Error Resolving Cookbooks for Run List

[Phil]

So I ran this...

PS E:\VagrantStuff\chef-repo> knife node show module3

Node Name:   module3

Environment: _default

FQDN:        centos63.example.com

IP:          10.160.201.90

Run List:    recipe[apache]

Roles:

Recipes:     apache, apache::default

Platform:    centos 6.4

Tags:

PS E:\VagrantStuff\chef-repo> knife node run list remove module3 "recipe[apache]"

module3:

  run_list:

PS E:\VagrantStuff\chef-repo> knife node run list add module3 "role[webserver]"

module3:

  run_list: recipe[roles]

then SSH'd into the server to run sudo chef client and got the error in the question title:

[root@CentOS63 ~]# sudo chef-client

[2014-06-03T14:24:50-04:00] WARN:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

SSL validation of HTTPS requests is disabled. HTTPS connections are still

encrypted, but chef is not able to detect forged replies or man in the middle

attacks.

To fix this issue add an entry like this to your configuration file:

```

  # Verify all HTTPS connections (recommended)

  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server

  verify_api_cert true

```

To check your SSL configuration, or troubleshoot errors, you can use the

`knife ssl check` command like so:

```

  knife ssl check -c /etc/chef/client.rb

```

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Starting Chef Client, version 11.12.2

resolving cookbooks for run list: ["roles"]

================================================================================

Error Resolving Cookbooks for Run List:

================================================================================

Missing Cookbooks:

------------------

The following cookbooks are required by the client but don't exist on the server:

* roles

Expanded Run List:

------------------

* roles

Running handlers:

[2014-06-03T14:24:54-04:00] ERROR: Running exception handlers

Running handlers complete

[2014-06-03T14:24:54-04:00] ERROR: Exception handlers complete

[2014-06-03T14:24:54-04:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out

Chef Client failed. 0 resources updated in 3.579825334 seconds

[2014-06-03T14:24:54-04:00] ERROR: 412 "Precondition Failed"

[2014-06-03T14:24:54-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

[Nathen Harvey]

Phil,

Can you try this, please?

knife node run list add module3 `'role[webserver]`'

Thanks,

Nathen

[Brian Merrell]

I am experiencing the same issue. It seems that the run list and/or role is not being added correctly.

After entering: 

knife node run list add module3 "role[webserver]"

The console returns:

module3:

  run_list: recipe[roles]

Furthermore, knife node show module3 returns:

Node Name:   module3

Environment: _default

FQDN:        centos63.example.com

IP:          10.160.201.90

Run List:    recipe[roles]

Roles:       

Recipes:     apache, apache::default

Platform:    centos 6.4

Tags:      

I've double checked the location and contents of the webserver.json file and nothing seems amiss. In an earlier step, when I ran knife role from file webserver.json I received a response of "Updated Role webserver!".

[Rick Westbrock]

I had the same problem and tried fiddling with the delimiters around the role, when I used one single quote before and after the role like this:

knife node run list add module3 'role[webserver]'

I got what I thought was the correct output:

module3:

   run_list:

      recipe[roles]

      role[webserver]

However when I run the client it still barfs complaining of the roles cookbook not existing:

Missing Cookbooks:

------------------

The following cookbooks are required by the client but don't exist on the server:

* roles

Here are the contents of my webserver.json file from chef-repo/roles/webserver.json

{

"name" : "webserver",

"default_attributes" : {

"apache" : {

"greeting" : "Webinar Audience"

}

},

"run_list" : [

"recipe[apache]"

]

}

I am not sure if the role was created properly since I don't yet know how to read the output below:

C:\Users\username\chef-repo>knife role show webserver

chef_type:           role

default_attributes:

  apache:

    greeting: Webinar Audience

description:

env_run_lists:

json_class:          Chef::Role

name:                webserver

override_attributes:

run_list:            recipe[apache]

[Rick Westbrock]

Here's what my node looks like, again I am not sure if this is correct or not:

C:\Users\username\chef-repo>knife node show module3

Node Name:   module3

Environment: _default

FQDN:        centos63.example.com

IP:          10.160.201.90

Run List:    recipe[roles], role[webserver]

[Rick Westbrock]

Okay third time is the charm. I ran the following to remove the bogus recipe that was added when I was using the double-quotes shown in the video:

C:\Users\username\chef-repo>knife node run list remove module3 'recipe[roles]'

module3:

  run_list: role[webserver]

Now I understand the earlier output that I had posted which clearly shows that the module3 node through that it was supposed to have a recipe named "roles" which of course does not exist. After removing that as above I was able to run chef-client on the node and it applied the apache cookbook just as before except that it was invoked by the role instead of directly called.

[Brian]

I tried your solution Rick, and unfortunately it did not work for me. Using knife node run list add module3 'role[webserver]' yields the same result as the double quotes.

I believe the issue here may be caused by the role not being established when I run knife role from file webserver.json. 

