Adding users to core server

andrewm659 · February 14, 2020, 8:49pm

Hello, i'm trying to install Chef Infra Server Core on CentOS 8, the install is working fine. But When I go to add a user to chef to administer it get the following

`[user@automation01 accepted_licenses]$ sudo chef-server-ctl user-create admin admin admin ` `chefadmin@example.net` ` --prompt-for-password -s ` `https://10.150.10.105`
`Please enter the user's password:`
`ERROR: Connection refused connecting to ` `https://127.0.0.1/users/` `, retry 1/5`
ERROR: Connection refused connecting to `https://127.0.0.1/users/` `, retry 2/5`

I tried editing my /etc/opscode/pivotal.rb and changing the IP address but that didn't help.

mrimoczy · February 15, 2020, 7:45am

Hi Andrew,

I have that feeling that you made typo and you put ` (back tick) instead of ' (tick). Also, I do not think so that you have to declare the -s part if the Chef server installed locally.

I hope it will help.

Thanks,
Mihaly

andrewm659 · February 18, 2020, 2:29am

So actually I can't communicate to the server via http or https. I can't telnet to it at all. I only have Chef Server Core installed and having this problem. I have since destroyed the server and installed on CentOS 7 latest. Same issue. I don't understand why this isn't working.

[ameyer@automation001 ~]$ sudo chef-server-ctl user-create admin admin admin chefadmin@caprica.space --prompt-for-password -f /etc/chef/admin.pem
Please enter the user's password: 
ERROR: Connection refused connecting to https://127.0.0.1/users/, retry 1/5
ERROR: Connection refused connecting to https://127.0.0.1/users/, retry 2/5
ERROR: Connection refused connecting to https://127.0.0.1/users/, retry 3/5
ERROR: Connection refused connecting to https://127.0.0.1/users/, retry 4/5
ERROR: Connection refused connecting to https://127.0.0.1/users/, retry 5/5
ERROR: Network Error: Connection refused - Connection refused connecting to https://127.0.0.1/users/, giving up
Check your knife configuration and network settings
[ameyer@automation001 ~]$

andrewm659 · February 18, 2020, 5:44am

So the nginx server keep failing

Feb 17 23:39:10 automation001 abrt-hook-ccpp: Process 53653 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)
Feb 17 23:39:11 automation001 kernel: traps: nginx[53657] trap invalid opcode ip:7f8149e1c0ae sp:7ffd72332670 error:0 in libluajit-5.1.so.2.1.0[7f8149e13000+a0000]
Feb 17 23:39:12 automation001 abrt-hook-ccpp: Process 53657 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)
Feb 17 23:39:13 automation001 kernel: traps: nginx[53659] trap invalid opcode ip:7fe2b98f80ae sp:7ffcb306bdb0 error:0 in libluajit-5.1.so.2.1.0[7fe2b98ef000+a0000]
Feb 17 23:39:13 automation001 abrt-hook-ccpp: Process 53659 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)
Feb 17 23:39:15 automation001 kernel: traps: nginx[53661] trap invalid opcode ip:7fa680e940ae sp:7ffda6e721a0 error:0 in libluajit-5.1.so.2.1.0[7fa680e8b000+a0000]
Feb 17 23:39:15 automation001 abrt-hook-ccpp: Process 53661 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)
Feb 17 23:39:16 automation001 kernel: traps: nginx[53664] trap invalid opcode ip:7f45ac8870ae sp:7ffc65f26760 error:0 in libluajit-5.1.so.2.1.0[7f45ac87e000+a0000]
Feb 17 23:39:16 automation001 abrt-hook-ccpp: Process 53664 (nginx) of user 0 killed by SIGILL - dumping core
Feb 17 23:39:17 automation001 abrt-server: Package 'chef-server-core' isn't signed with proper key
Feb 17 23:39:17 automation001 abrt-server: 'post-create' on '/var/spool/abrt/ccpp-2020-02-17-23:39:16-53664' exited with 1
Feb 17 23:39:17 automation001 abrt-server: Deleting problem directory '/var/spool/abrt/ccpp-2020-02-17-23:39:16-53664'
Feb 17 23:39:18 automation001 kernel: traps: nginx[53669] trap invalid opcode ip:7fa3591a10ae sp:7ffcdaa499f0 error:0 in libluajit-5.1.so.2.1.0[7fa359198000+a0000]
Feb 17 23:39:18 automation001 abrt-hook-ccpp: Process 53669 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)
Feb 17 23:39:19 automation001 kernel: traps: nginx[53672] trap invalid opcode ip:7f10f8b940ae sp:7ffc49dd2230 error:0 in libluajit-5.1.so.2.1.0[7f10f8b8b000+a0000]
Feb 17 23:39:19 automation001 abrt-hook-ccpp: Process 53672 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)
Feb 17 23:39:21 automation001 kernel: traps: nginx[53676] trap invalid opcode ip:7f9f60f2a0ae sp:7ffe0fcc6090 error:0 in libluajit-5.1.so.2.1.0[7f9f60f21000+a0000]
Feb 17 23:39:21 automation001 abrt-hook-ccpp: Process 53676 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)
Feb 17 23:39:23 automation001 kernel: traps: nginx[53678] trap invalid opcode ip:7f7fb46ec0ae sp:7ffe485c0600 error:0 in libluajit-5.1.so.2.1.0[7f7fb46e3000+a0000]
Feb 17 23:39:23 automation001 abrt-hook-ccpp: Process 53678 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)
Feb 17 23:39:24 automation001 kernel: traps: nginx[53682] trap invalid opcode ip:7f3ae84b40ae sp:7ffd4e5017d0 error:0 in libluajit-5.1.so.2.1.0[7f3ae84ab000+a0000]
Feb 17 23:39:24 automation001 abrt-hook-ccpp: Process 53682 (nginx) of user 0 killed by SIGILL - ignoring (repeated crash)

