[chef] Re: [[chef-dev]] Chef 0.8.2

[Joshua Timberman < >]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI Early adopters of 0.8.2, there was a pair of execute resources to  
create SSL certificates in the bootstrap::server recipe[0] that  
weren't working with the auto-detect/generate in the chef-server and  
chef-server-webui startup. I have removed these and pushed new  
bootstrap-latest.tar.gz and bootstrap-0.8.2.tar.gz archives out to the  
S3 bucket. This was resolved late last night (2/28), but has been  
reported by others today as well.

The symptom is that you cannot login to the webui with the admin user  
and the password specified in /etc/chef/server.rb. The first thing to  
try is simply restart the webui.

# sudo /etc/init.d/chef-server-webui restart

When it starts up, if you're getting this message in /etc/sv/chef- 
server-webui/log/main/current:

2010-03-01_06:19:16.17209 ~ Failed loading ChefServerWebui (401  
"Unauthorized")

There's an issue with the user in CouchDB and doesn't match the  
certificate in /etc/chef/webui.pem. To fix this, you'll need to find  
the user "chef-webui" and "chef-validator" documents in the CouchDB,  
and remove them. The easiest way to do this[1]:

# Access CouchDB's Futon (http://localhost:5984/_utils, set up an SSH  
tunnel to get there from your local system if the Chef Server is  
remote).
# Select the 'chef' database.
# In the 'View' drop-down on the upper right, select "all_id" under  
Clients.
# Select 'chef-validator', delete document. Repeat for 'chef-webui'.

Next, remove the certificates in /etc/chef.

# sudo rm /etc/chef/{validation,webui}.{crt,key,pem}

And finally, restart chef-server and chef-server-webui.

# sudo /etc/init.d/chef-server restart
# sudo /etc/init.d/chef-server-webui restart

[0] These were used in the early stages of the 0.8 bootstrap  
development, when the server processes didn't automatically generate  
the certificates in the right place.
[1] Robert Berger (rberger) did a blog post with illustrations. Thanks  
for putting this together, Robert! http://blog.ibd.com/scalable-deployment/reseting-the-opscode-chef-server-validation-keypem/

On Feb 28, 2010, at 8:56 PM, Adam Jacob wrote:

> The release just about everyone has been waiting for is here:
>
> http://bit.ly/cVybsf
>
> This release MVP is Scott Likens, Damm from IRC, who has spent so much
> time getting everyone ready for Chef 0.8.  Thank you so much for all
> your hard work, Scott.
>
> Love,
> Adam
>
> --
> Opscode, Inc.
> Adam Jacob, CTO
> T: (206) 508-7449 E: 
>
>  

- --
Opscode, Inc
Joshua Timberman, Senior Solutions Engineer
C: 720.334.RUBY E: 

 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)

iEYEARECAAYFAkuMdloACgkQO97WSdVpzT2JUwCeKKZQSJY7Ie1yWB8o6pgr1FTc
55YAn3B7wjhQcWn/6P09RRkJ7klr98EH
=RGpo
-----END PGP SIGNATURE-----