Chef Server Install


#1

I just installed the latest version of chef server, and ran these commands:

dpkg -i chef-server-core_12.0.1-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl user-create doug Douglas Garstang doug@slice.com “password”
–filename doug.pem
chef-server-ctl org-create slice “Foo Technologies” --association_user doug
–filename validator.pem

I then copied the keys to my local system, and configured the client.

Attempting to run a ‘knife cookbook list’ on the client gets me:

Douglass-MacBook-Pro:.chefvm doug$ knife cookbook list
ERROR: The object you are looking for could not be found
Response:

Chef - 404 Not Found
Chef

404 - Not Found

Sorry, I can't find what you are looking for.

© 2010 – 2014 Chef Software, Inc. All Rights Reserved

I then tried to a ‘knife user list’ which resulted in:

Douglass-MacBook-Pro:.chefvm doug$ knife user list
ERROR: You authenticated successfully to
https://chef01.dev.slicetest.com:443 as doug but you are not authorized for
this action
Response: missing read permission

which is strange because of the “–association_user doug” above. What am I
missing?

Doug


#2

I am having identical problems.

On Fri, Jan 23, 2015 at 12:01 PM, Douglas Garstang doug.garstang@gmail.com
wrote:

I just installed the latest version of chef server, and ran these commands:

dpkg -i chef-server-core_12.0.1-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl user-create doug Douglas Garstang doug@slice.com
"password" --filename doug.pem
chef-server-ctl org-create slice “Foo Technologies” --association_user
doug --filename validator.pem

I then copied the keys to my local system, and configured the client.

Attempting to run a ‘knife cookbook list’ on the client gets me:

Douglass-MacBook-Pro:.chefvm doug$ knife cookbook list
ERROR: The object you are looking for could not be found
Response:

Chef - 404 Not Found

404 - Not Found

Sorry, I can't find what you are looking for.

© 2010 – 2014 Chef Software, Inc. All Rights Reserved

I then tried to a ‘knife user list’ which resulted in:

Douglass-MacBook-Pro:.chefvm doug$ knife user list
ERROR: You authenticated successfully to
https://chef01.dev.slicetest.com:443 as doug but you are not authorized
for this action
Response: missing read permission

which is strange because of the “–association_user doug” above. What am I
missing?

Doug


#3

Hi guys,

You’ll need to set your config to the fully qualified path of your organization, for instance:


chef_server "https://chef01.dev.slicetest.com:443/organizations/slice"

HTH!


Stephen Delano - Engineering Lead, Chef

On Fri, Jan 23, 2015 at 10:04 AM, Charles Betz char@erp4it.com wrote:

I am having identical problems.
On Fri, Jan 23, 2015 at 12:01 PM, Douglas Garstang doug.garstang@gmail.com
wrote:

I just installed the latest version of chef server, and ran these commands:

dpkg -i chef-server-core_12.0.1-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl user-create doug Douglas Garstang doug@slice.com
"password" --filename doug.pem
chef-server-ctl org-create slice “Foo Technologies” --association_user
doug --filename validator.pem

I then copied the keys to my local system, and configured the client.

Attempting to run a ‘knife cookbook list’ on the client gets me:

Douglass-MacBook-Pro:.chefvm doug$ knife cookbook list
ERROR: The object you are looking for could not be found
Response:

Chef - 404 Not Found

404 - Not Found

Sorry, I can't find what you are looking for.

© 2010 – 2014 Chef Software, Inc. All Rights Reserved

I then tried to a ‘knife user list’ which resulted in:

Douglass-MacBook-Pro:.chefvm doug$ knife user list
ERROR: You authenticated successfully to
https://chef01.dev.slicetest.com:443 as doug but you are not authorized
for this action
Response: missing read permission

which is strange because of the “–association_user doug” above. What am I
missing?

Doug


#4

Charles,

I found the solution. Someone opened a bug on this. I can’t find it right
now, but you need to add /organizations/${short_name} to your chef server
URL on the client side. I presume that’s due to the multi tenancy. Chalk it
up to more bad documentation.

Now I can list users with knife, and cookbook list doesn’t return an error.
I attempted to upload cookbooks with berkshelf, and no error was returned.
Attempting to list the cookbooks then returns nothing. I modified the
chef_server_url in the berkshelf config file, and updated the URL, no
change. Still no cookbooks returned. Upgraded berkshelf to latest version.
Still no change.

I might be doing something wrong. I might not. Lack of docs makes it hard
to know.

Doug

On Fri, Jan 23, 2015 at 10:03 AM, Charles Betz char@erp4it.com wrote:

I am having identical problems.

