General discussion about Chef

[chef] Re: Re: Chef client installer failure


Chronological Thread 
  • From: Ameir Abdeldayem < >
  • To:
  • Subject: [chef] Re: Re: Chef client installer failure
  • Date: Mon, 12 Jan 2015 23:25:41 -0500
Thanks, guys.  When I installed curl, I noticed that it installed a CA bundle along with it, so wget may indeed have worked thereafter.  I figured I'd raise this just to have it documented.  My bootstrapping process takes one additional manual step (i.e. installing curl) with these minimal templates, but no biggie.

Thanks for pointing out the hostname change; the installer script on opscode.com still refers to opscode.com during the install (with chef-client 12.0.3).  I've updated my process to use the new domain.


On Mon, Jan 12, 2015 at 9:58 PM, Noah Kantrowitz < " target="_blank"> > wrote:

On Jan 12, 2015, at 5:55 PM, "> wrote:

> Hi all,
>
> I was trying to install Chef client on a fresh Ubuntu 14.04 OpenVZ minimal template, but it failed with the error message below.  I've seen this a few times before, but figured I'd document it here (I wasn't sure which github repo the installer script ties to).  The workaround is to just install curl.  If the script has '--no-check-certificate' added to the wget command, that'd work as well, although security-minded folks might not like that.
>
> Downloading Chef for ubuntu...
> downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
> to file /tmp/install.sh.5682/metadata.txt
> trying wget...
> trying perl...
> Unable to retrieve a valid package!
> Version:
>
> Please file a Bug Report at https://github.com/opscode/opscode-omnitruck/issues/new
> Alternatively, feel free to open a Support Ticket at https://www.getchef.com/support/tickets
> More Chef support resources can be found at https://www.getchef.com/support
>
> Please include as many details about the problem as possible i.e., how to reproduce
> the problem (if possible), type of the Operating System and its version, etc.,
> and any other relevant details that might help us with troubleshooting.
>
> Metadata URL: https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
> \nDEBUG OUTPUT FOLLOWS:\n\nSTDERR from wget:\n\n--2015-01-12 20:44:50-- https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
> Resolving www.opscode.com (www.opscode.com)... 184.106.28.90
> Connecting to www.opscode.com (www.opscode.com)|184.106.28.90|:443... connected.
> ERROR: cannot verify www.opscode.com's certificate, issued by '/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA':
> Unable to locally verify the issuer's authority.
> To connect to www.opscode.com insecurely, use `--no-check-certificate'.\n\nSTDERR from perl:\n\nCan't locate LWP/Simple.pm in @INC (you may need to install the LWP::Simple module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at -e line 1.
> BEGIN failed--compilation aborted at -e line 1.\n

Your wget (or more likely your OpenSSL in general) doesn't have the DigiCert public CA cert, and none of the other transports (curl, etc) are available. You need something on the base system capable of secure HTTPS download. You should also fix the URL to be www.chef.io, the new hostname.

--Noah


Archive powered by MHonArc 2.6.16.

§