- From: "
" <
>
- To:
- Subject: [chef] Re: Re: Re: Error while bootstraping a node
- Date: Wed, 27 Aug 2014 22:52:58 +0200
Hello !
thank you for the answer : the bootstrap is finally working ! :)
In fact by reading the code the first timeI was also suspecting this but
I didn't understand why this url was nill as when checking the generated
/etc/chef/client.rb file I thought it was correct - ie : the field was
defined :
-- chef server
# knife bootstrap
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net --server-url
chef.lab.prod.dekatonshivr.echinopsii.net -x mffrench --sudo
--- chef node
~
╰─$ more /etc/chef/client.rb
log_location STDOUT
chef_server_url "chef.lab.prod.dekatonshivr.echinopsii.net"
validation_client_name "chef-validator"
# Using default node name (fqdn)
---
After reading your answer I got the idea to test the following command
as my knife tests on my user were working :
-- chef node
~
╰─$ sudo chef-client -c ~/.chef/knife.rb
[2014-08-27T22:41:23+02:00] INFO: Forking chef instance to converge...
[2014-08-27T22:41:23+02:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the
middle
attacks.
To fix this issue add an entry like this to your configuration file:
```
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer
# OR, Verify only connections to chef-server
verify_api_cert true
```
To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:
```
knife ssl check -c /home/mffrench/.chef/knife.rb
```
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * *
Starting Chef Client, version 11.14.6
[2014-08-27T22:41:23+02:00] INFO: *** Chef 11.14.6 ***
[2014-08-27T22:41:23+02:00] INFO: Chef-client pid: 3339
[2014-08-27T22:41:25+02:00] INFO: Run List is []
[2014-08-27T22:41:25+02:00] INFO: Run List expands to []
[2014-08-27T22:41:25+02:00] INFO: Starting Chef Run for mffrench
[2014-08-27T22:41:25+02:00] INFO: Running start handlers
[2014-08-27T22:41:25+02:00] INFO: Start handlers complete.
[2014-08-27T22:41:25+02:00] INFO: HTTP Request Returned 404 Object Not
Found:
resolving cookbooks for run list: []
[2014-08-27T22:41:25+02:00] INFO: Loading cookbooks []
Synchronizing Cookbooks:
Compiling Cookbooks...
[2014-08-27T22:41:25+02:00] WARN: Node mffrench has an empty run list.
Converging 0 resources
[2014-08-27T22:41:25+02:00] INFO: Chef Run complete in 0.222271314 seconds
Running handlers:
[2014-08-27T22:41:25+02:00] INFO: Running report handlers
Running handlers complete
[2014-08-27T22:41:25+02:00] INFO: Report handlers complete
Chef Client finished, 0/0 resources updated in 1.864073402 seconds
~
╰─$ more .chef/knife.rb
log_level :info
log_location STDOUT
node_name 'mffrench'
client_key '/home/mffrench/.chef/mffrench.pem'
validation_client_name 'chef-validator'
validation_key '/home/mffrench/.chef/chef-validator.pem'
chef_server_url '
https://chef.lab.prod.dekatonshivr.echinopsii.net:443'
syntax_check_cache_path '/home/mffrench/.chef/syntax_check_cache'
cookbook_path [ '/home/mffrench/work/chef-repo/cookbooks' ]
---
Worked ! :)
So the error I did in fact was pushing only the fqdn on the knife
bootstrap command instead of the full URL (as the parameter name tell me
to do ;) ). This command is working much better :
:~# sudo knife bootstrap
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net --server-url
https://chef.lab.prod.dekatonshivr.echinopsii.net:443 -x mffrench --sudo
Connecting to rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
Failed to authenticate mffrench - trying password auth
Enter your password:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Starting first
Chef Client run...
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
[2014-08-27T22:46:08+02:00] WARN:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net SSL validation
of HTTPS requests is disabled. HTTPS connections are still
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net encrypted, but
chef is not able to detect forged replies or man in the middle
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net attacks.
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net To fix this
issue add an entry like this to your configuration file:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ```
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net # Verify all
HTTPS connections (recommended)
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ssl_verify_mode
:verify_peer
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net # OR, Verify
only connections to chef-server
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net verify_api_cert
true
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ```
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net To check your
SSL configuration, or troubleshoot errors, you can use the
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net `knife ssl
check` command like so:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ```
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net knife ssl
check -c /etc/chef/client.rb
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net ```
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Starting Chef
Client, version 11.14.6
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Creating a new
client identity for
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net using the
validator key.
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net resolving
cookbooks for run list: []
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Synchronizing
Cookbooks:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Compiling
Cookbooks...
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
[2014-08-27T22:46:10+02:00] WARN: Node
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net has an empty
run list.
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Converging 0
resources
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Running handlers:
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Running
handlers complete
rabbitmq-cluster01.lab01.dev.dekatonshivr.echinopsii.net Chef Client
finished, 0/0 resources updated in 2.168105495 seconds
Maybe could you improve the client.rb parsing by raising a badly
formated URL error ? Anyway thank you a lot for your help !
Cheers,
Mathilde
On 25/08/2014 18:26, Daniel DeLeo wrote:
On Sunday, August 24, 2014 at 1:23 AM,
wrote:
Note : I just note that on the log file there is all the log on my previous
tests before this post (I did several unsuccessful tests with older chef
client version) .... So the relevant log lines on the log file are after
timestamp 2014-08-23T21:26:57+02:00 ...
Cheers,
Mathilde
What is your `chef_server_url` setting in /etc/chef/client.rb ? From the
code[0], it looks like something is wrong with the URL such that the ruby URI
code is returning `nil` for the host.
Archive powered by MHonArc 2.6.16.