bootstrap command error
1,519 views
Skip to first unread message
Petr H
Jun 5, 2014, 12:09:46 AM6/5/14
to learnchef-funda...@googlegroups.com
Hello,
I am trying to upload the chef client to my node, but I am getting this error, so I am not able to go ahead and upload cookbooks etc. Can someone please take a look and help? Thanks.
PS G:\chef-repo> knife bootstrap uvo1oirthdjr6g2ruw3.vm.cld.sr -x root -P Sz8s1SvwK5 -N module8
Connecting to uvo1oirthdjr6g2ruw3.vm.cld.sr
uvo1oirthdjr6g2ruw3.vm.cld.sr Starting first Chef Client run...
uvo1oirthdjr6g2ruw3.vm.cld.sr [2014-06-05T00:01:13-04:00] WARN:
uvo1oirthdjr6g2ruw3.vm.cld.sr * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
uvo1oirthdjr6g2ruw3.vm.cld.sr SSL validation of HTTPS requests is disabled. HTTPS connections are still
uvo1oirthdjr6g2ruw3.vm.cld.sr encrypted, but chef is not able to detect forged replies or man in the middle
uvo1oirthdjr6g2ruw3.vm.cld.sr attacks.
uvo1oirthdjr6g2ruw3.vm.cld.sr To fix this issue add an entry like this to your configuration file:
uvo1oirthdjr6g2ruw3.vm.cld.sr # Verify all HTTPS connections (recommended)
uvo1oirthdjr6g2ruw3.vm.cld.sr ssl_verify_mode :verify_peer
uvo1oirthdjr6g2ruw3.vm.cld.sr # OR, Verify only connections to chef-server
uvo1oirthdjr6g2ruw3.vm.cld.sr verify_api_cert true
uvo1oirthdjr6g2ruw3.vm.cld.sr To check your SSL configuration, or troubleshoot errors, you can use the
uvo1oirthdjr6g2ruw3.vm.cld.sr `knife ssl check` command like so:
uvo1oirthdjr6g2ruw3.vm.cld.sr knife ssl check -c /etc/chef/client.rb
uvo1oirthdjr6g2ruw3.vm.cld.sr * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
uvo1oirthdjr6g2ruw3.vm.cld.sr Starting Chef Client, version 11.12.4←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr ================================================================================←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr ←[31mChef encountered an error attempting to load the node data for "module8"←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr ================================================================================←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr Authentication Error:←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr ---------------------←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr Failed to authenticate to the chef server (http 401).
uvo1oirthdjr6g2ruw3.vm.cld.sr Server Response:←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr ----------------←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr Failed to authenticate as 'module8'. Ensure that your node_name and client key are correct
.←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr Relevant Config Settings:←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr -------------------------←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr chef_server_url "https://api.opscode.com/organizations/petr"
uvo1oirthdjr6g2ruw3.vm.cld.sr node_name "module8"
uvo1oirthdjr6g2ruw3.vm.cld.sr client_key "/etc/chef/client.pem"
uvo1oirthdjr6g2ruw3.vm.cld.sr If these settings are correct, your client_key may be invalid, or
uvo1oirthdjr6g2ruw3.vm.cld.sr you may have a chef user with the same client name as this node.
uvo1oirthdjr6g2ruw3.vm.cld.sr [2014-06-05T00:01:16-04:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.ou
t
uvo1oirthdjr6g2ruw3.vm.cld.sr Chef Client failed. 0 resources updated in 3.202385117 seconds←[0m
uvo1oirthdjr6g2ruw3.vm.cld.sr [2014-06-05T00:01:16-04:00] ERROR: 401 "Unauthorized"
uvo1oirthdjr6g2ruw3.vm.cld.sr [2014-06-05T00:01:16-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process
exited unsuccessfully (exit code 1)
Nathen Harvey
Jun 5, 2014, 12:32:09 AM6/5/14
to learnchef-funda...@googlegroups.com
Petr,
Looking at the error, it could be a couple of things. I'll list three of them with possible solutions below.
