We just installed ChefAutomate internally and are trying to configure it to use LDAP. We’ve had LDAP working on our Chef Server for a while and tried to just copy over the attributes that we have there but it’s not connecting. We’ve scoured the logs but aren’t finding anything that’s logged that seems helpful. When we try to login we get something similar to:
==> /var/log/delivery/delivery/current <==
2016-08-12_16:20:49.42546 09:20:49.421 [info] Failed to fetch deliv_user “AutomateEnterpriseName/MyADUser” : not found
So not sure if it’s a problem with the Chef user base not getting populate with our AD users, or if the connection should be hitting AD at that time.
For reference, here’s how we’ve got our server/delivery.rb set up. We did notice that the delivery attributes doesn’t have a “groupdn”. So maybe our base needs to change…
We’re continuing to have this issues. Because the source for Automate is not available on GitHub, I cannot troubleshoot this issue much further w/ @cmartin
What should we expect to see in the Automate logs for LDAP?
Could you try to add a host and run delivery-ctl reconfigure and show me the logs?
Additionally if you could gather the file /var/opt/delivery/delivery/etc/sys.config after and before the modification would help me a lot! (watch for passwords of things you can’t share)
Yeah, I think my “Sample_Host_Name” got stripped when I was copy pasting. We do indeed have a host name for both the Chef Server and the Automate Server. I’ll do a reconfigure and get you some logs now.
Here’s the log from my most recent reconfigure. Looks like it has an error around Elasticsearch, not sure if that’s a requirement for the LDAP??? Splitting into 2 since it’s too big
:/etc/delivery$ delivery-ctl reconfigure
rm: cannot remove ‘/opt/delivery/embedded/nodes/MYSERVER.RUSSELL.COM.json’: Permission denied
Could not remove cached node state!
MYUSER@MYSERVER:/etc/delivery$ sudo delivery-ctl reconfigure
Starting Chef Client, version 12.11.18
resolving cookbooks for run list: [“delivery”]
[2016-08-22T07:09:59-07:00] WARN: Cookbook ‘local-mode-cache’ is empty or entirely chefignored at /opt/delivery/embedded/cookbooks/local-mode-cache
[2016-08-22T07:09:59-07:00] WARN: Cookbook ‘local-mode-cache’ is empty or entirely chefignored at /opt/delivery/embedded/cookbooks/local-mode-cache
[2016-08-22T07:09:59-07:00] WARN: Cookbook ‘local-mode-cache’ is empty or entirely chefignored at /opt/delivery/embedded/cookbooks/local-mode-cache
[2016-08-22T07:09:59-07:00] WARN: Cookbook ‘local-mode-cache’ is empty or entirely chefignored at /opt/delivery/embedded/cookbooks/local-mode-cache
Synchronizing Cookbooks:
execute[/opt/delivery/embedded/bin/psql -c “CREATE ROLE delivery_repl WITH REPLICATION PASSWORD ‘POSTGRESPASSWORD’ LOGIN” -d delivery chef-pgsql] action run (skipped due to not_if)
execute[/opt/delivery/embedded/bin/psql -c ’ CREATE OR REPLACE FUNCTION pg_stat_repl()
RETURNS SETOF pg_catalog.pg_stat_replication
AS $$BEGIN
RETURN query(SELECT * FROM pg_catalog.pg_stat_replication);
END$$ language plpgsql security definer
’ -d delivery chef-pgsql] action run
execute /opt/delivery/embedded/bin/psql -c ’ CREATE OR REPLACE FUNCTION pg_stat_repl()
RETURNS SETOF pg_catalog.pg_stat_replication
AS $$BEGIN
RETURN query(SELECT * FROM pg_catalog.pg_stat_replication);
END$$ language plpgsql security definer
’ -d delivery chef-pgsql
execute[/opt/delivery/embedded/bin/psql -c ‘CREATE OR REPLACE VIEW public.pg_stat_repl AS SELECT * FROM pg_stat_repl()’ -d delivery chef-pgsql] action run
execute /opt/delivery/embedded/bin/psql -c ‘CREATE OR REPLACE VIEW public.pg_stat_repl AS SELECT * FROM pg_stat_repl()’ -d delivery chef-pgsql
execute[/opt/delivery/embedded/bin/psql -c ‘GRANT SELECT on public.pg_stat_repl to delivery’ -d delivery chef-pgsql] action run
execute /opt/delivery/embedded/bin/psql -c ‘GRANT SELECT on public.pg_stat_repl to delivery’ -d delivery chef-pgsql
Recipe: delivery::nginx
directory[/var/opt/delivery/nginx/ca] action create (up to date)