Tensibai · February 18, 2020, 9:50am

Don't you have another http server like apache on the box which would prevent nginx to open its ports ?

chef-server-ctl status and chef-server-ctl tail nginx may help finding the problem.

andrewm659 · February 18, 2020, 1:02pm

Other than chef-server-core, there is nothing else on the server.

Tensibai · February 18, 2020, 1:03pm

Then we'd need to see the logs of nginx to understand why it crashes, hence the request for a tail of its log.

andrewm659 · February 18, 2020, 1:04pm

I restarted the nginx portion and I'm running the tail command right now. Nothing is showing up in the logs...

Tensibai · February 18, 2020, 1:06pm

Let's restart from scratch, what did you do from the beginnning:

package install (which one, which version ?)
configuration (edit /etc/opscode/chef-server.rb)
chef-server-ctl reconfigure
what else ?

Nginx giving no log doesn't sound right at all if it's crashing, so we'd need as much logs as possible to understand what's wrong and help you

andrewm659 · February 18, 2020, 1:08pm

So I installed chef-server-core on CentOS 7. The latest stable.
I didn't make any changes to /etc/opscode/chef-server.rb
I then ran sudo chef-server-ctl reconfigure.

After that I tried to create a user and an organization. That's when I received the error can't connect.

Tensibai · February 18, 2020, 1:15pm

Please don't rush to answer, please try running chef-server-ctl gather-logs and check the content of the files in this tarball for errors. Share them here with 5 lines of context (up and down) around the error after redacting keys/sensible informations.

Alternatively you can check in /var/log/opscode/* directories what's out of line. First check the status of the server with chef-server-ctl status, if one service is marked down, it has something to be fixed first.

andrewm659 · February 18, 2020, 2:30pm

Here is the output from chef-server-ctl status

[ameyer@automation001 opscode]$ sudo chef-server-ctl status
run: bookshelf: (pid 1626) 44821s; run: log: (pid 1625) 44821s
down: nginx: 1s, normally up, want up; run: log: (pid 1627) 44821s
run: oc_bifrost: (pid 1619) 44821s; run: log: (pid 1616) 44821s
run: oc_id: (pid 1623) 44821s; run: log: (pid 1620) 44821s
run: opscode-erchef: (pid 1617) 44821s; run: log: (pid 1615) 44821s
run: opscode-expander: (pid 1629) 44821s; run: log: (pid 1624) 44821s
run: opscode-solr4: (pid 1614) 44821s; run: log: (pid 1612) 44821s
run: postgresql: (pid 1628) 44821s; run: log: (pid 1613) 44821s
run: rabbitmq: (pid 1622) 44821s; run: log: (pid 1621) 44821s
run: redis_lb: (pid 49658) 32073s; run: log: (pid 1611) 44821s
[ameyer@automation001 opscode]$

Here is what is in that folder:

