[chef] RE: Re: RE: Re: Newbie needs help creating AWS EC2 Windows instance

[Alex Neihaus < >]

Thanks again for your help.

I was thinking the same thing -- that the wrong key is being used to connect 
to the instance --  so here’s what I tried:
1). Generated a new AWS keypair
2). Placed that key in chef-repo/.chef
3). Ran knife ec2 with that key name in --ssh-key _without_ the .pem 
extension.  That is, --ssh-key=name_of_key_file_without.pem_extension (knife 
ec2 blows up if you use the full filename with a “cannot be found message" 
message from AWS.)
4). Logged into the console and successfully decrypted the password with the 
.pem file specified in the knife ec2 command

Conceptually, I am having a problem understanding what, exactly, is going on 
that requires an ssh key. I know the doc says it's needed but I don't 
understand why. There's nothing listening on port 22 in the instance -- 
that's where 

Still no joy getting knife ec2 to bootstrap the running, accessible instance.

Could there be a problem with the version of knife ec2? I am running 12.4.1.

Appreciate the tip about the instance costs -- until I get it running, I've 
dialed that back. The AMI is an AWS image with SQL Server, to t2. Instance 
types are out.



From: Fabien Delpierre 
[mailto:
 
 
Sent: Friday, September 25, 2015 10:09
To: chef 
<
 >
Subject: [chef] Re: RE: Re: Newbie needs help creating AWS EC2 Windows 
instance

Usually that error would occur if you weren't using the correct private key.
Suggestion: create an instance the exact same way you did (or use one that 
you still have running), go to the AWS web console, and try to download the 
admin credentials by using the same .pem file you used in your knife ec2 
command. That'll tell you whether you're at least using the right one. Unless 
you knowingly put the .pem file corresponding to your AWS keypair in your 
/chefrepo/.chef directory, my guess is you're using the wrong file.
Also, I might suggest that you don't use m4.xlarge instances for initial 
testing -- Windows instances of that size aren't cheap and it will add up 
quickly!

On Fri, Sep 25, 2015 at 9:45 AM, Alex Neihaus 
<
 >
 wrote:
Thanks to everyone who has responded. I am almost there.

I have knife ec2 standing up a Windows Server 2008 R2 instance and, 
apparently, connecting to it via winrm. However, after accessing winrm and 
during what I think is the attempt to bootstrap the instance to Chef, I 
receive an OpenSSL “padding check failed” error.

If anyone has any clues, I’d appreciate your help. Here's the error and the 
knife ec2 command I am using (with the sensitive parts removed):

Waiting for EC2 to create the instance......
Subnet ID: subnet-<removed>
Tenancy: default
Private IP Address: <removed>
Waiting for winrm access to become available.....done
Waiting for Windows Admin password to be available............
ERROR: OpenSSL::PKey::RSAError: padding check failed

knife ec2 server create --flavor m4.xlarge --associate-public-ip 
--bootstrap-protocol winrm -N WinServerTestNodeCanBeDeleted --region 
us-east-1 --availability-zone us-east-1d --security-group-ids sg-NNNNN -T 
name=WinServerTestNodeCanBeDeleted -I ami-YYYYY --user-data 
/path-to-user-text/usertext.txt -A <removed> -K <removed> --ssh-key <AWS key 
name> --subnet subnet-XXXXXXX   --identity-file 
/pathtochefrepo/.chef/<removed>.pem -VV

Alex