Chef client installer failure


#1

Hi all,

I was trying to install Chef client on a fresh Ubuntu 14.04 OpenVZ minimal template, but it failed with the error message below. I’ve seen this a few times before, but figured I’d document it here (I wasn’t sure which github repo the installer script ties to). The workaround is to just install curl. If the script has ‘–no-check-certificate’ added to the wget command, that’d work as well, although security-minded folks might not like that.

Downloading Chef for ubuntu…
downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
to file /tmp/install.sh.5682/metadata.txt
trying wget…
trying perl…
Unable to retrieve a valid package!
Version:

Please file a Bug Report at https://github.com/opscode/opscode-omnitruck/issues/new
Alternatively, feel free to open a Support Ticket at https://www.getchef.com/support/tickets
More Chef support resources can be found at https://www.getchef.com/support

Please include as many details about the problem as possible i.e., how to reproduce
the problem (if possible), type of the Operating System and its version, etc.,
and any other relevant details that might help us with troubleshooting.

Metadata URL: https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
\nDEBUG OUTPUT FOLLOWS:\n\nSTDERR from wget:\n\n–2015-01-12 20:44:50-- https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
Resolving www.opscode.com (www.opscode.com)… 184.106.28.90
Connecting to www.opscode.com (www.opscode.com)|184.106.28.90|:443… connected.
ERROR: cannot verify www.opscode.com’s certificate, issued by ‘/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA’:
Unable to locally verify the issuer’s authority.
To connect to www.opscode.com insecurely, use `–no-check-certificate’.\n\nSTDERR from perl:\n\nCan’t locate LWP/Simple.pm in @INC (you may need to install the LWP::Simple module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at -e line 1.
BEGIN failed–compilation aborted at -e line 1.\n

Thanks,Ameir


#2

Let’s start with the basics. Is wget or perl installed? If wget is there,
can you access
https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
?

On Mon, Jan 12, 2015 at 7:55 PM, ameirh@gmail.com ameirh@gmail.com wrote:

Hi all,

I was trying to install Chef client on a fresh Ubuntu 14.04 OpenVZ minimal
template, but it failed with the error message below. I’ve seen this a few
times before, but figured I’d document it here (I wasn’t sure which github
repo the installer script ties to). The workaround is to just install
curl. If the script has ‘–no-check-certificate’ added to the wget
command, that’d work as well, although security-minded folks might not like
that.

Downloading Chef for ubuntu…
downloading
https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
to file /tmp/install.sh.5682/metadata.txt
trying wget…
trying perl…
Unable to retrieve a valid package!
Version:

Please file a Bug Report at
https://github.com/opscode/opscode-omnitruck/issues/new
Alternatively, feel free to open a Support Ticket at
https://www.getchef.com/support/tickets
More Chef support resources can be found at
https://www.getchef.com/support

Please include as many details about the problem as possible i.e., how to
reproduce
the problem (if possible), type of the Operating System and its version,
etc.,
and any other relevant details that might help us with troubleshooting.

Metadata URL:
https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
\nDEBUG OUTPUT FOLLOWS:\n\nSTDERR from wget:\n\n–2015-01-12 20:44:50–
https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
Resolving www.opscode.com (www.opscode.com)… 184.106.28.90
Connecting to www.opscode.com (www.opscode.com)|184.106.28.90|:443…
connected.
ERROR: cannot verify www.opscode.com’s certificate, issued by
’/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA’:
Unable to locally verify the issuer’s authority.
To connect to www.opscode.com insecurely, use
`–no-check-certificate’.\n\nSTDERR from perl:\n\nCan’t locate
LWP/Simple.pm in @INC (you may need to install the LWP::Simple module)
(@INC contains: /etc/perl /usr/local/lib/perl/5.18.2
/usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5
/usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at -e
line 1.
BEGIN failed–compilation aborted at -e line 1.\n

Thanks,
Ameir


#3

On Jan 12, 2015, at 5:55 PM, ameirh@gmail.com wrote:

Hi all,

I was trying to install Chef client on a fresh Ubuntu 14.04 OpenVZ minimal template, but it failed with the error message below. I’ve seen this a few times before, but figured I’d document it here (I wasn’t sure which github repo the installer script ties to). The workaround is to just install curl. If the script has ‘–no-check-certificate’ added to the wget command, that’d work as well, although security-minded folks might not like that.

