完成后检查并确认以下端口:
Chef Server - 4000
Chef Server WebUI - 4040
CouchDB - 5984
RabbitMQ - 5672
Chef Solr - 8983

ubuntu@chef-server:~$ sudo netstat -lntp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp   0   0 0.0.0.0:22          0.0.0.0:*          LISTEN      11402/sshd               
tcp   0   0 0.0.0.0:4000        0.0.0.0:*          LISTEN      31998/merb : chef-s  
tcp   0   0 0.0.0.0:4040        0.0.0.0:*          LISTEN      32168/merb : chef-s
tcp   0   0 0.0.0.0:5672        0.0.0.0:*          LISTEN      30470/beam
tcp   0   0 127.0.0.1:5984      0.0.0.0:*          LISTEN      30518/beam      
tcp   0   0 0.0.0.0:41891       0.0.0.0:*          LISTEN      30128/beam        
tcp6  0   0 :::22               :::*               LISTEN      11402/sshd      
tcp6  0   0 127.0.0.1:8983      :::*               LISTEN      31760/java
...

登陆Web UI

地址:http://chef-server:4040 (正常访问需要在本地电脑的hosts中添加“10.6.1.170 chef-server”)
账号:admin
密码:chef-server

安装配置knife命令行工具
ubuntu@chef-server:~$ mkdir -p ~/.chef
ubuntu@chef-server:~$ sudo cp /etc/chef/validation.pem /etc/chef/webui.pem ~/.chef
ubuntu@chef-server:~$ sudo chown -R $USER ~/.chef

ubuntu@chef-server:~$ knife configure -i

WARNING: No knife configuration file found
Where should I put the config file? [/home/ubuntu/.chef/knife.rb] 
Please enter the chef server URL: [http://chef-server:4000] http://chef-server:4000
Please enter a clientname for the new client: [ubuntu] 
Please enter the existing admin clientname: [chef-webui] 
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem] .chef/webui.pem
Please enter the validation clientname: [chef-validator] 
Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem
Please enter the path to a chef repository (or leave blank): 
Creating initial API user...
Created client[ubuntu]
Configuration file written to /home/ubuntu/.chef/knife.rb

执行knife命令,检查是否能连接到指定的Chef Server
ubuntu@chef-server:~$ knife client list

  chef-validator
  chef-webui
  ubuntu

ubuntu@chef-server:~$ knife cookbook list

ubuntu@chef-server:~$ sudo apt-get install ntp

为工作站安装并配置Knife Client
ubuntu@chef-server:~$ knife client create chef-workstation -d -a -f /home/ubuntu/.chef/chef-workstation.pem

Created client[chef-workstation]

ubuntu@chef-server:~$ knife client show chef-workstation

_rev:        1-2a52b9416bad08b697e9c644a0aea4cc
admin:       true
chef_type:   client
json_class:  Chef::ApiClient
name:        chef-workstation
public_key:  -----BEGIN RSA PUBLIC KEY-----
             MIIBCgKCAQEA1RAa+jf733FtoTv64msykO3/SEe8G/YhPgA2S3NfWdgh+LbuhCdT
             9IjX3Hio3U/rj6VGeICJkCfWZy7NM9pTaPzH+gJdFbkLrLW1GSoEKMJ/f9IkxRcS
             7vdySU05IrPOF9PqcMvrME4xYzsFzIXDz1CbWBs08SuMfjP9qHfeStfBQaoQ8rLp
             mOGI0VMOU/CrlfNsAPLbUgVVylKfcmop1dCO6My53xW/qogfg/8Af0qtk7tyjVFi
             K+umCjmHmtW09qg5467p7xf4WSUYh076pb3ofbTi0o3VJi8Dz+qGISjvAVf3Y1As
             mwkam0IBM5sK41r/Suki9UQanKWsiDm0CQIDAQAB
             -----END RSA PUBLIC KEY-----

2. 安装配置chef-workstation
编辑hosts
ubuntu@chef-workstation:~$ vim /etc/hosts

127.0.0.1	localhost

10.6.1.170 chef-server
10.6.1.171 chef-workstation
10.6.1.172 chef-client-1
10.6.1.173 chef-client-2

