[chef] Re: winrm

[Taras Klym < >]

Hi Shah,

Please try to run "knife ssl fetch" from the workstation you are bootstrapping new nodes from.

So that it has certificates needed for communicating to Chef server.

Once workstation has certificates it will send them to newly bootstrapped nodes during bootstrap process as well.

And you should not have ssl connection issue anymore.

More details in regards to this you can find here:

https://docs.chef.io/knife_ssl_fetch.html

Or you can just turn off ssl check in client.rb on newly bootstrapped node by adding line as follow:

ssl_verify_mode :verify_none

More info on client.rb options you will find here:

http://docs.chef.io/config_rb_client.html

And just re-run chef-client on bootstrapped node side.

From mmy point more preferable and secure is to create and fetch certificates.

Hopefuly you will find my advises helpful. :)

Regards,

Taras.

--- Оригінальне повідомлення ---
Від кого: "Nikhil Shah" < >
Дата: 6 серпня 2015, 20:03:32

Hey guys,

It's been a while since i started bootstrapping windows machines since I've been doing linux for so long, I've enabled winrm and setup the proper configs for winrm. However, I am getting the following error and was hoping someone can lead me to the right place:

eset-era01.theorchard.local C:\Users\Administrator>chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json -E DEVELOPMENT 
eset-era01.theorchard.local [2015-08-06T12:44:45-04:00] INFO: *** Chef 12.4.1 ***
eset-era01.theorchard.local [2015-08-06T12:44:45-04:00] INFO: Chef-client pid: 4104
eset-era01.theorchard.local [2015-08-06T12:45:18-04:00] INFO: Client key c:/chef/client.pem is not present - registering
eset-era01.theorchard.local [2015-08-06T12:45:19-04:00] ERROR: SSL Validation failure connecting to host: chef01.theorchard.local - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
eset-era01.theorchard.local 
eset-era01.theorchard.local ================================================================================
eset-era01.theorchard.local Chef encountered an error attempting to create the client "eset-era01.TheOrchard.local"
eset-era01.theorchard.local ================================================================================
eset-era01.theorchard.local 
eset-era01.theorchard.local [2015-08-06T12:45:19-04:00] ERROR: Running exception handlers
eset-era01.theorchard.local [2015-08-06T12:45:19-04:00] ERROR: Exception handlers complete
eset-era01.theorchard.local [2015-08-06T12:45:19-04:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
eset-era01.theorchard.local [2015-08-06T12:45:19-04:00] FATAL: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

--

Nikhil Shah • System Administrator

" target="_blank">  • p. (+1) 212 308-5648 

THE ORCHARD Distribution Done Right

23 E 4^th St Fl 3, New York, NY 10003

www.theorchard.com

Follow us: The Daily Rind • Facebook • Twitter • YouTube • LinkedIn

Privileged And Confidential Communication. This electronic transmission, and any documents attached hereto, (a) are protected by the Electronic Communications Privacy Act (18 USC §§ 2510-2521), (b) may contain confidential and/or legally privileged information, and (c) are for the sole use of the intended recipient named above. If you have received this electronic message in error, please notify the sender and delete the electronic message. Any disclosure, copying, distribution, or use of the contents of the information received in error is strictly prohibited.