Chef 0.8.2


#1

The release just about everyone has been waiting for is here:

http://bit.ly/cVybsf

This release MVP is Scott Likens, Damm from IRC, who has spent so much
time getting everyone ready for Chef 0.8. Thank you so much for all
your hard work, Scott.

Love,
Adam


Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E: adam@opscode.com


#2

For everyone who has been dying for this, don’t forget to get your knife
status on at https://gist.github.com/1ba21ff08676ecf0ee7c

Of course thank imeyer for it :slight_smile:

Scott

On 2/28/10 7:56 PM, Adam Jacob wrote:

The release just about everyone has been waiting for is here:

http://bit.ly/cVybsf

This release MVP is Scott Likens, Damm from IRC, who has spent so much
time getting everyone ready for Chef 0.8. Thank you so much for all
your hard work, Scott.

Love,
Adam


#3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI Early adopters of 0.8.2, there was a pair of execute resources to
create SSL certificates in the bootstrap::server recipe[0] that
weren’t working with the auto-detect/generate in the chef-server and
chef-server-webui startup. I have removed these and pushed new
bootstrap-latest.tar.gz and bootstrap-0.8.2.tar.gz archives out to the
S3 bucket. This was resolved late last night (2/28), but has been
reported by others today as well.

The symptom is that you cannot login to the webui with the admin user
and the password specified in /etc/chef/server.rb. The first thing to
try is simply restart the webui.

sudo /etc/init.d/chef-server-webui restart

When it starts up, if you’re getting this message in /etc/sv/chef-
server-webui/log/main/current:

2010-03-01_06:19:16.17209 ~ Failed loading ChefServerWebui (401
"Unauthorized")

There’s an issue with the user in CouchDB and doesn’t match the
certificate in /etc/chef/webui.pem. To fix this, you’ll need to find
the user “chef-webui” and “chef-validator” documents in the CouchDB,
and remove them. The easiest way to do this[1]:

Access CouchDB’s Futon (http://localhost:5984/_utils, set up an SSH

tunnel to get there from your local system if the Chef Server is
remote).

Select the ‘chef’ database.

In the ‘View’ drop-down on the upper right, select “all_id” under

Clients.

Select ‘chef-validator’, delete document. Repeat for ‘chef-webui’.

Next, remove the certificates in /etc/chef.

sudo rm /etc/chef/{validation,webui}.{crt,key,pem}

And finally, restart chef-server and chef-server-webui.

sudo /etc/init.d/chef-server restart

sudo /etc/init.d/chef-server-webui restart

[0] These were used in the early stages of the 0.8 bootstrap
development, when the server processes didn’t automatically generate
the certificates in the right place.
[1] Robert Berger (rberger) did a blog post with illustrations. Thanks
for putting this together, Robert! http://blog.ibd.com/scalable-deployment/reseting-the-opscode-chef-server-validation-keypem/

On Feb 28, 2010, at 8:56 PM, Adam Jacob wrote:

The release just about everyone has been waiting for is here:

http://bit.ly/cVybsf

This release MVP is Scott Likens, Damm from IRC, who has spent so much
time getting everyone ready for Chef 0.8. Thank you so much for all
your hard work, Scott.

Love,
Adam


Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E: adam@opscode.com


Opscode, Inc
Joshua Timberman, Senior Solutions Engineer
C: 720.334.RUBY E: joshua@opscode.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)

iEYEARECAAYFAkuMdloACgkQO97WSdVpzT2JUwCeKKZQSJY7Ie1yWB8o6pgr1FTc
55YAn3B7wjhQcWn/6P09RRkJ7klr98EH
=RGpo
-----END PGP SIGNATURE-----


#4

Hi,
not sure if this can be somewhat related since I haven’t been able to root
the cause, but it was completely impossible for me to validate any newly
updated nodes with the chef-validator client (and it’s .pem). Even
regenerating the certificate kept giving 401 Unauthorized errors. The only
thing that worked was deleting the “chef-validator” client and creating it
again (with admin status ofc). It also worked with a totally different admin
client acting as validator, but never with the “original” chef-validator
created originally.