安装Ruby与其它依赖包
ubuntu@chef-workstation:~$ sudo apt-get install ruby ruby-dev libopenssl-ruby rdoc ri irb build-essential wget ssl-cert curl

安装RubyGems
ubuntu@chef-workstation:~$ cd /tmp
ubuntu@chef-workstation:~$ curl -O http://production.cf.rubygems.org/rubygems/rubygems-1.8.10.tgz
ubuntu@chef-workstation:~$ tar zxf rubygems-1.8.10.tgz
ubuntu@chef-workstation:~$ cd rubygems-1.8.10
ubuntu@chef-workstation:/tmp/rubygems-1.8.10$ sudo ruby setup.rb --no-format-executable

安装Chef Gem
ubuntu@chef-workstation:/tmp/rubygems-1.8.10$ sudo gem install chef --no-ri --no-rdoc

Fetching: mixlib-config-1.1.2.gem (100%)
Fetching: mixlib-cli-1.2.2.gem (100%)
Fetching: mixlib-log-1.4.1.gem (100%)
Fetching: mixlib-authentication-1.3.0.gem (100%)
Fetching: mixlib-shellout-1.1.0.gem (100%)
Fetching: systemu-2.5.2.gem (100%)
Fetching: yajl-ruby-1.1.0.gem (100%)
Building native extensions.  This could take a while...
Fetching: ipaddress-0.8.0.gem (100%)
Fetching: ohai-6.14.0.gem (100%)
Fetching: mime-types-1.19.gem (100%)
Fetching: rest-client-1.6.7.gem (100%)
Fetching: bunny-0.7.9.gem (100%)
[Version 0.7.8] test suite cleanup (eliminated some race conditions related to queue.message_count)
Fetching: json-1.6.1.gem (100%)
Building native extensions.  This could take a while...
Fetching: polyglot-0.3.3.gem (100%)
Fetching: treetop-1.4.12.gem (100%)
Fetching: net-ssh-2.2.2.gem (100%)
Fetching: net-ssh-gateway-1.1.0.gem (100%)
Fetching: net-ssh-multi-1.1.gem (100%)
Fetching: highline-1.6.15.gem (100%)
Fetching: erubis-2.7.0.gem (100%)
Fetching: moneta-0.6.0.gem (100%)
Fetching: uuidtools-2.1.3.gem (100%)
Fetching: chef-10.16.2.gem (100%)
Successfully installed mixlib-config-1.1.2
Successfully installed mixlib-cli-1.2.2
Successfully installed mixlib-log-1.4.1
Successfully installed mixlib-authentication-1.3.0
Successfully installed mixlib-shellout-1.1.0
Successfully installed systemu-2.5.2
Successfully installed yajl-ruby-1.1.0
Successfully installed ipaddress-0.8.0
Successfully installed ohai-6.14.0
Successfully installed mime-types-1.19
Successfully installed rest-client-1.6.7
Successfully installed bunny-0.7.9
Successfully installed json-1.6.1
Successfully installed polyglot-0.3.3
Successfully installed treetop-1.4.12
Successfully installed net-ssh-2.2.2
Successfully installed net-ssh-gateway-1.1.0
Successfully installed net-ssh-multi-1.1
Successfully installed highline-1.6.15
Successfully installed erubis-2.7.0
Successfully installed moneta-0.6.0
Successfully installed uuidtools-2.1.3
Successfully installed chef-10.16.2
23 gems installed

安装Git
ubuntu@chef-workstation:~$ sudo apt-get -y install git-core
ubuntu@chef-workstation:~$ git --version
git version 1.7.1

创建Chef Repository
备注:Chef的大部分配置工作都是在Workstaion中的Chef Repository中完成的,不同的Chef Repository可以管理不同的Chef Server。
ubuntu@chef-workstation:~$ sudo git clone git://github.com/opscode/chef-repo.git /opt/chef-local

Initialized empty Git repository in /opt/chef-local/.git/
remote: Counting objects: 199, done.
remote: Compressing objects: 100% (117/117), done.
remote: Total 199 (delta 72), reused 162 (delta 49)
Receiving objects: 100% (199/199), 30.34 KiB | 10 KiB/s, done.
Resolving deltas: 100% (72/72), done.

