Re: Installation Failure (PEBKAC, more than likely)

[Joshua Timberman <joshua@opscode.com>]

Hello Joseph,

Your 'CN=Puck.' isn't a fully qualified domain. You can specify this  
for the SSL certificate request in a json file per the Chef  
Installation document.

I ran into similar troubles on EC2 nodes where the internal hostname  
contained upcase letters (ie, domU-xx-xx-xx). Forcing these to be  
lowercase via the json file (chef server_fqdn, for example) resolved  
the issue for me.


On Jun 17, 2009, at 11:16 AM, Joseph Smith wrote:

> Hello All -
>
> I'm having issues running chef-client post-validation through the  
> webUI, wondered if anyone can spot my 'gotcha'.
> Error as reported in server.log:
>  ~ WARNING: making https request to https://puck.test.5to1.com/openid/server/node/Titania 
>  without verifying server certificate; no CA path was specified.
>  ~ Discovery failed for https://puck.XXX.XXX.com/openid/server/node/Titania 
> : Failed to fetch identity URL https://puck.XXX.XXX.com/openid/server/node/Titania 
>  : Error connecting to SSL URL https://puck.XXX.XXX.com/openid/server/node/Titania 
> : hostname does not match - (Merb::ControllerExceptions::BadRequest)
> Error running chef-client on Titania:  (Titania.XXX.XXX.com)
> /usr/lib/ruby/1.8/open-uri.rb:32:in `initialize': Permission denied  
> - /var/log/chef/client.log (Errno::EACCES)
>   (let me know if trace is important)
> @Titania:  openssl s_client -connect puck.XXX.XXX.com
> ...
> CN result:
> subject=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./ 
> emailAddress=ops@
> issuer=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./ 
> emailAddress=ops@
>
> Notes:
> OS:  Ubuntu 8.10
> Puck and Titania are on the same subnet

--
Opscode, Inc
Joshua Timberman, Senior System Engineer
C: 720.878.4322 E: joshua@opscode.com