vikas.roonwal | 21 Oct 07:52 2014

Chef server install on RHEL 6

Hi everyone,

I run into the following issue when executing chef-server-ctl reconfigure. Not
able to pin point the error. This is on chef-server-11.1.5-1.el6.x86_64.rpm
Appreciate your time and help.

Recipe: chef-server::bootstrap
  * execute[verify-system-status] action run
    - execute curl -sf http://127.0.0.1:8000/_status

  * execute[boostrap-chef-server] action run
================================================================================
Error executing action `run` on resource 'execute[boostrap-chef-server]'
================================================================================

Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '2'
---- Begin output of bin/bootstrap-chef-server ----
STDOUT: error creating client <<"chef-validator">>: {badrpc,
					     {'EXIT',
					      {timeout,
					       {gen_server,call,
						['chef_index_queue/chef',
						 {publish,<<"vnode-768">>,
						 
<<"{\"action\":\"add\",\"payload\":{\"type\":\"client\",\"id\":\"0000000000001795ff1ef97d5f050ad9\",\"database\":\"chef_00000000000000000000000000000000\",\"item\":{\"name\":\"chef-validator\",\"validator\":true,\"admin\":false,\"public_key\":\"-----BEGIN
PUBLIC
KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfmVbdcEW22655hhfr5e\\nsHdn4rgkr3NLGS17Fc4sERnOH6IcE9a8QjAd\\/8VhDbLkc2kODZs1NvG05qI6\\/2ck\\n\\/99U+bJYEmQHTyp\\/fKffh0wRMZNapi7yrA9uIO6xs9KXN+jJ18O07RlEsivs8AVv\\nEIN7p+hM7v0oJJKtvRHItmtJX+s1PJmQDBf5qzH\\/V4KRE1Ukw8ogdfMJYnhtprfZ\\no8KknHV6ul5H7qxcUTRiLvdk1go\\/n4zwrRmaj4qLdEEN1QsO0c8f04I1DY7Hj77A\\nclU4OYxb8xIkXe+Y05MNlxg7MuBmf9BO7d8selaaAADrRU5xND4wbZN9c9w0zt1g\\nGQIDAQAB\\n-----END
PUBLIC KEY-----\\n\"},\"enqueued_at\":1413870657}}">>,
(Continue reading)

Bráulio Bhavamitra | 19 Oct 12:56 2014
Picon

Running chef-client programatically

Hello all,

I building an app to control shared hosting deploys using chef and for it to work I would like to run chef-client inside this ruby app to be able to know and log exactly what chef-client is doing and what feedback it is giving. Is there a way to do so? Are there docs?

Cheers
Braulio

--

"Lute pela sua ideologia. Seja um com sua ideologia. Viva pela sua ideologia. Morra por sua ideologia" P.R. Sarkar

EITA - Educação, Informação e Tecnologias para Autogestão
http://cirandas.net/brauliobo
http://eita.org.br

"Paramapurusha é meu pai e Parama Prakriti é minha mãe. O universo é meu lar e todos nós somos cidadãos deste cosmo. Este universo é a imaginação da Mente Macrocósmica, e todas as entidades estão sendo criadas, preservadas e destruídas nas fases de extroversão e introversão do fluxo imaginativo cósmico. No âmbito pessoal, quando uma pessoa imagina algo em sua mente, naquele momento, essa pessoa é a única proprietária daquilo que ela imagina, e ninguém mais. Quando um ser humano criado mentalmente caminha por um milharal também imaginado, a pessoa imaginada não é a propriedade desse milharal, pois ele pertence ao indivíduo que o está imaginando. Este universo foi criado na imaginação de Brahma, a Entidade Suprema, por isso a propriedade deste universo é de Brahma, e não dos microcosmos que também foram criados pela imaginação de Brahma. Nenhuma propriedade deste mundo, mutável ou imutável, pertence a um indivíduo em particular; tudo é o patrimônio comum de todos."
Restante do texto em http://cirandas.net/brauliobo/blog/a-problematica-de-hoje-em-dia