On Fri, Jan 23, 2015 at 12:01 PM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

I just installed the latest version of chef server, and ran these
commands:

dpkg -i chef-server-core_12.0.1-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl user-create doug Douglas Garstang doug@slice.com
"password" --filename doug.pem
chef-server-ctl org-create slice “Foo Technologies” --association_user
doug --filename validator.pem

I then copied the keys to my local system, and configured the client.

Attempting to run a ‘knife cookbook list’ on the client gets me:

Douglass-MacBook-Pro:.chefvm doug$ knife cookbook list
ERROR: The object you are looking for could not be found
Response:

Chef - 404 Not Found

404 - Not Found

Sorry, I can't find what you are looking for.

© 2010 – 2014 Chef Software, Inc. All Rights Reserved

I then tried to a ‘knife user list’ which resulted in:

Douglass-MacBook-Pro:.chefvm doug$ knife user list
ERROR: You authenticated successfully to
https://chef01.dev.slicetest.com:443 as doug but you are not authorized
for this action
Response: missing read permission

which is strange because of the “–association_user doug” above. What am
I missing?

Doug


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


#5

Thanks Stephen.

What about berkshelf? What tweaks does it require? I’d try a knife upload,
but since we have have one git repo per cookbook, I don’t want to futz with
the client.rb file to make that work. It returns an error as is, and always
has.

Doug

On Fri, Jan 23, 2015 at 10:19 AM, Stephen Delano stephen@opscode.com
wrote:

Hi guys,

You’ll need to set your config to the fully qualified path of your
organization, for instance:

chef_server "https://chef01.dev.slicetest.com:443/organizations/slice"

HTH!


Stephen Delano - Engineering Lead, Chef

On Fri, Jan 23, 2015 at 10:04 AM, Charles Betz char@erp4it.com wrote:

I am having identical problems.

On Fri, Jan 23, 2015 at 12:01 PM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

I just installed the latest version of chef server, and ran these
commands:

dpkg -i chef-server-core_12.0.1-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl user-create doug Douglas Garstang doug@slice.com
"password" --filename doug.pem
chef-server-ctl org-create slice “Foo Technologies” --association_user
doug --filename validator.pem

I then copied the keys to my local system, and configured the client.

Attempting to run a ‘knife cookbook list’ on the client gets me:

Douglass-MacBook-Pro:.chefvm doug$ knife cookbook list
ERROR: The object you are looking for could not be found
Response:

Chef - 404 Not Found

404 - Not Found

Sorry, I can't find what you are looking for.

© 2010 – 2014 Chef Software, Inc. All Rights Reserved

I then tried to a ‘knife user list’ which resulted in:

Douglass-MacBook-Pro:.chefvm doug$ knife user list
ERROR: You authenticated successfully to
https://chef01.dev.slicetest.com:443 as doug but you are not authorized
for this action
Response: missing read permission

which is strange because of the “–association_user doug” above. What am
I missing?

Doug


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


#6

Well, I don’t know. I just made the chef_server_url setting in berkshelf
config file bogus, and it still says it’s uploading cookbooks. Wat?

berks install -c ~/.berkshelf/config-dev.json

Resolving cookbook dependencies…
Fetching ‘slice-awscli’ from source at …/slice-awscli
Fetching ‘slice-base’ from source at .
Fetching ‘slice-chef-client’ from source at …/slice-chef-client
Fetching ‘slice-ldap’ from source at …/slice-ldap
Fetching ‘slice-motd’ from source at …/slice-motd
Fetching ‘slice-nrpe’ from source at …/slice-nrpe
Fetching ‘slice-openssh’ from source at …/slice-openssh
Fetching ‘slice-sudo’ from source at …/slice-sudo
Fetching ‘slice-swap’ from source at …/slice-swap
Using chef-sugar (2.4.1)
Using build-essential (2.1.3)

etc etc

Actually it would be really nice if berkshelf could refer completely to the
chef client config file. It’s a pain in the ass to always pass the
berkshelf config file to use when you have multiple chef servers. For
switching the chef server we have chefvm, but having something similar for
berkself, or better still, just letting it refer to the chef config, would
be better.

Doug

On Fri, Jan 23, 2015 at 10:21 AM, Douglas Garstang doug.garstang@gmail.com
wrote:

Thanks Stephen.

What about berkshelf? What tweaks does it require? I’d try a knife upload,
but since we have have one git repo per cookbook, I don’t want to futz with
the client.rb file to make that work. It returns an error as is, and always
has.

Doug

On Fri, Jan 23, 2015 at 10:19 AM, Stephen Delano stephen@opscode.com
wrote:

Hi guys,

You’ll need to set your config to the fully qualified path of your
organization, for instance:

chef_server "https://chef01.dev.slicetest.com:443/organizations/slice"

HTH!


