It would appear that "knife ec2" does not honor the "--bootstrap-version" argument that works with "knife bootstrap".
For Instance, this does not work:
knife ec2 server create -I ami-932c5be9 -f t2.small -S chef -i /home/ted/chef_key --ssh-user ted --subnet subnet-4cd9d113 --json-attributes '{"policy_name": "web_server", "policy_group": "prod"}' -N teds_apache_server -g "sg-dec3f883" --tags Lifecycle="PROD",Installer="Ted",Application="Apache",--region us-east-1 --server-connect-attribute private_ip_address --bootstrap-template /home/ted/chef-repo/.chef/bootstrap/bootstrap_prd.erb --availability-zone us-east-1c --bootstrap-version 13.6.4
Afterwards this instance would deploy but would not have the chef-client version 13.6.4 installed. I would have to do a knife node delete, knife client delete and ssh to the instance and uninstall the chef-client package. After that I can run:
knife bootstrap chef#10.10.1.1 -i /home/ted/chef_key --sudo --ssh-user chef --json-attributes '{"policy_name": "web_server", "policy_group": "prod"}' -N teds_apache_server --bootstrap-template /home/ted/chef-repo/.chef/bootstrap/bootstrap_prd.erb --bootstrap-version 13.6.4
...this will install the latest version. Any ideas on how to get this to work with knife ec2?
You're using a custom bootstrap-template file which probably ignores the bootstrap version attribute chef_version. Check https://github.com/juliandunn/chef-bootstrap-templates for a collection of bootstrap templates and the use of the chef_version variable as suggestion for your own.
Chefs default build-in-template respects the version to build the latest_current_chef_version_string value, see lib/chef/knife/core/bootstrap_context.rb
Related
I am trying to learn Chef and started installing its components. I have three micro EC2 RHEL7.X instances running on AWS. In those, one EC2 configured as chef-server, second Ec2 as workstation perfectly. But, when i try to bootstrap third EC2 from work station, i always get the following ERROR.
I used the bellow commands to install the client from workstation.
knife bootstrap -.-.-.- -x root -P password --node-name client ==> i do not have any password set for the client EC2 instance
Also tried
knife bootstrap -.-.-.- --ssh-user ec2-user --sudo -i ./some.pem --run-list webserver
knife bootstrap -.-.-.- --ssh-user ec2-user --sudo --identity-file ./some.pem --run-list webserver
Got Error
ERROR: Net::SSH::AuthenticationFailed: Authentication failed for user ec2-user#-.-.-.-#-.-.-.-
But never get this working. I know there are some AWS existing utilities around Chef but i want to use only with normal EC2 instances.
Any help on how can i do this in this scenario.
I created the SSL key for workstation and then added that key in client's “/home/ec2-user/.ssh/authorized_keys" and then ran the below command from workstation which got worked
knife bootstrap -.-.-.- --ssh-user ec2-user --sudo --identity-file /home/ec2-user/keyworkstation --node-name client
I'm trying to create an AWS server in the region "Canada(Central)", which, according to the Amazon documentation (http://docs.aws.amazon.com/general/latest/gr/rande.html), is called ca-central-1.
The command I'm running is:
knife ec2 server create -I ami-70299b14 -f t2.nano -S my-key -i ~/.ssh/my-key.pem -ssh-user ubuntu --region ca-central-1 -Z ca-central-1a
And the error I get is:
ERROR: ArgumentError: Unknown region: "ca-central-1"
The ami I'm using is one that I've used to launch a server in the region using the online EC2 Management Console.
I created an IAM user and kay pairs in this region and have given the user all permissions on ec2 resources, and I've also created an inbound rule for ssh in the region. Is there something else I'm missing?
Unfortunately fog-aws only added this region very recently so there isn't yet support for it in knife ec2. Will hopefully be in the next ChefDK release in a few weeks. For now you can just create VMs either from the aws command line tool or the web UI, and then use knife bootstrap on them.
1: your knife.rb as
knife[:aws_access_key_id] = "AWS_ACCESS_KEY"
knife[:aws_secret_access_key] = "AWS_SECRET"
knife[:ssh_key_name] = 'my-key'
knife[:image] = 'ami-21414f36'
knife[:flavor] = 't2.micro'
knife[:region] = 'ca-central-1'
knife[:availability_zone] = 'ca-central-1a'
knife[:ebs_size] = 30
knife[:editor] = 'nano'
2: Generate Key Pair for Canada (Center)
3: Run the knife ec2 server create command.
knife ec2 server create -I ami-70299b14 -f t2.nano -ssh-user ubuntu --region ca-central-1 -Z ca-central-1a
That's worked for me
Try this command:
knife ec2 server create -N node_name -I ami-21414f36 -f t2.micro -x '.\key_ca' -P 'ec2#123' --ssh-key key --region ca-central-1 --availability-zone 'ca-central-1a' --ebs-size 30 --security-group-ids sg-75cbd50d --bootstrap-protocol winrm --winrm-transport ssl --winrm-ssl-verify-mode verify_none
I am new to chef. I have successfully configured chef workstation and server.