directory[/var/opt/delivery/nginx/etc] action create (up to date)
directory[/var/log/delivery/nginx] action create (up to date)
directory[/opt/delivery/embedded/nginx/html] action create (up to date)
directory[/var/opt/delivery/nginx/etc/addon.d] action create (up to date)
directory[/opt/delivery/embedded/nginx/logs] action create (up to date)
directory[/var/opt/delivery/nginx/etc/server.d] action create (up to date)
delivery_nginx_server[chefautomate…russell.com] action createGenerating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
file[/var/opt/delivery/nginx/ca/chefautomate…russell.com.key] action create (skipped due to not_if)
file[/var/opt/delivery/nginx/ca/chefautomate…russell.com.crt] action create (skipped due to not_if)
file[/var/opt/delivery/rabbitmq/etc/clean_slate] action create (up to date)
bash[Reset RabbitMQ] action nothing (skipped due to action :nothing)
execute[wait for rabbitmq after reset] action nothing (skipped due to action :nothing)
execute[/opt/delivery/embedded/bin/rabbitmqctl add_vhost /insights] action run (skipped due to not_if)
execute[/opt/delivery/embedded/bin/rabbitmqctl add_user insights chefrocks] action run (skipped due to not_if)
execute[/opt/delivery/embedded/bin/rabbitmqctl set_permissions -p /insights insights “." ".” “.*”] action run (skipped due to not_if)
execute[/opt/delivery/embedded/bin/rabbitmqctl add_user rabbitmgmt chefrocks] action run (skipped due to not_if)
execute[/opt/delivery/embedded/bin/rabbitmqctl set_permissions -p /insights rabbitmgmt “." ".” “.*”] action run (skipped due to not_if)
execute[/opt/delivery/embedded/bin/rabbitmqctl set_permissions -p / rabbitmgmt “." ".” “.*”] action run (skipped due to not_if)
execute[/opt/delivery/embedded/bin/rabbitmq-plugins enable rabbitmq_management] action run (skipped due to not_if)
execute[/opt/delivery/embedded/bin/rabbitmqctl set_user_tags rabbitmgmt administrator] action run (skipped due to not_if)
Recipe: delivery::elasticsearch
http_request[refresh the insights index fields] action get[2016-08-22T07:10:12-07:00] ERROR: http_request[refresh the insights index fields] (/opt/delivery/embedded/cookbooks/cache/cookbooks/delivery/resources/elasticsearch_cluster.rb line 56) had an error: Net::HTTPServerException: 404 “Not Found”; ignore_failure is set, continuing
================================================================================
Error executing action get on resource ‘http_request[refresh the insights index fields]’
Net::HTTPServerException
404 “Not Found”
Resource Declaration:
In /opt/delivery/embedded/cookbooks/cache/cookbooks/delivery/resources/elasticsearch_cluster.rb
56: http_request ‘refresh the insights index fields’ do
57: url request_url(’/insights-/_mapping/field/?ignore_unavailable=false&allow_no_indices=false&include_defaults=true’)
58: action :get
59: only_if { index_exists?(’.kibana’) }
60: ignore_failure true # This command fails if there is no data in the index
61: # (which would happen during the first run)
62: end
63:
Compiled Resource:
Declared in /opt/delivery/embedded/cookbooks/cache/cookbooks/delivery/resources/elasticsearch_cluster.rb:56:in `block (2 levels) in class_from_file’
http_request(“refresh the insights index fields”) do
action [:get]
ignore_failure true
retries 0
retry_delay 2
default_guard_interpreter :default
message "refresh the insights index fields"
url "http://localhost:9200/insights-/_mapping/field/?ignore_unavailable=false&allow_no_indices=false&include_defaults=true"
headers {“Accept-Encoding”=>“gzip;q=1.0,deflate;q=0.6,identity;q=0.3”}
declared_type :http_request
cookbook_name "delivery"
elasticsearch_url "http://localhost:9200"
elasticsearch_client #<Net::HTTP localhost:9200 open=false>
only_if { #code block }
end
Platform:
x86_64-linux
http_request[create kibana index] action put (skipped due to not_if)
http_request[create insights search index] action nothing (skipped due to action :nothing)
http_request[set default search index] action nothing (skipped due to action :nothing)