ubuntu@chef-workstation:~$ cd /opt/chef-local/
ubuntu@chef-workstation:/opt/chef-local$ ls
README.md Rakefile certificates chefignore config cookbooks data_bags environments roles

创建配置文件夹
ubuntu@chef-workstation:/opt/chef-local$ sudo mkdir -p .chef

传输pem认证文件到Workstation
ubuntu@chef-workstation:/opt/chef-local$ sudo scp ubuntu@chef-server:/home/ubuntu/.chef/chef-workstation.pem .chef/
ubuntu@chef-workstation:/opt/chef-local$ sudo scp ubuntu@chef-server:/home/ubuntu/.chef/validation.pem .chef/

ubuntu@chef-workstation:/opt/chef-local$ ls .chef/
chef-workstation.pem validation.pem

ubuntu@chef-workstation:/opt/chef-local$ sudo knife configure

WARNING: No knife configuration file found
Where should I put the config file? [/home/ubuntu/.chef/knife.rb] .chef/knife.rb
Please enter the chef server URL: [http://chef-workstation:4000] http://chef-server:4000
Please enter an existing username or clientname for the API: [ubuntu] chef-workstation
Please enter the validation clientname: [chef-validator] 
Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem
Please enter the path to a chef repository (or leave blank): /opt/chef-local
*****

You must place your client key in:
  /opt/chef-local/.chef/chef-workstation.pem
Before running commands with Knife!

*****

You must place your validation key in:
  /opt/chef-local/.chef/validation.pem
Before generating instance data with Knife!

*****
Configuration file written to /opt/chef-local/.chef/knife.rb

验证配置是否正确
ubuntu@chef-workstation:~$ sudo ntpdate chef-server

确认Knife工具能否连接到Chef Server
ubuntu@chef-workstation:~$ knife client list

  chef-server
  chef-validator
  chef-webui
  chef-workstation
  ubuntu

ubuntu@chef-workstation:~$ knife client show chef-validator

_rev:        1-96959e21dfdb3f232a3ce8bae835475b
admin:       false
chef_type:   client
json_class:  Chef::ApiClient
name:        chef-validator
public_key:  -----BEGIN RSA PUBLIC KEY-----
             MIIBCgKCAQEA00/AWJL5mThj+pSXEB2gMKdTdHFm0pGi2hXAoBwm4/ZlnO4p2iwI
             /skfZMepVm8SAkSMIhz7ZC+jN/+Kqas7es0E+iv9ei0BF4Q41Y5kKMFctuElYbPH
             ImRCVTcQJ6m7BPS0Tczhy87jk6QlhsDsrnhNyUEgM5XRVNO+NzqeqZ+UMOWd9k2q
             KTJhbtHdx7ILdjZ5SBsiIMBhBNni2D0Y34BDtddsXCn1eyTWwGZxZTRZuDDXnls+
             aZaqogKoZ40d6h6ZVGh6nmmpdPDi9YdCIqFtWe5LF5bwIy7K6qBVgiOqU0x3Xek3
             d1eZG/8C+4FWjAm1h856npvmMOpVip9w8QIDAQAB
             -----END RSA PUBLIC KEY-----

3. 安装配置chef-client
编辑hosts
ubuntu@chef-client-1:~$ vim /etc/hosts

127.0.0.1	localhost

10.6.1.170 chef-server
10.6.1.171 chef-workstation
10.6.1.172 chef-client-1
10.6.1.173 chef-client-2

