On Monday, June 16, 2014 at 6:25 AM,
" href="mailto:
">
wrote:
>
> Hello community,
>
> I'm quite new to chef and I have to set up a chef server and now I am totally
> stuck. I hope I can find some help here because I found nothing about my
> problem in the documentation and I'm working on this since 3 weeks :(
>
>
First of all the describtion of the situation:
>
> The server resides in the dmz subnet of the office lan (as a vm, Ubuntu 14.04).
> It has a private IP (192.168.0.2) and local name/fqdn (chef.dmz.loc). From the
> internet the server is accessible via an external FQDN and IP (example.com (
http://example.com),
> 93.184.216.119) by the appropriate firewall rules/port-forwarding.
>
> It is also used as workstation and a special user account (chefdev) is
> designated to create, modify and upload cookbooks as well as bootstrap nodes.
> This setup (dmz, special account, server = workstation) can be seen as
> constraints.
>
> The problem is that I either can't upload cookbooks or I can't bootstrap nodes.
> If I configure everything for the local FQDN it's possible to upload cookboks,
> but bootstrapping nodes does not work because from the internet the local name
> is not resolveable (of course!). If I configure the server for it's external IP
> I can't upload cookbooks because of ssl handshake failure.
>
> Is there any solution for this under the constraints mentioned above? Thanks in
> advance.
>
> Below are some configurations and error messages which might be neede for you
> to help me. If you need some more, please tell me.
>
> configuration (ext. IP):
http://pastebin.com/3uwMYutz>
> error messages
> knife:
http://pastebin.com/gAfsYiej> erchef:
http://pastebin.com/Rc5UDvj4The most general solution is to use an SSL certificate with a SubjectAltName field that contains both the FQDN and the IP address.
You could also use split-horizon DNS or configure the chef-server’s hostname in your etc/hosts.
The least good solution is to disable SSL certificate verification for hosts on the local network.
--
Daniel DeLeo