You have already registered a node and client named "module8"
Each node and client must have a unique name on the Chef Server. The node you previously created may not be available anymore, maybe it was a VM that's expired or something. To fix this you'll either need to use a different node name "-N modulesomethingotherthan8" in the bootstrap command or delete the existing node and client from the Chef server. You can do this with the following knife commands:
knife client delete module8
knife node delete module8
You have an outdated validation.pem file locally
If your local validation.pem file is wrong, you'll not be able to use it to bootstrap new machines. To fix this you can download a new validation key from the Chef server web user interface.
Login to manage.getchef.com
Click on the Administration tab
Select your Organization
Click "Reset Validation Key"
This will generate a new "ORGANIZATION_NAME-validator.pem" file that you should place into your .chef directory and then try re-bootstrapping.
The client.pem is wrong on the node
If this is the case, login to the node and run this command "rm /etc/chef/client.rb" and then try bootstrapping again. You may also need to run the knife commands mentioned above for deleting the node and client.
Please give these a try and let us know if that helps.
More information about the authentication process and .pem files can be found in the homework from Week 2 video.
Thanks!
Nathen
Elnta
Jun 11, 2014, 5:01:06 AM6/11/14
to learnchef-funda...@googlegroups.com
Hi, I have the same problem. I tried all the possible solutions but none of them worked for me.
C:\chef-repo>knife bootstrap uvo1c1d43ds6gve3198.vm.cld.sr -x root -P Sk8814g6ca -N module3 -r "recipe[apache]"
Connecting to uvo1c1d43ds6gve3198.vm.cld.sr
uvo1c1d43ds6gve3198.vm.cld.sr Starting first Chef Client run...
uvo1c1d43ds6gve3198.vm.cld.sr [2014-06-11T04:55:12-04:00] WARN:
uvo1c1d43ds6gve3198.vm.cld.sr * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
uvo1c1d43ds6gve3198.vm.cld.sr SSL validation of HTTPS requests is disabled. HTTPS connections are still
uvo1c1d43ds6gve3198.vm.cld.sr encrypted, but chef is not able to detect forged replies or man in the middle
uvo1c1d43ds6gve3198.vm.cld.sr attacks.
uvo1c1d43ds6gve3198.vm.cld.sr To fix this issue add an entry like this to your configuration file:
uvo1c1d43ds6gve3198.vm.cld.sr # Verify all HTTPS connections (recommended)
uvo1c1d43ds6gve3198.vm.cld.sr ssl_verify_mode :verify_peer
uvo1c1d43ds6gve3198.vm.cld.sr # OR, Verify only connections to chef-server
uvo1c1d43ds6gve3198.vm.cld.sr verify_api_cert true
uvo1c1d43ds6gve3198.vm.cld.sr To check your SSL configuration, or troubleshoot errors, you can use the
uvo1c1d43ds6gve3198.vm.cld.sr `knife ssl check` command like so:
uvo1c1d43ds6gve3198.vm.cld.sr knife ssl check -c /etc/chef/client.rb
uvo1c1d43ds6gve3198.vm.cld.sr * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
uvo1c1d43ds6gve3198.vm.cld.sr Starting Chef Client, version 11.12.4←[0m
uvo1c1d43ds6gve3198.vm.cld.sr ================================================================================←[0m
uvo1c1d43ds6gve3198.vm.cld.sr ←[31mChef encountered an error attempting to load the node data for "module3"←[0m
uvo1c1d43ds6gve3198.vm.cld.sr ================================================================================←[0m
uvo1c1d43ds6gve3198.vm.cld.sr Authentication Error:←[0m
uvo1c1d43ds6gve3198.vm.cld.sr ---------------------←[0m
uvo1c1d43ds6gve3198.vm.cld.sr Failed to authenticate to the chef server (http 401).
