[chef] Re: Re: chef_server_url

[Stuart Cracraft < >]

> On May 19, 2015, at 10:25 PM, Noah Kantrowitz 
> <
 >
>  wrote:
> 
> Client config goes in /etc/chef/client.rb by default.

Tried that as well just now:


 :~/chef-repo#
 cat /etc/chef/client.rb
 validation_key           "/etc/chef/validation.pem"
 cache_type               'BasicFile'
 log_level        :info
 log_location     STDOUT
 chef_server_url     "https://chef-server:443";

 :~/chef-repo#
 knife node list
ERROR: Your private key could not be loaded from /etc/chef/client.pem
Check your configuration file and ensure that your private key is readable

 :~/chef-repo#
 chef-client
[2015-05-19T22:47:07-07:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 12.3.0
[2015-05-19T22:47:07-07:00] INFO: *** Chef 12.3.0 ***
[2015-05-19T22:47:07-07:00] INFO: Chef-client pid: 9921
Creating a new client identity for chef-client using the validator key.
[2015-05-19T22:47:09-07:00] INFO: Client key /etc/chef/client.pem is not 
present - registering
[2015-05-19T22:47:10-07:00] ERROR: SSL Validation failure connecting to host: 
chef-server - SSL_connect returned=1 errno=0 state=SSLv3 read server 
certificate B: certificate verify failed

================================================================================
Chef encountered an error attempting to create the client "chef-client"
================================================================================

[2015-05-19T22:47:10-07:00] FATAL: Stacktrace dumped to 
/var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 2.952521073 seconds
[2015-05-19T22:47:10-07:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B: certificate verify failed
[2015-05-19T22:47:10-07:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef 
run process exited unsuccessfully (exit code 1)

 :~/chef-repo#
 knife ssl check
Connecting to host chef-server:443
Successfully verified certificates from `chef-server'

 :~/chef-repo#
 knife ssl fetch
WARNING: Certificates from chef-server will be fetched and placed in your 
trusted_cert
directory (/root/chef-repo/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for chef-server in 
/root/chef-repo/.chef/trusted_certs/chef-server.crt

 :~/chef-repo#
 chef-client
[2015-05-19T22:47:48-07:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 12.3.0
[2015-05-19T22:47:48-07:00] INFO: *** Chef 12.3.0 ***
[2015-05-19T22:47:48-07:00] INFO: Chef-client pid: 10091
Creating a new client identity for chef-client using the validator key.
[2015-05-19T22:47:50-07:00] INFO: Client key /etc/chef/client.pem is not 
present - registering
[2015-05-19T22:47:50-07:00] ERROR: SSL Validation failure connecting to host: 
chef-server - SSL_connect returned=1 errno=0 state=SSLv3 read server 
certificate B: certificate verify failed

================================================================================
Chef encountered an error attempting to create the client "chef-client"
================================================================================

[2015-05-19T22:47:50-07:00] FATAL: Stacktrace dumped to 
/var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 2.671493154 seconds
[2015-05-19T22:47:51-07:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B: certificate verify failed
[2015-05-19T22:47:51-07:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef 
run process exited unsuccessfully (exit code 1)

 :~/chef-repo#
 

> 

> On May 19, 2015, at 10:18 PM, Stuart Cracraft 
> <
 >
>  wrote:
> 
>> I am trying to do an initial chef-client run on a client (the chef server 
>> is named “chef-server”)
>> 
>> My question is, where do I set it so that it goes to “chef-server” instead 
>> of local-host.
>> 
>> chef_server_url is wrong below and should be 
>> 
>>   chef_server_url  "https://chef-server:443”
>> 
>> 
 :~/chef-repo/.chef#
>>  chef-client
>> [2015-05-19T22:08:19-07:00] INFO: Forking chef instance to converge...
>> Starting Chef Client, version 12.3.0
>> [2015-05-19T22:08:19-07:00] INFO: *** Chef 12.3.0 ***
>> [2015-05-19T22:08:19-07:00] INFO: Chef-client pid: 9159
>> Creating a new client identity for chef-client using the validator key.
>> [2015-05-19T22:08:23-07:00] INFO: Client key /etc/chef/client.pem is not 
>> present - registering
>> [2015-05-19T22:08:23-07:00] ERROR: Connection refused connecting to 
>> https://localhost/clients, retry 1/5
>> [2015-05-19T22:08:28-07:00] ERROR: Connection refused connecting to 
>> https://localhost/clients, retry 2/5
>> [2015-05-19T22:08:33-07:00] ERROR: Connection refused connecting to 
>> https://localhost/clients, retry 3/5
>> [2015-05-19T22:08:38-07:00] ERROR: Connection refused connecting to 
>> https://localhost/clients, retry 4/5
>> [2015-05-19T22:08:43-07:00] ERROR: Connection refused connecting to 
>> https://localhost/clients, retry 5/5
>> 
>> ================================================================================
>> Chef encountered an error attempting to create the client "chef-client"
>> ================================================================================
>> 
>> Network Error:
>> --------------
>> There was a network error connecting to the Chef Server:
>> Connection refused - Connection refused connecting to 
>> https://localhost/clients, giving up
>> 
>> Relevant Config Settings:
>> -------------------------
>> chef_server_url  "https://localhost:443";
>> 
>> If your chef_server_url is correct, your network could be down.
>> 
>> [2015-05-19T22:08:48-07:00] FATAL: Stacktrace dumped to 
>> /var/chef/cache/chef-stacktrace.out
>> Chef Client failed. 0 resources updated in 29.021418726 seconds
>> [2015-05-19T22:08:48-07:00] ERROR: Connection refused - Connection refused 
>> connecting to https://localhost/clients, giving up
>> [2015-05-19T22:08:48-07:00] FATAL: Chef::Exceptions::ChildConvergeError: 
>> Chef run process exited unsuccessfully (exit code 1)
>> 
 :~/chef-repo/.chef#
>>  
>> 
>