- From: o haya <
>
- To:
- Cc:
, Galen Emery <
>
- Subject: [chef] Re: Re: Re: Re: HELP! I think that I really messed up Chef configuration :(!!
- Date: Mon, 13 Jul 2015 16:20:53 -0700
--------------------------------------------
On Mon, 7/13/15, o haya
<
>
wrote:
Subject: Re: [chef] Re: Re: Re: HELP! I think that I really messed up Chef
configuration :(!!
To: "Galen Emery"
<
>,
Cc:
,
"Galen Emery"
<
>
Date: Monday, July 13, 2015, 6:56 PM
Hi,
This is the error I'm getting. This is when I run just
"chef-client" on a node that has the original Chef client
("original" == I did not re-bootstrap it after the new
workstation).
PS ...> chef-client
Starting Chef Client, version 12.3.0
[2015-07-13T18:46:06-04:00] INFO: *** Chef 12.3.0 ***
[2015-07-13T18:46:06-04:00] INFO: Chef-client pid: 2356
Creating a new client identity for node1 using the validator
key.
[2015-07-13T18:46:38-04:00] INFO: Client key
c:/chef/client.pem is not present - registering
[2015-07-13T18:46:38-04:00] INFO: HTTP Request Returned 401
Unauthorized: error
================================================================================
Chef encountered an error attempting to create the client
"node1"
================================================================================
Authentication Error:
---------------------
Failed to authenticate to the chef server (http 401).
Server Response:
----------------
Invalid signature for user or client 'chefadmins-validator'
Relevant Config Settings:
-------------------------
chef_server_url
"
https://chefserver.whatever.com/organizations/chefadmins";
validation_client_name "chefadmins-validator"
validation_key
"c:/chef/validation.pem"
If these settings are correct, your validation_key may be
invalid.
[2015-07-13T18:46:38-04:00] FATAL: Stacktrace dumped to
c:/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 38.569658
seconds
[2015-07-13T18:46:38-04:00] FATAL: Net::HTTPServerException:
401 "Unauthorized"
FYI, on one of the other nodes, I *did* uninstall the chef
client (via Control Panel) and then did "knife bootstrap
windows winrm) and then I did "chef-client" on that other
node and that worked.
So I'm not sure what the one that I did not re-bootstrap
doesn't work yet?
Jim
--------------------------------------------
On Mon, 7/13/15, Steven Murawski
<
>
wrote:
Subject: [chef] Re: Re: Re: HELP! I think that I really
messed up Chef configuration :(!!
To: "o haya"
<
>,
"Galen Emery"
<
>
Cc: "o haya"
<
>,
,
"Galen Emery"
<
>
Date: Monday, July 13, 2015, 5:59 PM
Once you click the
starter
kit, you get a warning about invalidating your previous
keys. Once you go past that, your previous validator
and user PEMs are invalid and you need to use the new one.
This does not reset existing client PEM
files.
Going back to
whether or not you should uninstall the chef client from
the
workstation with ChefDK - it depends. If the
workstation is being managed with Chef and you expect a
particular version of Chef Client, leave it.
Otherwise, feel free to
uninstall.
With ChefDK,
you can run
chef
shell-init powershell |
invoke-expression
This will
make sure ChefDK is earlier on your system path (for that
shell session) and that most of your environmental
variables
for working with Chef's embedded ruby install are
correct. I include that line in my PowerShell profile,
so that is set every time I open a PowerShell
session.
Steve
Steve
Steven MurawskiCommunity Software Development Engineer @
ChefMicrosoft MVP - PowerShell
http://stevenmurawski.com
On 7/13/2015 4:41:03
PM, o haya
<
>
wrote:Hi,
Once I had clicked that starter kit button, did generate
some new key or keys inside the Chef server itself, so the
PEMs that were on the workstation before that are all
invalidated at that point?
What about the Chef nodes? Are there keys/PEMs that
need to
be replaced on all the nodes now also? I
think that when I
tried a chef-client run after I did the starter kit button
that I was getting 401 errors also, so I guess there must
be
something on the nodes that needs to be replaced?
Jim
--------------------------------------------
On Mon, 7/13/15, Galen Emery wrote:
Subject: Re: [chef] Re: Re: HELP! I think that I
really
messed up Chef configuration :(!!
To: "o haya"
Cc:
,
"Galen Emery" ,
"Steven Murawski"
Date: Monday, July 13, 2015, 5:22 PM
In short,
yes.