uvo1c1d43ds6gve3198.vm.cld.sr Server Response:←[0m
uvo1c1d43ds6gve3198.vm.cld.sr ----------------←[0m
uvo1c1d43ds6gve3198.vm.cld.sr Failed to authenticate as 'module3'. Ensure that your node_name and client key are correct.←[0m
uvo1c1d43ds6gve3198.vm.cld.sr Relevant Config Settings:←[0m
uvo1c1d43ds6gve3198.vm.cld.sr -------------------------←[0m
uvo1c1d43ds6gve3198.vm.cld.sr chef_server_url "https://api.opscode.com/organizations/elchef"
uvo1c1d43ds6gve3198.vm.cld.sr node_name "module3"
uvo1c1d43ds6gve3198.vm.cld.sr client_key "/etc/chef/client.pem"
uvo1c1d43ds6gve3198.vm.cld.sr If these settings are correct, your client_key may be invalid, or
uvo1c1d43ds6gve3198.vm.cld.sr you may have a chef user with the same client name as this node.
uvo1c1d43ds6gve3198.vm.cld.sr [2014-06-11T04:55:16-04:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
uvo1c1d43ds6gve3198.vm.cld.sr Chef Client failed. 0 resources updated in 3.665800511 seconds←[0m
uvo1c1d43ds6gve3198.vm.cld.sr [2014-06-11T04:55:16-04:00] ERROR: 401 "Unauthorized"
uvo1c1d43ds6gve3198.vm.cld.sr [2014-06-11T04:55:16-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited uns
uccessfully (exit code 1)
C:\chef-repo>knife client delete module3
Do you really want to delete module3? (Y/N)y
ERROR: The object you are looking for could not be found
Response: Cannot load client module3
C:\chef-repo>knife node delete module3
Do you really want to delete module3? (Y/N)y
ERROR: The object you are looking for could not be found
Response: node 'module3' not found
Nathen Harvey
Jun 11, 2014, 10:10:24 AM6/11/14
to learnchef-funda...@googlegroups.com
Elnta,
This looks like your client.pem may be out-of-sync; your validator.pem may be out-of-sync, too.
The "brute force" option, which is not what you'd typically use but should help you get going, is listed below.
1. Login to manage.getchef.com
2. Click Administration
3. Click on your organization
4. Click reset validation key
5. Place the generated validation key in your chef-repo/.chef/ directory
6. Bootstrap a new machine, you may launch another Chef Training Lab
Let us know how that goes.
Thanks,
Nathen
Pravin Wagh
Oct 13, 2014, 2:27:12 PM10/13/14
to learnchef-funda...@googlegroups.com
Hi Nathen,
We are also facing same issue while adding node to the chef server.
>>> chef-client -S "Server URL" -K "chef-validator.pem"
[2014-10-13T17:26:00+00:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.
To fix this issue add an entry like this to your configuration file:
```
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer
# OR, Verify only connections to chef-server
verify_api_cert true
```
To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:
```
knife ssl check -c C:\chef\client.rb
```
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Starting Chef Client, version 11.16.4
[2014-10-13T17:26:08+00:00] INFO: *** Chef 11.16.4 ***
[2014-10-13T17:26:08+00:00] INFO: Chef-client pid: 2784
[2014-10-13T17:26:19+00:00] INFO: HTTP Request Returned 401 Unauthorized: error
================================================================================
Chef encountered an error attempting to load the node data for "devenv55"
================================================================================
Authentication Error:
---------------------
Failed to authenticate to the chef server (http 401).
Server Response:
----------------
Failed to authenticate as 'devenv55'. Ensure that your node_name and client key are correct.
Relevant Config Settings:
-------------------------
chef_server_url "ServerName"
node_name "Node Name"
client_key "C:\chef\client.pem"
If these settings are correct, your client_key may be invalid, or
you may have a chef user with the same client name as this node.
[2014-10-13T17:26:19+00:00] FATAL: Stacktrace dumped to C:/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 19.841568 seconds
[2014-10-13T17:26:19+00:00] FATAL: Net::HTTPServerException: 401 "Unauthorized"
I double checked the validation.pem file and also I am adding this node with this name first time to the server. After this check, again ran this command but got same error.
But this time when I checked the server URL and observed below
But this time when I checked the server URL and observed below
in client section:
Could not list clients: 403 "Forbidden" (attached screen-shot)
in users section:
ERROR: undefined method `name=' for nil:NilClass
Thanks in advance.
Reply all
Reply to author
Forward
0 new messages