与chef-server同步时间
ubuntu@chef-client-1:~$ sudo ntpdate chef-server

Boostrap可以用来将目标节点初始化为一个Client
ubuntu@chef-workstation:~$ knife bootstrap --help

knife bootstrap FQDN (options)
        --bootstrap-proxy PROXY_URL  The proxy server for the node being bootstrapped
        --bootstrap-version VERSION  The version of Chef to install
    -N, --node-name NAME             The Chef node name for your new node
    -s, --server-url URL             Chef Server URL
    -k, --key KEY                    API Client Key
        --[no-]color                 Use colored output, defaults to enabled
    -c, --config CONFIG              The configuration file to use
        --defaults                   Accept default values for all questions
        --disable-editing            Do not open EDITOR, just accept the data as is
    -d, --distro DISTRO              Bootstrap a distro using a template
    -e, --editor EDITOR              Set the editor to use for interactive commands
    -E, --environment ENVIRONMENT    Set the Chef environment
    -j JSON_ATTRIBS                  A JSON string to be added to the first run of chef-client
        --json-attributes
    -F, --format FORMAT              Which format to use for output
        --hint HINT_NAME[=HINT_FILE] Specify Ohai Hint to be set on the bootstrap target.  Use multiple --hint options to specify multiple hints.
        --[no-]host-key-verify       Verify host key, enabled by default.
    -i IDENTITY_FILE                 The SSH identity file used for authentication
        --identity-file
    -u, --user USER                  API Client Username
        --prerelease                 Install the pre-release chef gems
        --print-after                Show the data after a destructive operation
    -r, --run-list RUN_LIST          Comma separated list of roles/recipes to apply
    -G, --ssh-gateway GATEWAY        The ssh gateway
    -P, --ssh-password PASSWORD      The ssh password
    -p, --ssh-port PORT              The ssh port
    -x, --ssh-user USERNAME          The ssh username
        --template-file TEMPLATE     Full path to location of template to use
        --sudo                       Execute the bootstrap via sudo
    -V, --verbose                    More verbose output. Use twice for max verbosity
    -v, --version                    Show chef version
    -y, --yes                        Say yes to all prompts for confirmation
    -h, --help                       Show this message

下面我们对chef-client-1进行初始化
ubuntu@chef-workstation:~$ sudo knife bootstrap 10.6.1.172 -x ubuntu -P password --sudo

Bootstrapping Chef on 10.6.1.172
10.6.1.172 --2012-11-09 03:34:40--  http://opscode.com/chef/install.sh
10.6.1.172 Resolving opscode.com... 
10.6.1.172 184.106.28.83
10.6.1.172 Connecting to opscode.com|184.106.28.83|:80... 
10.6.1.172 connected.
10.6.1.172 HTTP request sent, awaiting response... 
10.6.1.172 301 Moved Permanently
10.6.1.172 Location: http://www.opscode.com/chef/install.sh [following]
10.6.1.172 --2012-11-09 03:34:41--  http://www.opscode.com/chef/install.sh
10.6.1.172 Resolving www.opscode.com... 
10.6.1.172 184.106.28.83
10.6.1.172 Reusing existing connection to opscode.com:80.
10.6.1.172 HTTP request sent, awaiting response... 
10.6.1.172 200 OK
10.6.1.172 Length: 6396 (6.2K) [application/x-sh]
10.6.1.172 Saving to: `STDOUT'
10.6.1.172 
 0% [                                       ] 0           --.-K/s              
10.6.1.172 Downloading Chef 10.16.2 for ubuntu...
100%[======================================>] 6,396       18.7K/s   in 0.3s    
10.6.1.172 
10.6.1.172 2012-11-09 03:34:42 (18.7 KB/s) - written to stdout [6396/6396]
10.6.1.172 
10.6.1.172 Installing Chef 10.16.2
10.6.1.172 Selecting previously deselected package chef.
10.6.1.172 (Reading database ... 
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 41378 files and directories currently installed.)
10.6.1.172 Unpacking chef (from .../chef_10.16.2_amd64.deb) ...
10.6.1.172 Setting up chef (10.16.2-1.ubuntu.10.04) ...
10.6.1.172 Thank you for installing Chef!
10.6.1.172 [2012-11-09T03:57:46+08:00] INFO: *** Chef 10.16.2 ***
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Client key /etc/chef/client.pem is not present - registering
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: HTTP Request Returned 404 Not Found: Cannot load node chef-client-1
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Setting the run_list to [] from JSON
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Run List is []
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Run List expands to []
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: HTTP Request Returned 404 Not Found: No routes match the request: /reports/nodes/chef-client-1/runs
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Starting Chef Run for chef-client-1
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Running start handlers
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Start handlers complete.
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Loading cookbooks []
10.6.1.172 [2012-11-09T03:57:48+08:00] WARN: Node chef-client-1 has an empty run list.
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Chef Run complete in 0.438462677 seconds
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Running report handlers
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Report handlers complete