The key piece is that
knife looks for a .chef folder and a knife.rb inside
of
it,
that tells it which server to talk to and what user
to
authenticate as.
You can
either generate new ones, or copy/move your
repository
from
one workstation to another.
On Mon, Jul 13, 2015 at
2:13 PM, o haya
wrote:
Hi,
Thanks.
As I said in the 2nd msg (or 3rd) I think that
conceptually,
I thought that "oh, I want a new/different
workstation", so I basically just followed the steps
that I did when I did the initial workstation
(including
creating the new starter kit). I didn't realize
that
in doing that, I was basically wiping out the
original
configuration (if I'm understanding what you and
Steven
are trying to explain).
Is that correct?
Going back, I wasn't necessarily looking for a new
workstation.. it was more that I just wanted the
workstation
to be on a different machine, because of some reasons
I
had
in my testing.
Given all that, could I just have move the whole
chef-repo
directory from the original machine to the new (the
AD
machine) machine instead of generating the new
starter,
etc., or instead of doing generating a new knife.rb,
and
the
other two PEMs?
In other words, could I just have:
- Ran the ChefDK installer on the AD machine, then
- Copied the c:\users\Administrator\chef-repo
directory from the original Chef workstation to the
c:\user\Admiistrator\chef-repo directory on
the
AD machine?
Thanks,
Jim
--------------------------------------------
On Mon, 7/13/15, Galen Emery
wrote:
Subject: [chef] Re: Re: HELP! I think that I
really
messed
up Chef configuration :(!!
To:
Cc: "Steven Murawski" ,
Date: Monday, July 13, 2015, 5:04 PM
Jim,
To create a new Chef
Workstation there's a couple different options
rather
than using the starter kit.
At the end of the day, the workstation needs
these things inside a .chef folder:
1) knife.rb file with the correct user and
server to talk to.
2) user.pem for that
user.3*) organization-validator.pem (for
old-style
bootstraps)
You can generate the knife.rb file from the
Manage UI, or just copy it from your current
workstation.
You can
either copy your pem file around, or create a new
user
for
your separate workstation. To create a new
user: 1. Go to the signup page
(
http://chefserver/signup)
and create a new user.
2. Sign in as your
other user and invite the new one to the
organization
and
assign whatever rights you wish.
3. Log in
as new user and accept the invite.
4.
Generate key-pair for new user and stick in the
.chef
directory.
To create a new
validator key (If you don't use the
validator-style
bootstraps, then you don't need to do this), go
into
the
Manage UI > Policy > Clients > Create New
(Select
Validation Client). This will give you a new
validator
client to work with.
Hope
that helps!
On Mon, Jul 13, 2015 at
1:51 PM, o haya
wrote:
Hi,
Also, from some reading, it seems like, with
regards to
the
keys, I should not have clicked that starter kit
button
and
gotten a new ZIP file?
So what SHOULD I have done when I wanted to create
the
"new" Chef workstation?
Thanks again,
Jim
--------------------------------------------
On Mon, 7/13/15, o haya
wrote:
Subject: Re: [chef] HELP! I think that I
really
messed
up Chef configuration :(!!
To:
,
"Steven Murawski"
Cc:
Date: Monday, July 13, 2015, 4:41 PM
Hi Steven,
Wow! Thanks - I think this
was very helpful (but still not sure):
Re. the knife:
The original one, that is kind of working
still, but broken now:
PS
C:\Users\Administrator\chef-repo>
get-command knife |
format-list *
HelpUri :
FileVersionInfo : File:
C:\opscode\chefdk\bin\knife.bat
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
Path :
C:\opscode\chefdk\bin\knife.bat
Extension
: .bat
Definition
:
C:\opscode\chefdk\bin\knife.bat
Visibility : Public
OutputType :
{System.String}
Name
: knife.bat
CommandType
: Application
ModuleName
:
Module
:
RemotingCapability :
PowerShell
Parameters
:
ParameterSets :
The new one, which doesn't work at all:
C:\Users\Administrator\chef-repo>exit
PS C:\Users\Administrator\chef-repo>
get-command knife | format-list *
HelpUri :
FileVersionInfo : File:
c:\opscode\chef\bin\knife.bat
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
Path :
c:\opscode\chef\bin\knife.bat
Extension
: .bat
Definition
: c:\opscode\chef\bin\knife.bat
Visibility : Public
OutputType :
{System.String}
Name
: knife.bat
CommandType
: Application
ModuleName
:
Module
:
RemotingCapability :
PowerShell
Parameters
:
ParameterSets :
So it does look like on the "new"
one, I'm picking up the knife from a Chef
client,
and
not from the Chef DK?