So by using this below command I am able to launch only one instance:
knife ec2 server create –image ami-cc5af9a5 -i ram.pem –flavor m1.small -x root –groups chef-client -Z us-east-1a -r “role[webserver]”
By this command I can bootstrap only one node:
knife ec2 server create –image ami-a4827dc9 -i NVirginia.pem –flavor t2.micro -x root –groups RC-Corporation -Z us-east-1a -r "role[learn_chef_httpd]"
I want to launch and Bootstrap 100+ instances, so how can I customize these commands?
knife-ec2 is aimed at relatively small scale interactive usage and is not intended for this. Look at tools like CloudFormation, SparkleFormation, and Terraform.
when I run bootstrap command, it asks for password many times
Running Chef on 123.123.123.123...
Installing Librarian cookbooks...
Uploading the kitchen...
Enter the password for root#123.123.123.123:
root#123.123.123.123's password:
root#123.123.123.123's password:
root#123.123.123.123's password:
root#123.123.123.123's password:
root#123.123.123.123's password:
root#123.123.123.123's password:
root#123.123.123.123's password:
root#123.123.123.123's password:
Generating solo config...
root#123.123.123.123's password:
Running Chef...
Starting Chef Client, version 11.10.4
Is there some way to stop this and use password one single time?
Looking at the knife bootstrap -h documentation:
knife bootstrap FQDN (options)
--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]
Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode
--bootstrap-proxy PROXY_URL The proxy server for the node being bootstrapped
--bootstrap-version VERSION The version of Chef to install
-N, --node-name NAME The Chef node name for your new node
--server-url URL Chef Server URL
--chef-zero-port PORT Port to start chef-zero on
-k, --key KEY API Client Key
--[no-]color Use colored output, defaults to false on Windows, true otherwise
-c, --config CONFIG The configuration file to use
--defaults Accept default values for all questions
--disable-editing Do not open EDITOR, just accept the data as is
-d, --distro DISTRO Bootstrap a distro using a template
-e, --editor EDITOR Set the editor to use for interactive commands
-E, --environment ENVIRONMENT Set the Chef environment
-j JSON_ATTRIBS, A JSON string to be added to the first run of chef-client
--json-attributes
-F, --format FORMAT Which format to use for output
-A, --forward-agent Enable SSH agent forwarding
--hint HINT_NAME[=HINT_FILE] Specify Ohai Hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.
--[no-]host-key-verify Verify host key, enabled by default.
-i IDENTITY_FILE, The SSH identity file used for authentication
--identity-file
-z, --local-mode Point knife commands at local repository instead of server
-u, --user USER API Client Username
--prerelease Install the pre-release chef gems
--print-after Show the data after a destructive operation
-r, --run-list RUN_LIST Comma separated list of roles/recipes to apply
-s, --secret The secret key to use to encrypt data bag item values
--secret-file SECRET_FILE A file containing the secret key to use to encrypt data bag item values
-G, --ssh-gateway GATEWAY The ssh gateway
-P, --ssh-password PASSWORD The ssh password
-p, --ssh-port PORT The ssh port
-x, --ssh-user USERNAME The ssh username
--template-file TEMPLATE Full path to location of template to use
--sudo Execute the bootstrap via sudo
--use-sudo-password Execute the bootstrap via sudo with password
-V, --verbose More verbose output. Use twice for max verbosity
-v, --version Show chef version
-y, --yes Say yes to all prompts for confirmation
-h, --help Show this message
You can see there's the option to pass the --sudo, --use-sudo-password, and --ssh-password options. Without more information, I can't tell you which one to use, but one of those will let you specify the password during bootstrap.
I'm having some kind of authentication issue when trying to launch server instances in EC2 with the knife command.
I'm using a command like:
knife ec2 server create --availability-zone us-east-1d --node-name ES-test --flavor t1.micro --image ami-fd20ad94 --identity-file something-dev.pem --ssh-user ubuntu -r 'recipe[something-elasticsearch::default]'
And there are 2 points of failure. The first comes relatively early on.
Waiting for instance...........................
Subnet ID: subnet-61dfa849
Private IP Address: 10.0.0.43
done
Bootstrapping Chef on 10.0.0.43
Failed to authenticate ubuntu - trying password auth
Enter your password:
I should be able to authenticate as Ubuntu with no password here. In fact, if I allow the provisioning to continue and try to ssh to the generated instance with something like:
ssh -i something-dev.pem ubuntu#10.0.0.43
...it will work. So why is the knife command itself failing to authenticate?
I had the same problem as above and tried the ssh-add as suggested by Rico above. Although I still got the prompt for a password, hitting enter on a blank password then allowed the process to continue.
Failing that, the -V verbose output option may give you more insight.
I found this to work well for me.
bundle exec knife ec2 server create -r "role[websphere]" -I ami-cb94868e --flavor m1.small -G default --ssh-user ubuntu -N server01 -S whatever --identity-file .chef/whatever.pem
Also consider that when you download the .pem from AWS, you need to chmod 400 whatever.pem