Re: chef + vlad/capistrano?

[Ezra Zygmuntowicz <ez@engineyard.com>]

Hi~

On Mar 10, 2009, at 2:10 AM, Michal Frackowiak wrote:

> Hi,
>
> I think we are close to the working configuration - which I will  
> describe in more details later.
> There is one problem we have with EC2 AMIs and one design question:
>
> 1. Problem with validation_token
>
> We have clients authenticating with validation_token (alphanumeric  
> only). The problem is that when we issue
> chef-client -j dna.json
> from an EC2 machine we are getting an Unauthorized exception:
>
> [Mon, 09 Mar 2009 20:43:16 +0000] DEBUG: Sending HTTP Request via  
> POST to /openid/server/decision
> /usr/lib/ruby/1.8/net/http.rb:2097:in `error!': 401  
> "Unauthorized" (Net::HTTPServerException)
> ...
>
> The node is available through server's web interface for manual  
> validation, but cannot register automatically. Its default name is  
> e.g. domU-12-31-39-02-61-71.
>
> It looks like the problem is with the node name itself. It took us  
> at least an hour, but when we do:
>
> chef-client -j dna.json -n foonode
>
> it works perfectly.


The workaround for this is to not use the hostanme as the nodename,  
use the instance-id instead. In your /etc/chef/client.rb  config file  
put this:

require 'open-uri'
node_name open("http://169.254.169.254/latest/meta-data/instance- 
id").gets

That will set the noename to the instance-id of your instance. I had  
issues with using the hostname as node name because amazon will  
recycle hostnames when you start and stop instances a lot so its not a  
true unique id. Whereas the instance-id is garanteed to be unique

Cheers-
Ezra Zygmuntowicz
ez@engineyard.com