Is
that correct?
How can I fix that? Should I just uninstall
the Chef client from that machine (this is the
AD
machine,
which did have a Chef client on it originally)?
Re. the PEMS, can you clarify
what you meant when you said:
"so you'll need to replace those
with
the ones from the most recent starter
kit"
Which are "those" and where do I get
"the ones from the most recent starter kit"
(specifically)?
Thanks again!
Jim
--------------------------------------------
On Mon, 7/13/15, Steven Murawski
wrote:
Subject: Re: [chef]
HELP! I think that I really messed up Chef
configuration
:(!!
To:
Cc: "o haya"
Date: Monday, July 13, 2015, 4:05 PM
So, when you requested the
starter kit, your previous user pem and
validation.pem
were invalidated, so you'll need to
replace those with
the ones from the most
recent starter kit.
The second part could
be a couple of
things. Do you have
another install of Chef on the system?
If
you have a Chef Client install as well, you may
be
resolving knife from that install rather than
ChefDK. (and
each will have their own
copy of the various gems). You
can test
that from PowerShell by using Get-Command knife
|
format-list * and checking out the path it is
coming
from.
Steve
Steven MurawskiCommunity Software Development
Engineer @
ChefMicrosoft MVP -
PowerShell
http://stevenmurawski.com
On 7/13/2015 2:52:27
PM, o haya
wrote:Hi,
I originally had the
following
configuration:
Chef
Server (CENTOS 6.6)
Chef
Workstation (Windows 2008 w/ChefDK
installed)
Test AD
(Windows 2008)
Test Nodes
(Windows 2008)
..
..
I
(probably stupidly) decided that I want
to
put the Chef Workstation on the Test AD machine.
I'll try to describe what I've done,
but things are
so messed up at this point,
I'm not sure exactly
what's going
on or what I did.
So, I ran the ChefDK
installer on the AD
machine. Then, I
think I got the quickstart ZIP from the
Chef server, and I unzipped in in the chef-repo
directory
on
the AD machine.
After
that, basically nothing worked.
The first
thing I ran into was that the
Chef-client
(the nodes) could not register anymore, getting
401 errors when i try to run chef-client on
them.
So then, I thought I should try to
re-bootstrap the nodes but I can't seem to
get the
knife-windows to work on the new
Chef workstation.
I run "chef gem
install
knife-windows" in the
chef-repo directory, but then
when I try to
run "knife bootstrap windows winrm "
it says that the host I'm trying to
bootstrap is
"windows".
I think that I have some OVAs that I backed
up from earlier, so I'm going to try to
see if I can
restore them, but can anyone
tell me or point me to what
went wrong?
Is there just no way to "move" the
Chef Workstation or make a 2nd instance once
it's
installed? It seems like all the
pieces (the nodes, the
Chef server and the
workstation) are permanently linked
together?
Thanks,
Jim
--
Galen
Emery
- [chef] HELP! I think that I really messed up Chef configuration :(!!, o haya, 07/13/2015
- [chef] Re: HELP! I think that I really messed up Chef configuration :(!!, Steven Murawski, 07/13/2015
- [chef] Re: HELP! I think that I really messed up Chef configuration :(!!, o haya, 07/13/2015
- [chef] Re: HELP! I think that I really messed up Chef configuration :(!!, o haya, 07/13/2015
- [chef] Re: Re: HELP! I think that I really messed up Chef configuration :(!!, Galen Emery, 07/13/2015
- [chef] Re: Re: Re: HELP! I think that I really messed up Chef configuration :(!!, o haya, 07/13/2015
- [chef] Re: Re: Re: HELP! I think that I really messed up Chef configuration :(!!, Galen Emery, 07/13/2015
- [chef] Re: Re: Re: Re: HELP! I think that I really messed up Chef configuration :(!!, o haya, 07/13/2015
- [chef] Passing run_list to windows node which is to be bootstrapped., Taras Klym, 07/14/2015
- [chef] Re: Passing run_list to windows node which is to be bootstrapped., Steven Murawski, 07/14/2015
- [chef] Re: Re: Passing run_list to windows node which is to be bootstrapped., Taras Klym, 07/14/2015
- [chef] Re: Re: Re: Re: Re: HELP! I think that I really messed up Chef configuration :(!!, Steven Murawski, 07/14/2015
Archive powered by MHonArc 2.6.16.