I've joined a new company and to get caught up to speed, I've been playing with Vagrant for my VM. I had my system nearly set up and then a weird error forced me to shut off my laptop without disconnecting via vagrant destroy. Now when trying to get set, I run vagrant up and get the following error message.
[default] Running provisioner: Vagrant::Provisioners::ChefClient...
[default] Creating folder to hold client key...
[default] Uploading chef client validation key...
[default] Generating chef JSON and uploading...
[default] Running chef-client...
stdin: is not a tty
[Wed, 16 Jan 2013 05:20:20 -0500] INFO: *** Chef 0.10.2 ***
[Wed, 16 Jan 2013 05:20:20 -0500] INFO: Client key /etc/chef/client.pem is not present - registering
[Wed, 16 Jan 2013 05:20:21 -0500] INFO: HTTP Request Returned 409 Conflict: Client already exists.
[Wed, 16 Jan 2013 05:20:22 -0500] INFO: HTTP Request Returned 403 Forbidden: Merb::ControllerExceptions::Forbidden
[Wed, 16 Jan 2013 05:20:22 -0500] FATAL: Stacktrace dumped to /srv/chef/file_store/chef-stacktrace.out
[Wed, 16 Jan 2013 05:20:22 -0500] FATAL: Net::HTTPServerException: 403 "Forbidden"
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
chef-client -c /tmp/vagrant-chef-1/client.rb -j /tmp/vagrant-chef-1/dna.json
Now from my own research I see that this means a client already exists with the name specified, so I decided to manually shut it down. I tried to list all the knife clients with knife client list but then got the following message:
WARNING: No knife configuration file found
ERROR: Your private key could not be loaded from /etc/chef/client.pem
Check your configuration file and ensure that your private key is readable
Strange. I know knife.rb exists, I see it when I ls so I don't know how the knife configuration file couldn't exist. I can't see my knife clients without this private key apparently. I'm completely new to Vagrant, Knife AND Chef so I'm stumped.
Thoughts?
So the convention is that your knife.rb be located in ~/.chef/knife.rb or /etc/chef/knife.rb - I prefer the former, as it keeps it in my home folder, adn constrained to MY user account.
I will also typically keep my Chef Server client certificate there as well.
Once you are able to execute a knife client list successfully, then you will be able to identify and remove the offending client certificate. (You might also be able to use the Web UI in the interim).
Having Vagrant remove the client's cert on destroy was a suggested feature but was never implemented, leaving it to the operator to make that decision.
Additionally - it looks like you're using a VERY old version of Chef - 0.10.2 - and we've just had 10.18.2 released today. Something to consider.
Related
I am bit familiar with Chef and its bootstrapping techniques. I am trying to bootstrap my new chef-client/node without passing password
I tried below by generating a ssh key but still failing
knife bootstrap MY_NODE_IP -x SERVER_ADMIN_USERNAME -i PATH_TO_KEY_FILE --sudo --node-name THE_NODE_NAME
On triggering above command on Chef DK getting error as below
WARN: [SSH] PTY requested: stderr will be merged into stdout
WARN: [SSH] connection failed, terminating (#<Net::SSH::AuthenticationFailed: Authentication failed for user user#mynode>)
ERROR: Train::Transports::SSHFailed: SSH session could not be established
I also tried doing manual installation as per below instruction , but again a failure https://serverfault.com/questions/761167/how-to-manually-set-up-a-chef-node
I created a client manually, but I was unable to create a node in chef server manually. Please suggest
Getting network error as below
Networking Error:
-----------------
Error connecting to https://myserver/organizations/organization/nodes/mynode - Failed to open TCP connection to www.internet:8080 (getaddrinfo: Name or service not known)
Bootstrapping from my chef DK also throws an error
Is there a way to bootstrap linux chef client without using password from a windows chef DK?
Below is my Chef environment
1.Chef Infra Client: 15.14.0
2.Chef Workstation 0.8.7.1
3.Chef-server 12.18.14
I'm getting this error when trying to configure the knife plugin for Chef in an Ubuntu 14.04 instance on Google Cloud Platform. Any ideas on how to fix this?
FATAL: Cannot find subcommand for: 'osc_user configure -i'
There are 2 VMs - one is the chef-server and the other the chef-workstation, both are the same OS.
Source :- https://cloud.google.com/solutions/google-compute-engine-management-puppet-chef-salt-ansible-appendix#getting-started-with-chef-on-compute-engine
Chef-server VM IP - https://35.227.106.170/
Chef-workstation VM IP - https://35.231.42.82/
Here is the console log:
anjalithomas_mec#chef-workstation:~/.chef$ knife configure -i # server: https://[server's external IP address]:443, cookbook_path = ~/chef-repo
Please enter the chef server URL: [https://chef-workstation.c.chef-gcp-195115.internal/organizations/myorg] https://35.227.80.216
Please enter a name for the new user: [anjalithomas_mec] any
Please enter the existing admin name: [admin]
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem]
Overwrite /home/anjalithomas_mec/.chef/credentials?? (Y/N) Y
Creating initial API user...
