I installed chef-compliance_0.14.5-1_amd64.deb on Ubuntu Trusty. I ran
"chef-compliance-ctl reconfigure". But the “Setup Chef Compliance” button doesn’t do anything
when clicked (this is right after the previous step). My server is behind proxy with restricted Internet
access. Does the setup need Internet access? I don’t see the Compliance install page https://docs.chef.io/install_compliance.html
mention any proxy settings.
I tried Chef Compliance 0.15.13. This time, the setup button worked and took me to the page to create an admin account. After I did that and clicked next button, it says “setup failed”. On the bottom of the page, there’s ‘error 404 page not found’. Behind the scenes, was it trying to reach the Internet? My computer is behind firewall/proxy with restricted Internet access.
I also tried on a computer that doesn’t go through a proxy to reach the Internet. I was able to set up Chef Compliance and run it without problems.
In Chef documentation, can info be added to describe how to install when there’s no Internet access? That means to pre-download packages, etc.
Victor, thank you for taking the time to describe the issue.
Installing and using Chef Compliance behind the firewall is an important use-case for us. I was not able to reproduce the issue using version 0.15.13. Can you provide more details to help track this down? Would be good to know:
-
Browser name and version you are using.
-
URL of the HTTPS request that returned 404. You can capture that by loading the browser’s
Networkinspector while going through the Compliance web setup:
Firefox Menu > Developer > Network
Chrome Menu > More Tools > Developer Tools
Thank you,
Alex
Alex, I used IE 11.0.9600.17914, Firefox 44.0.2. I ended up using command line to create an ID/pw successfully. I was able to log in and scan my nodes now.
Alex, my Compliance server was working and was able to scan a node. But today when I tried to scan again, it failed.
Error message:
Connectivity Report says:
Failed to verify connectivity to sshPassword://my_user_name@my_IP:0 using login password : exit status 1
Hi Victor,
If you have access to the server running Chef Compliance, please run these two commands from the shell to test ssh connectivity. Replace hostname, username and password:
[root@ap-chef-compliance ~]# ssh root@192.168.56.50 whoami
root@192.168.56.50's password:
root
[root@ap-chef-compliance ~]# echo '{"backend":"ssh","host":"192.168.56.50","user":"root","password":"REDACTED","profiles_path":"/etc/chef-compliance/compliance-profiles"}' | /opt/chef-compliance/embedded/bin/inspec detect --json-config=-
{"name":null,"family":"centos","release":"6.6","arch":null}
Thanks,
Alex
Alex, I can scan CentOS and Ubuntu servers without issues.
My problem now is Compliance can’t connect/scan my RHEL7.2 VM.
From my compliance server, I can run ssh root@myRHEL-IP whoami successfully.
For your 2nd echo command, I ran it with my rhel7.2 node’s IP, changed Jason-config to {“name”:null,“family”:“rhel”,“release”:“7.2”,“arch”:null}. It gives the following error:
/opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-0.15.0/lib/utils/base_cli.rb:103:in read': No such file or directory @ rb_sysopen - -arch:null (Errno::ENOENT) from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-0.15.0/lib/utils/base_cli.rb:103:inread_config’
from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-0.15.0/lib/utils/base_cli.rb:95:in options_json' from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-0.15.0/lib/utils/base_cli.rb:90:inopts’
from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-0.15.0/lib/utils/base_cli.rb:76:in diagnose' from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-0.15.0/bin/inspec:115:indetect’
from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/thor-0.19.1/lib/thor/command.rb:27:in run' from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:ininvoke_command’
from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/thor-0.19.1/lib/thor.rb:359:in dispatch' from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/thor-0.19.1/lib/thor/base.rb:440:instart’
from /opt/chef-compliance/embedded/lib/ruby/gems/2.2.0/gems/inspec-0.15.0/bin/inspec:165:in <top (required)>' from /opt/chef-compliance/embedded/bin/inspec:22:inload’
from /opt/chef-compliance/embedded/bin/inspec:22:in `’
Thanks for the additional details. I’ll try to reproduce and get back to you.
Hi Victor,
To clarify, {"name":null,"family":"rhel","release":"7.2","arch":null} is the output you should get back when you run the command:
echo '{"backend":"ssh","host":"192.168.56.51","user":"youruser","password":"yourpass","sudo":true,"profiles_path":"/var/opt/chef-compliance/core/runtime/compliance-profiles"}' | /opt/chef-compliance/embedded/bin/inspec detect --json-config=-
This will either return the json detect output or a stack trace with the error details.
Thanks,
Alex
Alex, turns out the issue was rhel has requiretty on by default. After I set !requiretty, Chef Compliance can connect and scan it now. Thanks for the command you provided above, which led to this setting.
I’m glad you figured it out. Based on your experience, we are going to increase the verbosity of the error message for failed connections.
Thank you,
Alex