Stephen Delano - Engineering Lead, Chef

On Fri, Jan 23, 2015 at 10:04 AM, Charles Betz char@erp4it.com wrote:

I am having identical problems.

On Fri, Jan 23, 2015 at 12:01 PM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

I just installed the latest version of chef server, and ran these
commands:

dpkg -i chef-server-core_12.0.1-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl user-create doug Douglas Garstang doug@slice.com
"password" --filename doug.pem
chef-server-ctl org-create slice “Foo Technologies” --association_user
doug --filename validator.pem

I then copied the keys to my local system, and configured the client.

Attempting to run a ‘knife cookbook list’ on the client gets me:

Douglass-MacBook-Pro:.chefvm doug$ knife cookbook list
ERROR: The object you are looking for could not be found
Response:

Chef - 404 Not Found

404 - Not Found

Sorry, I can't find what you are looking for.

© 2010 – 2014 Chef Software, Inc. All Rights Reserved

I then tried to a ‘knife user list’ which resulted in:

Douglass-MacBook-Pro:.chefvm doug$ knife user list
ERROR: You authenticated successfully to
https://chef01.dev.slicetest.com:443 as doug but you are not
authorized for this action
Response: missing read permission

which is strange because of the “–association_user doug” above. What
am I missing?

Doug


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


#7

Ok, uploading,

If you read the berkshelf docs, it says that most of the settings default
to what’s in current knife.rb. Well, that means I should be able to run a
’berks upload’ without any config file. However, attempting to do that
results in

[chef=dev] Douglass-MacBook-Pro:slice-base doug$ berks upload
E, [2015-01-23T10:35:53.846552 #58902] ERROR – :
Ridley::Errors::ClientError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
E, [2015-01-23T10:35:53.846647 #58902] ERROR – :
/Users/doug/.chefdk/gem/ruby/2.1.0/gems/celluloid-0.16.0/lib/celluloid/responses.rb:29:in
`value’

Doug

On Fri, Jan 23, 2015 at 10:25 AM, Douglas Garstang doug.garstang@gmail.com
wrote:

Well, I don’t know. I just made the chef_server_url setting in berkshelf
config file bogus, and it still says it’s uploading cookbooks. Wat?

berks install -c ~/.berkshelf/config-dev.json

Resolving cookbook dependencies…
Fetching ‘slice-awscli’ from source at …/slice-awscli
Fetching ‘slice-base’ from source at .
Fetching ‘slice-chef-client’ from source at …/slice-chef-client
Fetching ‘slice-ldap’ from source at …/slice-ldap
Fetching ‘slice-motd’ from source at …/slice-motd
Fetching ‘slice-nrpe’ from source at …/slice-nrpe
Fetching ‘slice-openssh’ from source at …/slice-openssh
Fetching ‘slice-sudo’ from source at …/slice-sudo
Fetching ‘slice-swap’ from source at …/slice-swap
Using chef-sugar (2.4.1)
Using build-essential (2.1.3)

etc etc

Actually it would be really nice if berkshelf could refer completely to
the chef client config file. It’s a pain in the ass to always pass the
berkshelf config file to use when you have multiple chef servers. For
switching the chef server we have chefvm, but having something similar for
berkself, or better still, just letting it refer to the chef config, would
be better.

Doug

On Fri, Jan 23, 2015 at 10:21 AM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

Thanks Stephen.

What about berkshelf? What tweaks does it require? I’d try a knife
upload, but since we have have one git repo per cookbook, I don’t want to
futz with the client.rb file to make that work. It returns an error as is,
and always has.

Doug

On Fri, Jan 23, 2015 at 10:19 AM, Stephen Delano stephen@opscode.com
wrote:

Hi guys,

You’ll need to set your config to the fully qualified path of your
organization, for instance:

chef_server "https://chef01.dev.slicetest.com:443/organizations/slice"

HTH!


Stephen Delano - Engineering Lead, Chef

On Fri, Jan 23, 2015 at 10:04 AM, Charles Betz char@erp4it.com wrote:

I am having identical problems.

On Fri, Jan 23, 2015 at 12:01 PM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

I just installed the latest version of chef server, and ran these
commands:

dpkg -i chef-server-core_12.0.1-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl user-create doug Douglas Garstang doug@slice.com
"password" --filename doug.pem
chef-server-ctl org-create slice “Foo Technologies” --association_user
doug --filename validator.pem

I then copied the keys to my local system, and configured the client.