Please enter a password for the new user:
WARNING: IF YOU ARE USING CHEF SERVER 12+, PLEASE FOLLOW THE INSTRUCTIONS
UNDER knife user create --help.
You only passed a single argument to knife user create.
For backwards compatibility, when only a single argument is passed,
knife user create assumes you want Open Source 11 Server user creation.
knife user create for Open Source 11 Server is being deprecated.
Open Source 11 Server user commands now live under the knife osc_user namespace.
For backwards compatibility, we will forward this request to knife osc_user create.
If you are using an Open Source 11 Server, please use that command to avoid this warning.
NOTE: Backwards compatibility for Open Source 11 Server in these commands will be removed
in Chef 15 which will be released April 2019.
FATAL: Cannot find subcommand for: 'osc_user configure -i'
Looks like it's an open issue with no fix yet:
chef client - error during Knife configure -i #4814
https://github.com/chef/chef/issues/4814
I already installed the git windows on my server windows 2008, I also generate keys using the git bash.
I tried to use this command ssh-copy-id user#123.45.56.78
/usr/bin/ssh-copy-id: INFO:
attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR:
ssh: connect to host 123.45.56.78 port 22: Connection refused
how can i fixed this... in my ubuntu server I have no problem on this only in windows.
You have to use the same keys or to register all the keys under your main server.
Once You have the keys you will be able to connect.
How to tell if the keys are copied successfully?
user#linux ~ $ ssh-copy-id user#remote
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed
Number of key(s) added: 1
In your case you see an error which means that the ssh-copy-id does not work so follow the next section:
If the ssh-copy-id doesn't work?
Simpy cat and copy the files manually to the server and it will work for you.
# Copy the output of private key
# you can also copy the public key if you need to
cat ~/.ssh/id_rsa
I am using chef dk version 12 and i have done basic setup and uploaded many cookbooks , currently i am using remote_directory in my default.rb
What i have observed is whenever there are too many files /hierarchy in the directory the upload fails with the below exception :-
ERROR: SSL Validation failure connecting to host: xyz.com - SSL_write: cert already in hash table
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL_write: cert already in hash table
As mentioned earlier connection to server isnt a problem it happens only when there are too many files/the hierarchy is more .
Can you please suggest what i can do? I have tried searching online for solutions but failed to get a solution
I have checked the question here but it doesnt solve my problem
Chef uses embedded ruby and openssl for people not working with chef
Some updates on suggestion of tensibai,
The exceptions have changed since adding the option of --concurrency 1 ,
Initially i had received,
INFO: HTTP Request Returned 403 Forbidden:ERROR: Failed to upload filepath\file (7a81e65b51f0d514ec645da49de6417d) to example.com:443/bookshelf/… 3088476d373416dfbaf187590b5d5687210a75&Expires=1435139052&Signature=SP/70MZP4C2UdUd9%2B5Ct1jEV1EQ%3D : 403 "Forbidden" <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message>
Then yesterday it has changed to
INFO: HTTP Request Returned 413 Request Entity Too Large: error
ERROR: Request Entity Too Large
Response: JSON must be no more than 1000000 bytes.
Should i decrease the number of files or is there any other option?
Knife --version results in Chef: 12.3.0
Should i decrease the number of files or is there any other option?
Ususally the files inside a cookbook are not intended to be too large and too numerous, if you got a lot of files to ditribute it's a sign you should change the way you distribute thoose files.
One option could be to make a tarball, but this makes harder to manage the deleted files.
Another option if you're on an internal chef-server is to follow the advice here and change the client_max_body_size 2M; value for nginx but I can't guarantee it will work.
I had same error and i ran chef-server-ctl reconfigure on chef server then tried uploading cookbook again and all started working fine again
I have installed Chef server on One Physical Linux node successfully,
Now i am trying to install chef-client on the other Linux VM,
Unfortunately i am getting below error.
ERROR: Your private key could not be loaded from /etc/chef/webui.pem
Check your configuration file and ensure that your private key is readable
so copied the webui.pem from chef server to Linux Client
tried to execute knife client List
ERROR: Failed to authenticate to http://xxx.xxx.xxx.xxx:4000 as admin with key /etc/chef/webui.pem
Response: Failed to authenticate. Ensure that your client key is valid.
To use knife you need to be logged in as an admin user. Either copy down the servers admin.pem key or better still create a new admin user and use its key.
Another thing to fix is make sure the node_name used to login matches the key you're using. (The error message suggests you're using "admin"):
node_name 'myuser'
client_key '/home/me/.chef/keys/myuser.pem'