Cyril Scetbon | 19 Oct 11:29 2014
Picon

Berkshelf with own modified cookbooks

Hey guys,

I'm using Berskhelf with a custom version of cassandra (0.2.5) cookbook. For example, I've added dependancies in the "metadata.rb".
When I install the cookbook, berks uses my version except when it generates the graph of dependancies :

Fetching 'cassandra' from source at ../../custom_versions/cookbooks/cassandra

D, [2014-10-19T11:25:33.753038 #47923] DEBUG -- :   DEPENDENCIES
D, [2014-10-19T11:25:33.753068 #47923] DEBUG -- :     apt
D, [2014-10-19T11:25:33.753088 #47923] DEBUG -- :     cassandra
D, [2014-10-19T11:25:33.753107 #47923] DEBUG -- :       path: ../../custom_versions/cookbooks/cassandra
....
D, [2014-10-19T11:25:33.753228 #47923] DEBUG -- :
D, [2014-10-19T11:25:33.753245 #47923] DEBUG -- :   GRAPH
D, [2014-10-19T11:25:33.753265 #47923] DEBUG -- :     apt (2.6.0)
D, [2014-10-19T11:25:33.753283 #47923] DEBUG -- :     boost (0.2.0)
D, [2014-10-19T11:25:33.753300 #47923] DEBUG -- :       build-essential (>= 0.0.0)
D, [2014-10-19T11:25:33.753319 #47923] DEBUG -- :     build-essential (2.1.2)
D, [2014-10-19T11:25:33.753337 #47923] DEBUG -- :     cassandra (0.2.4)
D, [2014-10-19T11:25:33.753372 #47923] DEBUG -- :       apt (>= 0.0.0)
D, [2014-10-19T11:25:33.753390 #47923] DEBUG -- :       install_from (>= 0.0.0)
D, [2014-10-19T11:25:33.753407 #47923] DEBUG -- :       iptables (>= 0.0.0)
D, [2014-10-19T11:25:33.753423 #47923] DEBUG -- :       java (>= 0.0.0)
D, [2014-10-19T11:25:33.753440 #47923] DEBUG -- :       metachef (>= 0.0.0)
D, [2014-10-19T11:25:33.753456 #47923] DEBUG -- :       runit (>= 0.0.0)
D, [2014-10-19T11:25:33.753473 #47923] DEBUG -- :       thrift (>= 0.0.0)
D, [2014-10-19T11:25:33.753492 #47923] DEBUG -- :       volumes (>= 0.0.0)

I can use my own name for the cookbook, but if there is a better way tell me.

Thanks !
-- 
Cyril SCETBON

Jeff Goldschrafe | 18 Oct 10:03 2014
Picon

Bizarre EOFError on Google Compute Engine, behind NAT

Scenario: hybrid server environment running Chef 11.14.2/11.1.6 on a mix of
physical and virtual Ubuntu 12.04 systems. The virtual instances are a mix of
EC2 and Google Compute Engine. The instances are a combination of publicly
accessible (static/Elastic IP) and private (behind NAT). The systems on GCE
behind NAT receive this error when they attempt to request
/environments/≤environment>/cookbook_versions:

