General discussion about Chef

[chef] Re: Re: Error connecting to SSL URL


Chronological Thread 
  • From: Matt Matson < >
  • To:
  • Subject: [chef] Re: Re: Error connecting to SSL URL
  • Date: Mon, 24 Aug 2009 11:07:05 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=uVF9+8t3wxOQE9eCqu/Xct7iBQa3QJSr5FzkdtxWSLNwBTIWVTa7eWUqsbPo646EUE eDGDDyhvtZLdSp1WPaW/AG8VxdE+4l3jklzXAf4orpl5eHOAZ3LMdVe0xWB7GUApY7Uy zEkl4XPQQnXGqS2pJXhFI2EF8QZOVcDk5ThJ8=
AJ,

That was it!  I generated a new cert with the rake task and updated Apache configs (sites-enabled sites-available).

chef-client now runs like a champ and the node shows up in the Web UI under 'Nodes'.

Thanks!

On Mon, Aug 24, 2009 at 10:42 AM, Arjuna Christensen < "> > wrote:
HI,


Hi,

I'm able to install chef server 7.8 on centos5.3 per wiki guide.  I'm also able
to run chef client on a node and then 'validate' registration from the server
web UI.  However, subsequent chef-client runs fail.  Looks like openid issues.
Am hoping someone can point me in the right direction.

BTW, previous 7.6 install worked perfectly (server & nodes).

Here is the output from client:

/usr/lib/ruby/1.8/net/http.rb:2097:in `error!': 400 "Bad Request"
(Net::HTTPServerException)
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/rest.rb:233:in
`run_request'
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/rest.rb:95:in
`post_rest'
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/client.rb:232:in
`authenticate'
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/client.rb:74:in
`run'
from
/usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/application/client.rb:186:in
`run_application'
from
/usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/application/client.rb:178:in
`loop'
from
/usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/application/client.rb:178:in
`run_application'
from
/usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/application.rb:57:in `run'
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.8/bin/chef-client:26
from /usr/bin/chef-client:19:in `load'
from /usr/bin/chef-client:19


And here is the chef server.log:

~ Started request handling: Mon Aug 24 03:26:23 -0700 2009
~ Params: {"submit"=>"Verify", "action"=>"start",
"controller"=>"chef_server_slice/openid_consumer",
"openid_identifier"=>"https://chef001.blah.com:444/openid/server/node/node001_blah_com"}
~ WARNING: making https request to
https://chef001.blah.com:444/openid/server/node/node001_blah_com without
verifying server certificate; no CA path was specified.
~ Discovery failed for
https://chef001.blah.com:444/openid/server/node/node001_blah_com: Failed to
fetch identity URL
https://chef001.blah.com:444/openid/server/node/node001_blah_com : Error
connecting to SSL URL
https://chef001.blah.com:444/openid/server/node/node001_blah_com: hostname does
not match - (Merb::ControllerExceptions::BadRequest)

This error means that the URL your chef server is attempting to connect to does not match the Common Name of the SSL certificate running there. You should re-generate your cert (our repo has a task) for chef001.blah.com and change it your Apache configuration appropriately.

I believe the Opscode Chef Server recipe can do this automatically by supplying values for 'server_ssl_req' and 'server_fqdn' in JSON or Attributes (Roles), then running Solo.

-- 
AJ Christensen, Software Engineer


Archive powered by MHonArc 2.6.16.

§