Attempting to run a ‘knife cookbook list’ on the client gets me:

Douglass-MacBook-Pro:.chefvm doug$ knife cookbook list
ERROR: The object you are looking for could not be found
Response:

Chef - 404 Not Found

404 - Not Found

Sorry, I can't find what you are looking for.

© 2010 – 2014 Chef Software, Inc. All Rights Reserved

I then tried to a ‘knife user list’ which resulted in:

Douglass-MacBook-Pro:.chefvm doug$ knife user list
ERROR: You authenticated successfully to
https://chef01.dev.slicetest.com:443 as doug but you are not
authorized for this action
Response: missing read permission

which is strange because of the “–association_user doug” above. What
am I missing?

Doug


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


#8

Do knife ssl_fetch first and then try your berks upload again. If you are
using a self-signed cert chef 12 tries to to cert validation by default.

On Fri, Jan 23, 2015 at 1:36 PM, Douglas Garstang doug.garstang@gmail.com
wrote:

Ok, uploading,

If you read the berkshelf docs, it says that most of the settings default
to what’s in current knife.rb. Well, that means I should be able to run a
’berks upload’ without any config file. However, attempting to do that
results in

[chef=dev] Douglass-MacBook-Pro:slice-base doug$ berks upload
E, [2015-01-23T10:35:53.846552 #58902] ERROR – :
Ridley::Errors::ClientError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
E, [2015-01-23T10:35:53.846647 #58902] ERROR – :
/Users/doug/.chefdk/gem/ruby/2.1.0/gems/celluloid-0.16.0/lib/celluloid/responses.rb:29:in
`value’

Doug

On Fri, Jan 23, 2015 at 10:25 AM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

Well, I don’t know. I just made the chef_server_url setting in berkshelf
config file bogus, and it still says it’s uploading cookbooks. Wat?

berks install -c ~/.berkshelf/config-dev.json

Resolving cookbook dependencies…
Fetching ‘slice-awscli’ from source at …/slice-awscli
Fetching ‘slice-base’ from source at .
Fetching ‘slice-chef-client’ from source at …/slice-chef-client
Fetching ‘slice-ldap’ from source at …/slice-ldap
Fetching ‘slice-motd’ from source at …/slice-motd
Fetching ‘slice-nrpe’ from source at …/slice-nrpe
Fetching ‘slice-openssh’ from source at …/slice-openssh
Fetching ‘slice-sudo’ from source at …/slice-sudo
Fetching ‘slice-swap’ from source at …/slice-swap
Using chef-sugar (2.4.1)
Using build-essential (2.1.3)

etc etc

Actually it would be really nice if berkshelf could refer completely to
the chef client config file. It’s a pain in the ass to always pass the
berkshelf config file to use when you have multiple chef servers. For
switching the chef server we have chefvm, but having something similar for
berkself, or better still, just letting it refer to the chef config, would
be better.

Doug

On Fri, Jan 23, 2015 at 10:21 AM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

Thanks Stephen.

What about berkshelf? What tweaks does it require? I’d try a knife
upload, but since we have have one git repo per cookbook, I don’t want to
futz with the client.rb file to make that work. It returns an error as is,
and always has.

Doug

On Fri, Jan 23, 2015 at 10:19 AM, Stephen Delano stephen@opscode.com
wrote:

Hi guys,

You’ll need to set your config to the fully qualified path of your
organization, for instance:

chef_server "https://chef01.dev.slicetest.com:443/organizations/slice"

HTH!


Stephen Delano - Engineering Lead, Chef

On Fri, Jan 23, 2015 at 10:04 AM, Charles Betz char@erp4it.com wrote:

I am having identical problems.

On Fri, Jan 23, 2015 at 12:01 PM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

I just installed the latest version of chef server, and ran these
commands:

dpkg -i chef-server-core_12.0.1-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl user-create doug Douglas Garstang doug@slice.com
"password" --filename doug.pem
chef-server-ctl org-create slice “Foo Technologies”
–association_user doug --filename validator.pem

I then copied the keys to my local system, and configured the client.

Attempting to run a ‘knife cookbook list’ on the client gets me:

Douglass-MacBook-Pro:.chefvm doug$ knife cookbook list
ERROR: The object you are looking for could not be found
Response:

Chef - 404 Not Found

404 - Not Found

Sorry, I can't find what you are looking for.

© 2010 – 2014 Chef Software, Inc. All Rights Reserved

I then tried to a ‘knife user list’ which resulted in:

Douglass-MacBook-Pro:.chefvm doug$ knife user list
ERROR: You authenticated successfully to
https://chef01.dev.slicetest.com:443 as doug but you are not
authorized for this action
Response: missing read permission

which is strange because of the “–association_user doug” above. What
am I missing?

Doug


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627