2014-10-18T07:49:41+00:00] DEBUG: EOFError: end of file reached
/opt/chef/embedded/lib/ruby/1.9.1/openssl/buffering.rb:174:in
`sysread_nonblock'
/opt/chef/embedded/lib/ruby/1.9.1/openssl/buffering.rb:174:in `read_nonblock'
/opt/chef/embedded/lib/ruby/1.9.1/net/protocol.rb:141:in `rbuf_fill'
/opt/chef/embedded/lib/ruby/1.9.1/net/protocol.rb:92:in `read'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:2780:in `ensure in read_chunked'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:2780:in `read_chunked'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:2751:in `read_body_0'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:2711:in `read_body'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http.rb:262:in
`block (2 levels) in send_http_request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http/basic_client.rb:74:in
`block in request'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:1323:in `block (2 levels) in
transport_request'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:2672:in `reading_body'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:1322:in `block in
transport_request'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:1317:in `catch'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:1317:in `transport_request'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:1294:in `request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/rest-client-1.6.7/lib/restclient/net_http_ext.rb:51:in
`request'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:1287:in `block in request'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:746:in `start'
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:1285:in `request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/rest-client-1.6.7/lib/restclient/net_http_ext.rb:51:in
`request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http/basic_client.rb:65:in
`request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http.rb:262:in
`block in send_http_request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http.rb:294:in
`block in retrying_http_errors'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http.rb:292:in
`loop'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http.rb:292:in
`retrying_http_errors'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http.rb:256:in
`send_http_request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http.rb:143:in
`request'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/http.rb:126:in
`post'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/policy_builder/expand_node_object.rb:168:in
`sync_cookbooks'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/policy_builder/expand_node_object.rb:66:in
`setup_run_context'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/client.rb:265:in
`setup_run_context'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/client.rb:429:in
`do_run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/client.rb:213:in
`block in run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/client.rb:207:in
`fork'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/client.rb:207:in
`run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/application.rb:236:in
`run_chef_client'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/application/client.rb:338:in
`block in run_application'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/application/client.rb:327:in
`loop'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/application/client.rb:327:in
`run_application'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/lib/chef/application.rb:55:in
`run'
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.16.4/bin/chef-client:26:in
`<top (required)>'
/usr/bin/chef-client:23:in `load'
/usr/bin/chef-client:23:in `<main>'

The issue is 100% tied to the NAT topology, or my implementation thereof, which
is vanilla iptables masquerading on Ubuntu 12.04. I can route the same instance
along a public IP and it works fine. The second I push the route back through
the NAT, I get this error again. The Chef Server indicates that a 200 was
served, both through Erchef and Nginx. The NAT gateway itself is also managed
through Chef, and the Chef cilent on this system works just fine without
generating the error above.

The error seems to be reproducible about 99% of the time; however, if it does
not fail here, it fails at another API call somewhere down the path. It's
frustrating that it occurs just slightly less than always.

I do not receive this error on SSL connections to other services, including
large file downloads. I can comfortably pull a 1 GB+ file from Amazon S3 or
Google Cloud Storage. I can clone the Linux kernel repository from GitHub using
HTTPS. This Chef server triggers the EOFError on this particular REST API call,
when the system is located behind a NAT gateway on Google Compute Engine but
not on Amazon.

Packet captures don't show anything tremendously out of the ordinary besides
some out-of-order packets that I'm blaming on GCE, but if anyone knows what's
special about this particular call that might lead me to what's up with this
networking configuration, it would be very much appreciated.

Marc Paradise | 17 Oct 21:45 2014

[release-announce] Security Releases: Chef Server, Enterprise Chef Server, and Analytics

Ohai Chefs, 

Today we have released updated versions of Chef Server, Enterprise Chef Server, and Analytics in response to the recently announced OpenSSL vulnerabilities and  the POODLE SSLv3 attack disclosure. 


We recommend that you upgrade your packages as soon as possible, or apply the appropriate mitigation steps from the blog post below:


Note that these steps will protect only against the SSLv3 vulnerability - in order to be protected against the OpenSSL vulnerabilities, upgrade to the latest supported packages for your installation is required. 

Please reach out to support <at> getchef.com if you have any further questions or concerns.

-- 
Marc Paradise
Software Engineer - Chef Server
Chef Software, Inc.
Bethany Erskine | 17 Oct 20:04 2014

invalid signature/intermittant 401s on open source Chef Server

Hi all - I could use some guidance tracking down a frustrating intermittent issue we've been having with open source Chef Server. This issue started when we were running version 11.0.8 on CentOS 6.4 and has continued after upgrading to 11.6.1. We interact with Chef Server frequently using chef-api gem v0.5.0.