Running knife node show module3 yields: 

Node Name:   module3

Environment: _default

FQDN:        centos63.example.com

IP:          10.160.201.90

Run List:    recipe[roles]

Roles:       

Recipes:     apache, apache::default

Platform:    centos 6.4

Tags:   

The above output does not have a role set, which may be what is causing the run list to not set properly.

Any help from the devs would be appreciated!

[Brian]

I spun up an entirely new instance and started from scratch (new files and all), and still encountered this issue. This time, however, Rick's solution worked and I was able to set the role using single quotes. Thanks for the solution Rick!

Nathen, do you have any idea why this happened?

[Rick Westbrock]

I was using my Win7 laptop as my administrator workstation and I think that may be part of the problem. Nathen was able to use double quotes with no issue. Once I reviewed all my output it looks like what happened is that in using the double quotes the first time my module3 node was told that the recipe named "roles" which of course doesn't exist in our example. I had to remove that bogus recipe first and then add in the role with single quotes so that the node only had the role in its run list.

My guess is that for some reason Windows doesn't use exactly the same syntax as *nix for quoting strings causing knife to respond in an unexpected way. Nathen obviously didn't have a problem using double quotes on his Linux machine and it just as obviously is causing problems on at least one Windows machine (mine). It looks like the OP Phil is on Windows as well so hopefully this will solve the problem for him, also.

[Nathen Harvey]

It seems that there escape and quote characters can be problematic depending on the shell application you're using.  We've found good success using the following on Windows:

knife node run_list add module3 `'role[webserver]`'

Note that the single quotes (') are escaped with back-ticks (`).  Sometimes single quotes alone work, sometimes you need to use cmd.exe instead of powershell, but (almost?) always escaping the quotes with back-ticks works.

Of course, there's a way that many of you might find to be even easier and wonder why I haven't shared this with you already ;)  That's to update the run list using the web user interface.

From http://manage.getchef.com, select the "Nodes" tab, click on the node you'd like to manage, click "Edit" in the "Run List" section in the lower right-hand pane of the window.  From here you can drag-n-drop roles and recipes into our out of the run list.

[Raymond Slieff]

I just want to share that as I am going through the webinar series, I had the same issue. I was doing everything from my Windows 8 client, but through my GIT prompt provided by MYSYGIT, (which I always thought was Bash but is apparently just Shell). None of the options here really worked within that prompt. When you mentioned back-ticks, that signaled me to use PowerShell instead, and without a powershell window it worked just fine with single quotes and the back-ticks.
Odd how everything else worked just fine through the Git Shell up until this point, but if I could just keep it in PowerShell, that actually works out better for me. I just wanted to post this in case the expansion of information helps anyone else out there.

[Raimond Miralles]

Hello.

I got the same issue in a windows 7 chef-server. To fix it first delete node and client:

C:\chef-repo>knife node delete GOUKEN

Do you really want to delete GOUKEN? (Y/N)Y

Deleted node[GOUKEN]

C:\chef-repo>knife client delete GOUKEN

Do you really want to delete GOUKEN? (Y/N)y

Deleted client[GOUKEN]


Next, in the client side delete the .pem file:

# sudo rm -f /etc/chef/client.pem

Run chef-client

# sudo chef-client

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Starting Chef Client, version 11.12.4
Creating a new client identity for GOUKEN using the validator key.
resolving cookbooks for run list: []
Synchronizing Cookbooks:
Compiling Cookbooks...
[2014-07-22T16:26:34+02:00] WARN: Node GOUKEN has an empty run list.
Converging 0 resources

Running handlers:
Running handlers complete

Chef Client finished, 0/0 resources updated in 8.241269698 seconds


Move to the command windows In the server side and run:
C:\chef-repo>knife node run_list add GOUKEN 'role[webserver]'
GOUKEN:
run_list: role[webserver]


Finally run chef-client in the client machine:
# sudo chef-client

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Starting Chef Client, version 11.12.4
resolving cookbooks for run list: ["apache"]
Synchronizing Cookbooks:
- apache
Compiling Cookbooks...
Converging 3 resources

Recipe: apache::default
* package[httpd] action install (up to date)
* service[httpd] action enable (up to date)
* service[httpd] action start (up to date)
* template[/var/www/html/index.html] action create

- update content in file /var/www/html/index.html from 64ff9e to d30d58
--- /var/www/html/index.html 2014-07-21 17:05:04.225860717 +0200
+++ /tmp/chef-rendered-template20140722-5683-9qt55p 2014-07-22 16:28:01.255005717 +0200
@@ -1,4 +1,4 @@
-<h1> hello, World</h1>
+<h1> hello, Webinar</h1>

<p> My name is gouken.</p>

- restore selinux security context


Running handlers:
Running handlers complete

Chef Client finished, 1/4 resources updated in 50.437784317 seconds


The problem was the double quotes in the command, solved with a single quote.

Regards

[swapnil kumar]

Thanks a lot Nathen Harvey. The solution worked with single quotes ('').... cheers :)