Recipe: delivery::logstash
directory[/opt/delivery/embedded/logstash] action create (up to date)
directory[/var/log/delivery/logstash] action create (up to date)
execute[chown -R delivery /opt/delivery/embedded/logstash] action run
template[/var/opt/delivery/kibana//kibana.conf] action create (up to date)
execute[restart_kibana_log_service] action nothing (skipped due to action :nothing)
template[/var/log/delivery/kibana/config] action create (up to date)
Recipe:
service[kibana] action nothing (skipped due to action :nothing)
Recipe: delivery::kibana
runit_service[kibana] action enable
ruby_block[restart_service] action nothing (skipped due to action :nothing)
ruby_block[restart_log_service] action nothing (skipped due to action :nothing)
directory[/opt/delivery/sv/kibana] action create (up to date)
template[/opt/delivery/sv/kibana/run] action create (up to date)
directory[/opt/delivery/sv/kibana/log] action create (up to date)
directory[/opt/delivery/sv/kibana/log/main] action create (up to date)
directory[/var/log/kibana] action create (up to date)
template[/opt/delivery/sv/kibana/log/config] action create (up to date)
link[/var/log/kibana/config] action create (up to date)
template[/opt/delivery/sv/kibana/log/run] action create (up to date)
directory[/opt/delivery/sv/kibana/env] action create (up to date)
ruby_block[zap extra env files for kibana service] action run (skipped due to only_if)
directory[/opt/delivery/sv/kibana/control] action create (up to date)
link[/opt/delivery/init/kibana] action create (up to date)
file[/opt/delivery/sv/kibana/down] action nothing (skipped due to action :nothing)
directory[/opt/delivery/service] action create (up to date)
link[/opt/delivery/service/kibana] action create (up to date)
ruby_block[wait for kibana service socket] action run
execute the ruby block wait for kibana service socket
Recipe:
service[logstash] action nothing (skipped due to action :nothing)
service[logstash] action nothing (skipped due to action :nothing)
Recipe: delivery::elasticsearch_migrations
runit_service[logstash] action stop (up to date)
http_request[create .automate index] action post (skipped due to only_if)
delivery_elasticsearch_migration[migrate node-state index] action migrate (skipped due to only_if)
Recipe:
service[logstash] action nothing (skipped due to action :nothing)
service[logstash] action nothing (skipped due to action :nothing)
Recipe: delivery::elasticsearch_migrations
runit_service[logstash] action start (up to date)
Recipe: delivery::insights_web
directory[/opt/delivery/embedded/service/insights_web/assets/config] action create (up to date)
template[/opt/delivery/embedded/service/insights_web/assets/config/config.json] action create (up to date)
Recipe: delivery::auth
execute[create /etc/delivery/oidc_signing_key.pem] action run (up to date)
file[/etc/delivery/oidc_signing_key.pem] action create (up to date)
Recipe:
service[lsyncd] action nothing (skipped due to action :nothing)
Recipe: delivery::lsyncd
runit_service[lsyncd] action disable
ruby_block[disable lsyncd] action run (skipped due to only_if)
(up to date)
directory[/opt/delivery/sv/lsyncd] action delete (up to date)
directory[/var/opt/delivery/lsyncd] action delete (up to date)
Recipe: delivery::omnibus
file[/etc/delivery/delivery-running.json] action create (up to date)
Recipe: delivery::backup_cronjob
template[/etc/cron.d/delivery_backup] action delete (up to date)
Recipe:
service[nginx] action restart
restart service service[nginx]
Recipe: delivery::elasticsearch_migrations
runit_service[logstash] action restart (up to date)
Running handlers:
Running handlers complete
Deprecated features used!
An attempt was made to change sysvinit_id from “SV” to nil by calling sysvinit_id(nil). In Chef 12, this does a get rather than a set. In Chef 13, this will change to set the value to nil. at 1 location:
- /opt/delivery/embedded/cookbooks/cache/cookbooks/enterprise/recipes/runit.rb:31:in `block in from_file’
Chef Client finished, 38/303 resources updated in 18 seconds