Here is an example of the error from the user's view:


/usr/local/var/rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/chef-api-0.5.0/lib/chef-api/connection.rb:413:in `error': The Chef Server requires authorization. Please ensure you have specified the correct client name and private key. If this error continues, please verify the given client has the proper permissions on the Chef Server. (ChefAPI::Error::HTTPUnauthorizedRequest)

    {"error":["Invalid signature for user or client 'bethany'"]}


Corresponding logs on Chef server:

=> /var/log/chef-server/erchef/requests.log.2 <==
2014-10-16T21:19:42Z erchef <at> 127.0.0.1 method=GET; path=/cookbooks/pp-chef-server?num_versions=1; status=401; user=bethany; req_id=8tlCJk/Z9R+mPVS/ztvVzw==; msg=bad_sig; req_time=3; rdbms_time=0; rdbms_count=2;

==> /var/log/chef-server/erchef/crash.log <==
2014-10-16 21:19:42 =ERROR REPORT====
{<<"method=GET; path=/cookbooks/pp-chef-server; status=401; ">>,"Unauthorized"}

==> /var/log/chef-server/erchef/erchef.log <==
2014-10-16 21:19:42.950 [error] {<<"method=GET; path=/cookbooks/pp-chef-server; status=401; ">>,"Unauthorized"}

It happens for GET and PUT requests for nodes, cookbooks, searches, and for many different users in our organization. Re-trying the request always works. I've yet to see a 401/bad_sig from using knife, but we also rarely use knife. I'm currently running commands on a loop via knife to see if I can trigger a 401 but so far have had no errors.

System load on the server is always low, plenty of available memory, and no iowait or other disk-related performance issue markers for /var/opt/chef-server/ which is a DRBD disk on SSD. Requests come in via a Heartbeat-managed virtual IP but there is no additional layering of load-balancing or proxy-ing.

Any ideas what might be causing the client to only occasionally present an invalid signature? Should I be looking more closely at the chef-api gem source rather than the chef server itself? 
 
Bethany

--
Bethany Erskine
Senior Technical Operations Engineer
Johnson, Austin | 17 Oct 15:45 2014

Anyone Have Chef Server 12 RC 4 Working on Centos 7

Hello all,

I was wondering if anyone has had any luck getting Chef Server 12 working on Centos 7?

I was able to install the the server core and chef-manage (I had to use the RPM for that one) but when I run chef-server-ctl reconfigure I get the following failure:

    - configure service runit_service[rabbitmq]

Recipe: private-chef::rabbitmq
  * execute[/opt/opscode/bin/private-chef-ctl start rabbitmq] action run
================================================================================
Error executing action `run` on resource 'execute[/opt/opscode/bin/private-chef-ctl start rabbitmq]'
================================================================================


Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /opt/opscode/bin/private-chef-ctl start rabbitmq ----
STDOUT: warning: rabbitmq: unable to open supervise/ok: file does not exist
STDERR:
---- End output of /opt/opscode/bin/private-chef-ctl start rabbitmq ----
Ran /opt/opscode/bin/private-chef-ctl start rabbitmq returned 1


Resource Declaration:
---------------------
# In /opt/opscode/embedded/cookbooks/private-chef/recipes/rabbitmq.rb

 79:   execute "#{opc_ctl} start rabbitmq" do
 80:     retries 20
 81:   end
 82:



Compiled Resource:
------------------
# Declared in /opt/opscode/embedded/cookbooks/private-chef/recipes/rabbitmq.rb:79:in `from_file'

execute("/opt/opscode/bin/private-chef-ctl start rabbitmq") do
  action "run"
  retries 0
  retry_delay 2
  guard_interpreter :default
  command "/opt/opscode/bin/private-chef-ctl start rabbitmq"
  backup 5
  returns 0
  cookbook_name :"private-chef"
  recipe_name "rabbitmq"
end




Running handlers:
[2014-10-17T09:03:24-04:00] ERROR: Running exception handlers
Running handlers complete