验证chef-client-1是否已经注册
ubuntu@chef-workstation:~$ knife client list

  chef-client-1
  chef-server
  chef-validator
  chef-webui
  chef-workstation
  ubuntu

从上面可以看出chef-client-1已经成功注册到了chef-server中,整个环境 chef-workstation => chef-server => chef-client-1 已经搭建成功。

4. 接着,我们可以开始以下过程
Chef集中管理工具实践之 (2) 服务器配置
Chef集中管理工具实践之 (3) 自定义配置

, ,

  1. #1 by jerry on 2013/01/09 - 16:15

    ops@debian:~/.chef$ knife configure -i
    Overwrite /home/ops/.chef/knife.rb? (Y/N) Y
    Please enter the chef server URL: [http://chef-server:4000]
    Please enter a clientname for the new client: [root]
    Please enter the existing admin clientname: [chef-webui]
    Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem]
    Please enter the validation clientname: [chef-validator]
    Please enter the location of the validation key: [/etc/chef/validation.pem]
    Please enter the path to a chef repository (or leave blank):
    Creating initial API user...
    ERROR: Your private key could not be loaded from /etc/chef/webui.pem
    Check your configuration file and ensure that your private key is readable

    博主,您好,我按照你的步骤去做,但是到这步总是有问题,无论我是用默认root账户,还是用我的ops账户,都不行

    有什么解决方案吗?或者给我一个思路

    ++++++++++++++++++++++++++

    ********************** Resolved
    ERROR: Your private key could not be loaded from /home/brett/.chef/
    This seems to have the wrong username for some reason

    Here is the knife.rb that I am using, modify the passwords and usernames and it should work
    ***************************
    current_dir = File.dirname(__FILE__)
    log_level :info
    log_location STDOUT
    node_name "username"
    client_key "#{current_dir}/username.pem"
    validation_client_name "organization-validator"
    validation_key "#{current_dir}/organization.pem"
    chef_server_url "https://api.opscode.com/organizations/organization"
    cache_type 'BasicFil
    cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
    cookbook_path ["#{current_dir}/cookbooks"]
    ++++++++++++++++++++++++++++

    以上是一个老外blog上的解决方法,但似乎不适用于我

  2. #2 by jerry on 2013/01/09 - 16:21

    我仔细看了下,我明明是ops用户,提示我的时候,默认却是root

    Debian GNU/Linux 6.0 \n \l

  3. #3 by zhishui on 2013/07/08 - 15:24

    你好,我想请教下三个装在同一台电脑上可以吗,我试了下,在chef-client-1注册的时候就有问题,还有就是现在chef是11版的,据说跟10有挺多差别,这个适用于11版的吗,

    • #4 by mcsrainbow on 2013/07/10 - 11:43

      基本的配置思路肯定是一致的,具体细节可能不同,有时间我测试一下11版的。目前更喜欢用的是一个叫Saltstack的软件,和Chef类似但是更易用,用Python实现的。

  4. #5 by eric on 2013/07/12 - 18:25

    哥们你这教程写的有点忒.....
    连一点说明都没有,很多地方随着版本和使用不同都应该或多或少有一点变化,所以看你这文档能做成功的应该很少
    希望你下次写文档时可以负责一点,要是给自己就自己收藏就好了
    要是想分享,就应该写的详细和人性化一些
    谢谢 以上是小弟的一点建议

    • #6 by mcsrainbow on 2013/07/12 - 18:38

      你是用的新版本么?我写文章的习惯是一遍操作一遍写,因此所有的步骤至少在我写文章的当时是没问题的,我自己也经常拿来参考这些步骤,每次都能成功。我了解近期可能有新版的Chef,有时间我会再测试一遍,看是不是有的步骤需要更新。

  5. #7 by Peter on 2014/10/31 - 18:11

    Hi,
    在做第三步3. 安装配置chef-client时,是不是要对chef-client-1做一些操作,否则,在运行sudo knife bootstrap 10.6.1.172 -x ubuntu -P password --sudo的时候回出现:
    Connecting to 10.6.1.172
    ERROR: Errno::ENOENT: No such file or directory - /opt/chef-local/.chef/validator.pem

(will not be published)
*