Downloading Chef for ubuntu…
downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
to file /tmp/install.sh.5682/metadata.txt
trying wget…
trying perl…
Unable to retrieve a valid package!
Version:

Please file a Bug Report at https://github.com/opscode/opscode-omnitruck/issues/new
Alternatively, feel free to open a Support Ticket at https://www.getchef.com/support/tickets
More Chef support resources can be found at https://www.getchef.com/support

Please include as many details about the problem as possible i.e., how to reproduce
the problem (if possible), type of the Operating System and its version, etc.,
and any other relevant details that might help us with troubleshooting.

Metadata URL: https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
\nDEBUG OUTPUT FOLLOWS:\n\nSTDERR from wget:\n\n–2015-01-12 20:44:50-- https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
Resolving www.opscode.com (www.opscode.com)… 184.106.28.90
Connecting to www.opscode.com (www.opscode.com)|184.106.28.90|:443… connected.
ERROR: cannot verify www.opscode.com’s certificate, issued by ‘/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA’:
Unable to locally verify the issuer’s authority.
To connect to www.opscode.com insecurely, use `–no-check-certificate’.\n\nSTDERR from perl:\n\nCan’t locate LWP/Simple.pm in @INC (you may need to install the LWP::Simple module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at -e line 1.
BEGIN failed–compilation aborted at -e line 1.\n

Your wget (or more likely your OpenSSL in general) doesn’t have the DigiCert public CA cert, and none of the other transports (curl, etc) are available. You need something on the base system capable of secure HTTPS download. You should also fix the URL to be www.chef.io, the new hostname.

–Noah


#4

Thanks, guys. When I installed curl, I noticed that it installed a CA
bundle along with it, so wget may indeed have worked thereafter. I figured
I’d raise this just to have it documented. My bootstrapping process takes
one additional manual step (i.e. installing curl) with these minimal
templates, but no biggie.

Thanks for pointing out the hostname change; the installer script on
opscode.com still refers to opscode.com during the install (with
chef-client 12.0.3). I’ve updated my process to use the new domain.

On Mon, Jan 12, 2015 at 9:58 PM, Noah Kantrowitz noah@coderanger.net
wrote:

On Jan 12, 2015, at 5:55 PM, ameirh@gmail.com wrote:

Hi all,

I was trying to install Chef client on a fresh Ubuntu 14.04 OpenVZ
minimal template, but it failed with the error message below. I’ve seen
this a few times before, but figured I’d document it here (I wasn’t sure
which github repo the installer script ties to). The workaround is to just
install curl. If the script has ‘–no-check-certificate’ added to the wget
command, that’d work as well, although security-minded folks might not like
that.

Downloading Chef for ubuntu…
downloading
https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
to file /tmp/install.sh.5682/metadata.txt
trying wget…
trying perl…
Unable to retrieve a valid package!
Version:

Please file a Bug Report at
https://github.com/opscode/opscode-omnitruck/issues/new
Alternatively, feel free to open a Support Ticket at
https://www.getchef.com/support/tickets
More Chef support resources can be found at
https://www.getchef.com/support

Please include as many details about the problem as possible i.e., how
to reproduce
the problem (if possible), type of the Operating System and its version,
etc.,
and any other relevant details that might help us with troubleshooting.

Metadata URL:
https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
\nDEBUG OUTPUT FOLLOWS:\n\nSTDERR from wget:\n\n–2015-01-12 20:44:50–
https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
Resolving www.opscode.com (www.opscode.com)… 184.106.28.90
Connecting to www.opscode.com (www.opscode.com)|184.106.28.90|:443…
connected.
ERROR: cannot verify www.opscode.com’s certificate, issued by
’/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA’:
Unable to locally verify the issuer’s authority.
To connect to www.opscode.com insecurely, use
`–no-check-certificate’.\n\nSTDERR from perl:\n\nCan’t locate
LWP/Simple.pm in @INC (you may need to install the LWP::Simple module)
(@INC contains: /etc/perl /usr/local/lib/perl/5.18.2
/usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5
/usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at -e
line 1.
BEGIN failed–compilation aborted at -e line 1.\n

Your wget (or more likely your OpenSSL in general) doesn’t have the
DigiCert public CA cert, and none of the other transports (curl, etc) are
available. You need something on the base system capable of secure HTTPS
download. You should also fix the URL to be www.chef.io, the new hostname.

–Noah