[2014-10-17T09:03:24-04:00] ERROR: Exception handlers complete
[2014-10-17T09:03:24-04:00] FATAL: Stacktrace dumped to /opt/opscode/embedded/cookbooks/cache/chef-stacktrace.out
Chef Client failed. 2 resources updated in 83.438880821 seconds
[2014-10-17T09:03:24-04:00] ERROR: execute[/opt/opscode/bin/private-chef-ctl start rabbitmq] (private-chef::rabbitmq line 79) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /opt/opscode/bin/private-chef-ctl start rabbitmq ----
STDOUT: warning: rabbitmq: unable to open supervise/ok: file does not exist
STDERR:
---- End output of /opt/opscode/bin/private-chef-ctl start rabbitmq ----
Ran /opt/opscode/bin/private-chef-ctl start rabbitmq returned 1
[2014-10-17T09:03:24-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
[root <at> localhost ~]# pri
printafm          printenv          printf            private-chef-ctl
[root <at> localhost ~]# pri
printafm          printenv          printf            private-chef-ctl
[root <at> localhost ~]# private-chef-ctl start rabbitmq
warning: rabbitmq: unable to open supervise/ok: file does not exist
[root <at> localhost ~]# private-chef-ctl start rabbitmq-server
[root <at> localhost ~]#

Thanks,
Austin
Qi, Wenyuan | Jimmy | BDD | 17 Oct 09:39 2014

knif configuration -i ERROR (Service temporarily unavailable)

Hi all,

 

I am totally a new user of Chef.

Would someone help me out with the following problem ?

Thank you in advance!

 

I follow the steps of page of Chef, (https://www.getchef.com/blog/2013/03/11/chef-11-server-up-and-running/)

Chef-sever 11 and chefdk (including knife tool and chef client) tool are installed succefully.

However when I finished the

chef-server-ctl reconfigure and chef-server-ctl test (no errors)

and start to

knife configure -i on my workstation.

 

I met a error as follows: (attached in the end of mail).

It seems that service could not be found from the Chef server.

Ping the chef server hostname and Chef server (nginx) also listen the port of 443 for HTTPS.

Furthermore all the services are running on the Chef server normally.

[And I don’t quite understand the message from chef-server-ctl tail]

Do I miss some configuration for Chef server?

Thank you very much indeed!

 

ERROR: Service temporarily unavailable

/opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:325:in `stream_check': undefined method `closed?' for nil:NilClass (NoMethodError)

        from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:199:in `read_body'

        from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:226:in `body'

        from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:573:in `rescue in format_rest_error'

        from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:571:in `format_rest_error'

        from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:551:in `humanize_http_exception'

        from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:508:in `humanize_exception'

        from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:499:in `rescue in run_with_pretty_exceptions'

        from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:487:in `run_with_pretty_exceptions'

        from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:174:in `run'

        from /opt/chefdk/embedded/apps/chef/lib/chef/application/knife.rb:139:in `run'

        from /opt/chefdk/embedded/apps/chef/bin/knife:25:in `<top (required)>'

        from /opt/chefdk/bin/knife:34:in `load'

        from /opt/chefdk/bin/knife:34:in `<main>'

 

Thank you very much indeed!

Best regards,

Qi

 

Indra k | 17 Oct 08:58 2014

chefsolo-knife

Hi all,

          Already i had configured chef-solo in my vm  successfully which was ubuntu platform then how can i use knife cmd by  integration with knife-solo  i  installed chef,knife-solo, librarian-chef init.

        BUt when i run knife-solo prepare root <at> ip,it shows command not found?

            Also please explain me about chef-solo and knife-solo clearly

Thanks & regards,
Indra


 
Ketan Padegaonkar | 17 Oct 07:48 2014
Picon

Chef omnibus packaging broken?

I'm running chef version 11.16.4.

According to the changelog, CHEF-5162 was fixed as part of v11.14.2. I can see that as of the latest release tag remote_file.rb does have the right fixes.

However on my centos machine, running chef installed via omnibus, it does not have the correct version of the file.


Can someone please confirm what's happening?

- Ketan

mpreddy | 17 Oct 05:44 2014

Re: Re: How to install chef analytics on Open source chef 12


Thank You Nick/Team,

		I'm installed analytics and able to access UI, I did one
mistake during last setup /etc/opscode-analytics/opscode-analytics.rb file i
configured same url for both chef server and analytics now am configured new
url for analytics and it started working … :-)

Regards,
PullaReddy

Gmane