General discussion about Chef

[chef] Re: Re: Re: Error while bootstraping a node


Chronological Thread 
  • From: " " < >
  • To:
  • Subject: [chef] Re: Re: Re: Error while bootstraping a node
  • Date: Wed, 27 Aug 2014 22:52:58 +0200
Hello !

thank you for the answer : the bootstrap is finally working ! :)

In fact by reading the code the first timeI was also suspecting this but I didn't understand why this url was nill as when checking the generated /etc/chef/client.rb file I thought it was correct - ie : the field was defined :


-- chef server

# knife bootstrap rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net --server-url chef.lab.prod.dekatonshivr.echinopsii.net -x mffrench --sudo

--- chef node


  ~
╰─$ more /etc/chef/client.rb
log_location     STDOUT
chef_server_url  "chef.lab.prod.dekatonshivr.echinopsii.net"
validation_client_name "chef-validator"
# Using default node name (fqdn)

---


After reading your answer I got the idea to test the following command as my knife tests on my user were working :

-- chef node


  ~
╰─$ sudo chef-client -c ~/.chef/knife.rb
[2014-08-27T22:41:23+02:00] INFO: Forking chef instance to converge...
[2014-08-27T22:41:23+02:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

```
  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server
  verify_api_cert true
```

To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:

```
  knife ssl check -c /home/mffrench/.chef/knife.rb
```

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Starting Chef Client, version 11.14.6
[2014-08-27T22:41:23+02:00] INFO: *** Chef 11.14.6 ***
[2014-08-27T22:41:23+02:00] INFO: Chef-client pid: 3339
[2014-08-27T22:41:25+02:00] INFO: Run List is []
[2014-08-27T22:41:25+02:00] INFO: Run List expands to []
[2014-08-27T22:41:25+02:00] INFO: Starting Chef Run for mffrench
[2014-08-27T22:41:25+02:00] INFO: Running start handlers
[2014-08-27T22:41:25+02:00] INFO: Start handlers complete.
[2014-08-27T22:41:25+02:00] INFO: HTTP Request Returned 404 Object Not Found:
resolving cookbooks for run list: []
[2014-08-27T22:41:25+02:00] INFO: Loading cookbooks []
Synchronizing Cookbooks:
Compiling Cookbooks...
[2014-08-27T22:41:25+02:00] WARN: Node mffrench has an empty run list.
Converging 0 resources
[2014-08-27T22:41:25+02:00] INFO: Chef Run complete in 0.222271314 seconds

Running handlers:
[2014-08-27T22:41:25+02:00] INFO: Running report handlers
Running handlers complete
[2014-08-27T22:41:25+02:00] INFO: Report handlers complete
Chef Client finished, 0/0 resources updated in 1.864073402 seconds



  ~
╰─$ more .chef/knife.rb
log_level                :info
log_location             STDOUT
node_name                'mffrench'
client_key               '/home/mffrench/.chef/mffrench.pem'
validation_client_name   'chef-validator'
validation_key           '/home/mffrench/.chef/chef-validator.pem'
chef_server_url 'https://chef.lab.prod.dekatonshivr.echinopsii.net:443'
syntax_check_cache_path  '/home/mffrench/.chef/syntax_check_cache'
cookbook_path [ '/home/mffrench/work/chef-repo/cookbooks' ]

---

Worked ! :)

So the error I did in fact was pushing only the fqdn on the knife bootstrap command instead of the full URL (as the parameter name tell me to do ;) ). This command is working much better :

:~# sudo knife bootstrap rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net --server-url https://chef.lab.prod.dekatonshivr.echinopsii.net:443 -x mffrench --sudo
Connecting to rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
Failed to authenticate mffrench - trying password auth
Enter your password:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Starting first Chef Client run...
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net [2014-08-27T22:46:08+02:00] WARN:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net SSL validation of HTTPS requests is disabled. HTTPS connections are still
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net encrypted, but chef is not able to detect forged replies or man in the middle
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net attacks.
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net To fix this issue add an entry like this to your configuration file:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ```
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net # Verify all HTTPS connections (recommended)
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ssl_verify_mode :verify_peer
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net # OR, Verify only connections to chef-server
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net verify_api_cert true
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ```
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net To check your SSL configuration, or troubleshoot errors, you can use the
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net `knife ssl check` command like so:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ```
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net knife ssl check -c /etc/chef/client.rb
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ```
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Starting Chef Client, version 11.14.6
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Creating a new client identity for rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net using the validator key.
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net resolving cookbooks for run list: []
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Synchronizing Cookbooks:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Compiling Cookbooks...
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net [2014-08-27T22:46:10+02:00] WARN: Node rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net has an empty run list.
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Converging 0 resources
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Running handlers:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Running handlers complete
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Chef Client finished, 0/0 resources updated in 2.168105495 seconds


Maybe could you improve the client.rb parsing by raising a badly formated URL error ? Anyway thank you a lot for your help !

Cheers,

Mathilde


On 25/08/2014 18:26, Daniel DeLeo wrote:

On Sunday, August 24, 2014 at 1:23 AM, 

 wrote:

Note : I just note that on the log file there is all the log on my previous
tests before this post (I did several unsuccessful tests with older chef
client version) .... So the relevant log lines on the log file are after
timestamp 2014-08-23T21:26:57+02:00 ...

Cheers,

Mathilde
What is your `chef_server_url` setting in /etc/chef/client.rb ? From the 
code[0], it looks like something is wrong with the URL such that the ruby URI 
code is returning `nil` for the host.



Archive powered by MHonArc 2.6.16.

§