[root@automation001 ~]# cd /var/log/opscode/
[root@automation001 opscode]# ls -la
total 8
drwxr-xr-x. 14 opscode opscode  256 Feb 18 08:01 .
drwxr-xr-x. 23 root    root    4096 Feb 18 03:42 ..
drwxr-x---.  3 opscode opscode  140 Feb 18 00:00 bookshelf
-rw-r--r--.  1 root    root     185 Feb 18 08:01 logrotate.status
drwxr-x---.  2 opscode opscode   82 Feb 17 23:33 nginx
drwxr-x---.  3 opscode opscode  210 Feb 18 00:00 oc_bifrost
drwxr-x---.  2 opscode opscode    6 Feb 17 19:48 oc-chef-pedant
drwxr-x---.  2 opscode opscode   47 Feb 17 23:33 oc_id
drwxr-x---.  3 opscode opscode   18 Feb 17 19:43 opscode-chef-mover
drwxr-x---.  3 opscode opscode  190 Feb 18 00:00 opscode-erchef
drwxr-x---.  2 opscode opscode   47 Feb 17 23:33 opscode-expander
drwxr-x---.  2 opscode opscode   74 Feb 17 23:33 opscode-solr4
drwxr-xr-x.  3 root    root      17 Feb 17 19:42 postgresql
drwxr-x---.  2 opscode opscode   47 Feb 17 23:33 rabbitmq
drwxr-x---.  2 opscode opscode   47 Feb 17 23:33 redis_lb
[root@automation001 opscode]# cd nginx/
[root@automation001 nginx]# ls
access.log  config  current  error.log  lock
[root@automation001 nginx]# ls -la
total 4
drwxr-x---.  2 opscode opscode  82 Feb 17 23:33 .
drwxr-xr-x. 14 opscode opscode 256 Feb 18 08:01 ..
-rw-r--r--.  1 opscode opscode   0 Feb 17 19:44 access.log
-rw-r--r--.  1 root    root     38 Feb 17 19:45 config
-rw-r--r--.  1 opscode opscode   0 Feb 17 19:44 current
-rw-r--r--.  1 opscode opscode   0 Feb 17 23:47 error.log
-rw-------.  1 opscode opscode   0 Feb 17 19:46 lock
[root@automation001 nginx]#

Tensibai · February 18, 2020, 2:53pm

Nginx down with no error log is really problematic...

I'd relaunch a chef-server-ctl reconfigure to check any error while configuring nginx.

Does your machine has a proper dns configuration ? nginx should log if that's the problem, but may worth ensuring all is right too.

andrewm659 · February 18, 2020, 2:55pm

Yes. The server has properly configured DNS. I do have it set up with a FQDN. I can do the reconfigure but I have done 2 fresh builds and both turn out this way. That's what is frustrating. I've even tried doing a chef-server-ctl upgrade and still nothing.

Tensibai · February 18, 2020, 3:01pm

Sorry to ask, but just to be sure: what gives a netstat -anpe | grep LISTEN ?

andrewm659 · February 18, 2020, 3:03pm

Please don't be sorry. You are helping me troubleshoot something I know little about....