Had no problems with the webui though.
Awesome work!

{ :name => “Albert Llop” }

On 2 March 2010 03:22, Joshua Timberman joshua@opscode.com wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI Early adopters of 0.8.2, there was a pair of execute resources to
create SSL certificates in the bootstrap::server recipe[0] that weren’t
working with the auto-detect/generate in the chef-server and
chef-server-webui startup. I have removed these and pushed new
bootstrap-latest.tar.gz and bootstrap-0.8.2.tar.gz archives out to the S3
bucket. This was resolved late last night (2/28), but has been reported by
others today as well.

The symptom is that you cannot login to the webui with the admin user and
the password specified in /etc/chef/server.rb. The first thing to try is
simply restart the webui.

sudo /etc/init.d/chef-server-webui restart

When it starts up, if you’re getting this message in
/etc/sv/chef-server-webui/log/main/current:

2010-03-01_06:19:16.17209 ~ Failed loading ChefServerWebui (401
"Unauthorized")

There’s an issue with the user in CouchDB and doesn’t match the certificate
in /etc/chef/webui.pem. To fix this, you’ll need to find the user
"chef-webui" and “chef-validator” documents in the CouchDB, and remove them.
The easiest way to do this[1]:

Access CouchDB’s Futon (http://localhost:5984/_utils, set up an SSH

tunnel to get there from your local system if the Chef Server is remote).

Select the ‘chef’ database.

In the ‘View’ drop-down on the upper right, select “all_id” under

Clients.

Select ‘chef-validator’, delete document. Repeat for ‘chef-webui’.

Next, remove the certificates in /etc/chef.

sudo rm /etc/chef/{validation,webui}.{crt,key,pem}

And finally, restart chef-server and chef-server-webui.

sudo /etc/init.d/chef-server restart

sudo /etc/init.d/chef-server-webui restart

[0] These were used in the early stages of the 0.8 bootstrap development,
when the server processes didn’t automatically generate the certificates in
the right place.
[1] Robert Berger (rberger) did a blog post with illustrations. Thanks for
putting this together, Robert!
http://blog.ibd.com/scalable-deployment/reseting-the-opscode-chef-server-validation-keypem/

On Feb 28, 2010, at 8:56 PM, Adam Jacob wrote:

The release just about everyone has been waiting for is here:

http://bit.ly/cVybsf

This release MVP is Scott Likens, Damm from IRC, who has spent so much
time getting everyone ready for Chef 0.8. Thank you so much for all
your hard work, Scott.

Love,
Adam


Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E: adam@opscode.com


Opscode, Inc
Joshua Timberman, Senior Solutions Engineer
C: 720.334.RUBY E: joshua@opscode.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)

iEYEARECAAYFAkuMdloACgkQO97WSdVpzT2JUwCeKKZQSJY7Ie1yWB8o6pgr1FTc
55YAn3B7wjhQcWn/6P09RRkJ7klr98EH
=RGpo
-----END PGP SIGNATURE-----


#5

Hello,

On 1 March 2010 04:56, Adam Jacob adam@opscode.com wrote:

The release just about everyone has been waiting for is here:

http://bit.ly/cVybsf

This release MVP is Scott Likens, Damm from IRC, who has spent so much
time getting everyone ready for Chef 0.8. Thank you so much for all
your hard work, Scott.

First of all, congratulations on this milestone! Looking forward to
the roles-in-roles feature and an easier security model.

Personally, I’m rather on the short side regarding free time, so I’m
interested in any ETA for the availability of Ubuntu packages. This
page (1) promises that an upgrade to 0.8.2 would just be a package
upgrade away, so it would be a time-saver! :slight_smile:

(1) http://wiki.opscode.com/display/chef/Upgrading+Chef+0.7.x+to+0.8.x

Ringo