[root@automation001 nginx]# netstat -anpe | grep LISTEN
tcp        0      0 127.0.0.1:9463          0.0.0.0:*               LISTEN      994        809160     120416/oc_bifrost
tcp        0      0 127.0.0.1:15672         0.0.0.0:*               LISTEN      994        812370     121469/beam.smp
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      993        809032     120843/postgres
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          25589      2237/master
tcp        0      0 127.0.0.1:16379         0.0.0.0:*               LISTEN      994        820826     16488/redis-server
tcp        0      0 127.0.0.1:42460         0.0.0.0:*               LISTEN      994        809689     121755/oc_erchef
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      994        812531     121755/oc_erchef
tcp        0      0 127.0.0.1:4321          0.0.0.0:*               LISTEN      994        807617     120357/bookshelf
tcp        0      0 127.0.0.1:9090          0.0.0.0:*               LISTEN      994        809197     120478/rails master
tcp        0      0 127.0.0.1:5672          0.0.0.0:*               LISTEN      994        811345     121469/beam.smp
tcp        0      0 127.0.0.1:25672         0.0.0.0:*               LISTEN      994        810557     121469/beam.smp
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      0          20042      1/systemd
tcp        0      0 127.0.0.1:36272         0.0.0.0:*               LISTEN      994        806799     120416/oc_bifrost
tcp        0      0 127.0.0.1:4369          0.0.0.0:*               LISTEN      994        25466      2001/epmd
tcp        0      0 127.0.0.1:35957         0.0.0.0:*               LISTEN      994        806775     120357/bookshelf
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          26105      1555/sshd
tcp6       0      0 127.0.0.1:8983          :::*                    LISTEN      994        812047     120972/java
tcp6       0      0 ::1:5432                :::*                    LISTEN      993        809033     120843/postgres
tcp6       0      0 ::1:25                  :::*                    LISTEN      0          25590      2237/master
tcp6       0      0 :::9100                 :::*                    LISTEN      992        800250     118577/node_exporte
tcp6       0      0 :::111                  :::*                    LISTEN      0          20044      1/systemd
tcp6       0      0 :::22                   :::*                    LISTEN      0          26107      1555/sshd
unix  2      [ ACC ]     STREAM     LISTENING     22787    1157/VGAuthService   /var/run/vmware/guestServicePipe
unix  2      [ ACC ]     STREAM     LISTENING     27658    2237/master          private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     27662    2237/master          private/defer
unix  2      [ ACC ]     STREAM     LISTENING     27665    2237/master          private/trace
unix  2      [ ACC ]     STREAM     LISTENING     27668    2237/master          private/verify
unix  2      [ ACC ]     STREAM     LISTENING     27674    2237/master          private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     19430    1182/gssproxy        /var/lib/gssproxy/default.sock
unix  2      [ ACC ]     STREAM     LISTENING     27677    2237/master          private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     20040    1/systemd            /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     27680    2237/master          private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     809034   120843/postgres      /tmp/.s.PGSQL.5432
unix  2      [ ACC ]     STREAM     LISTENING     27683    2237/master          private/relay
unix  2      [ ACC ]     STREAM     LISTENING     27689    2237/master          private/error
unix  2      [ ACC ]     STREAM     LISTENING     27692    2237/master          private/retry
unix  2      [ ACC ]     STREAM     LISTENING     21836    1153/lsmd            /var/run/lsm/ipc/sim
unix  2      [ ACC ]     STREAM     LISTENING     9803     1/systemd            /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     27695    2237/master          private/discard
unix  2      [ ACC ]     STREAM     LISTENING     27698    2237/master          private/local
unix  2      [ ACC ]     STREAM     LISTENING     27701    2237/master          private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     24655    1159/abrtd           /var/run/abrt/abrt.socket
unix  2      [ ACC ]     STREAM     LISTENING     27704    2237/master          private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     27707    2237/master          private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     27710    2237/master          private/scache
unix  2      [ ACC ]     STREAM     LISTENING     12883    1/systemd            /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     21845    1153/lsmd            /var/run/lsm/ipc/simc
unix  2      [ ACC ]     STREAM     LISTENING     20052    1/systemd            /run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     27652    2237/master          private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     27655    2237/master          private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     15535    1/systemd            /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     15562    1/systemd            /run/lvm/lvmetad.socket
unix  2      [ ACC ]     SEQPACKET  LISTENING     15565    1/systemd            /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     25593    2237/master          public/pickup
unix  2      [ ACC ]     STREAM     LISTENING     25597    2237/master          public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     25600    2237/master          public/qmgr
unix  2      [ ACC ]     STREAM     LISTENING     27671    2237/master          public/flush
unix  2      [ ACC ]     STREAM     LISTENING     27686    2237/master          public/showq
unix  2      [ ACC ]     STREAM     LISTENING     19431    1182/gssproxy        /run/gssproxy.sock
[root@automation001 nginx]#

Odysseaus · February 18, 2020, 3:07pm

From your first post above your command shows a remote call to the chef core server. I always do my commands on the chef server itself but I understand you're trying to do it remotely. When I do make remote calls to the chef server the calls have to be made via hostname or fqdn (whichever is configured in your dns server and whichever you configured during your installation). I see you're doing a remote call via IP. In my experience that doesn't usually work because the chef server configuration requires a hostname/fqdn during install. Just my two cents.

andrewm659 · February 18, 2020, 3:09pm

Actually I was trying to do that on the chef server itself. I just wanted to use the actual IP instead of the loopback. I was trying any and all ways to find out why it wouldn't work.

Odysseaus · February 18, 2020, 3:13pm

When I ssh into the chef server as root, here is what I run. chef-server-ctl user-create username first last e-mail 'password' -f username.pem. Although, this won't work for you yet until you fix the nginx issue. From what I have found, the nginx issue not starting could be due to permission issue of certain directories. Did you install chef server via the root account?

Tensibai · February 18, 2020, 3:14pm

Stumble on something looking like your problem on Kong here: https://github.com/Kong/kong/issues/2846

Could try running cat /proc/cpuinfo | egrep 'model|vendor|flags' to confirm sse4_2 is supported ?

Topic		Replies	Views
Can not create any user on the chef server Chef Infra (archive)	0	488	January 18, 2018
[Solved] Chef-server fails to create new user Chef Infra (archive)	8	5011	July 28, 2017
Users cookbook: Internal Server Error: Connection refused Chef Infra (archive)	2	782	April 11, 2012
Error connecting to SSL URL Chef Infra (archive)	5	620	August 24, 2009
Chef HA User Creation Chef Infra (archive)	1	362	May 19, 2020

Adding users to core server

Related topics