Chef services user


#1

I have just freshly installed chef on centos 5.4 via gems. After running the
server bootstrap I found the webui to be unresponsive(ie. can’t login) when
running as the chef user. When running the webui as root however, everything
works normally. Is there a way to actually have the webui run as chef? Also if
not, do all chef related services need to run as root?

Thanks,
Mark


#2

On Thursday, April 7, 2011 at 1:24 PM, mrechler@brightcove.com wrote:
I have just freshly installed chef on centos 5.4 via gems. After running the

server bootstrap I found the webui to be unresponsive(ie. can’t login) when
running as the chef user. When running the webui as root however, everything
works normally. Is there a way to actually have the webui run as chef? Also if
not, do all chef related services need to run as root?

Thanks,
Mark
The webui is stateless and doesn’t need to do anything with the underlying system. Perhaps you could include the error message from the webui’s logs?

I imagine the webui server is unable to read the /etc/chef/webui.pem key when you’re running as non-root, so chmod/chowning that file should resolve the issue.

HTH,


Dan DeLeo


#3

Hi Dan,

Appreciate the help. I have tried changing the permissions and even
ownership (chef:root) for the pem files (webui and validation) to be very
liberal (a+rw) which did not help. The following is the only thing that
really appears in the logs (no errors):

merb : chef-server-webui : worker (port 4040) ~

merb : chef-server-webui : worker (port 4040) ~ Started request handling:
Thu Apr 07 14:07:53 -0700 2011
merb : chef-server-webui : worker (port 4040) ~ Params: {“name”=>“admin”,
“action”=>“login_exec”, “controller”=>“users”, “password”=>"[FILTERED]",
“form_submit”=>“login”}
merb : chef-server-webui : worker (port 4040) ~ {:dispatch_time=>0.034691,
:action_time=>0.033662, :after_filters_time=>2.9e-05,
:before_filters_time=>5.8e-05}
merb : chef-server-webui : worker (port 4040) ~

merb : chef-server (api) : worker (port 4000) ~

merb : chef-server (api) : worker (port 4000) ~ Started request handling:
Thu Apr 07 14:07:53 -0700 2011
merb : chef-server (api) : worker (port 4000) ~ Params: {“format”=>nil,
“action”=>“show”, “id”=>“admin”, “controller”=>“users”}
merb : chef-server (api) : worker (port 4000) ~ {:action_time=>0.013155,
:after_filters_time=>2.6e-05, :before_filters_time=>0.007762,
:dispatch_time=>0.013818}
merb : chef-server (api) : worker (port 4000) ~

Thanks again,
Mark

On Thu, Apr 7, 2011 at 5:03 PM, Daniel DeLeo dan@kallistec.com wrote:

On Thursday, April 7, 2011 at 1:24 PM, mrechler@brightcove.com wrote:

I have just freshly installed chef on centos 5.4 via gems. After running
the
server bootstrap I found the webui to be unresponsive(ie. can’t login) when
running as the chef user. When running the webui as root however,
everything
works normally. Is there a way to actually have the webui run as chef? Also
if
not, do all chef related services need to run as root?

Thanks,
Mark

The webui is stateless and doesn’t need to do anything with the underlying
system. Perhaps you could include the error message from the webui’s logs?

I imagine the webui server is unable to read the /etc/chef/webui.pem key
when you’re running as non-root, so chmod/chowning that file should resolve
the issue.

HTH,


Dan DeLeo


#4

On Thursday, April 7, 2011 at 2:14 PM, Mark Rechler wrote:
Hi Dan,

Appreciate the help. I have tried changing the permissions and even ownership (chef:root) for the pem files (webui and validation) to be very liberal (a+rw) which did not help. The following is the only thing that really appears in the logs (no errors):

merb : chef-server-webui : worker (port 4040) ~

merb : chef-server-webui : worker (port 4040) ~ Started request handling: Thu Apr 07 14:07:53 -0700 2011
merb : chef-server-webui : worker (port 4040) ~ Params: {“name”=>“admin”, “action”=>“login_exec”, “controller”=>“users”, “password”=>"[FILTERED]", “form_submit”=>“login”}
merb : chef-server-webui : worker (port 4040) ~ {:dispatch_time=>0.034691, :action_time=>0.033662, :after_filters_time=>2.9e-05, :before_filters_time=>5.8e-05}
merb : chef-server-webui : worker (port 4040) ~

merb : chef-server (api) : worker (port 4000) ~

merb : chef-server (api) : worker (port 4000) ~ Started request handling: Thu Apr 07 14:07:53 -0700 2011
merb : chef-server (api) : worker (port 4000) ~ Params: {“format”=>nil, “action”=>“show”, “id”=>“admin”, “controller”=>“users”}
merb : chef-server (api) : worker (port 4000) ~ {:action_time=>0.013155, :after_filters_time=>2.6e-05, :before_filters_time=>0.007762, :dispatch_time=>0.013818}
merb : chef-server (api) : worker (port 4000) ~

Thanks again,
Mark

Try running both servers with debug logging to see if you get more info out of them. Perhaps your configuration file can only be read by root?


Dan DeLeo


#5

You read my mind, after running the server and webui in dev mode as the chef
user, I found:
FATAL: Failed to access
/usr/lib/ruby/gems/1.8/gems/chef-server-api-0.9.14/log/merb.4000.pid,
permission denied.

Changing the ownership of all the chef related gem dirs fixed everything.

Thanks,
Mark

On Fri, Apr 8, 2011 at 10:48 AM, Daniel DeLeo dan@kallistec.com wrote:

On Thursday, April 7, 2011 at 2:14 PM, Mark Rechler wrote:

Hi Dan,

Appreciate the help. I have tried changing the permissions and even
ownership (chef:root) for the pem files (webui and validation) to be very
liberal (a+rw) which did not help. The following is the only thing that
really appears in the logs (no errors):

merb : chef-server-webui : worker (port 4040) ~

merb : chef-server-webui : worker (port 4040) ~ Started request handling:
Thu Apr 07 14:07:53 -0700 2011
merb : chef-server-webui : worker (port 4040) ~ Params: {“name”=>“admin”,
“action”=>“login_exec”, “controller”=>“users”, “password”=>"[FILTERED]",
“form_submit”=>“login”}
merb : chef-server-webui : worker (port 4040) ~ {:dispatch_time=>0.034691,
:action_time=>0.033662, :after_filters_time=>2.9e-05,
:before_filters_time=>5.8e-05}
merb : chef-server-webui : worker (port 4040) ~


merb : chef-server (api) : worker (port 4000) ~

merb : chef-server (api) : worker (port 4000) ~ Started request handling:
Thu Apr 07 14:07:53 -0700 2011
merb : chef-server (api) : worker (port 4000) ~ Params: {“format”=>nil,
“action”=>“show”, “id”=>“admin”, “controller”=>“users”}
merb : chef-server (api) : worker (port 4000) ~ {:action_time=>0.013155,
:after_filters_time=>2.6e-05, :before_filters_time=>0.007762,
:dispatch_time=>0.013818}
merb : chef-server (api) : worker (port 4000) ~

Thanks again,
Mark

Try running both servers with debug logging to see if you get more info out
of them. Perhaps your configuration file can only be read by root?


Dan DeLeo


#6

On Friday, April 8, 2011 at 7:59 AM, Mark Rechler wrote:
You read my mind, after running the server and webui in dev mode as the chef user, I found:

FATAL: Failed to access /usr/lib/ruby/gems/1.8/gems/chef-server-api-0.9.14/log/merb.4000.pid, permission denied.

Changing the ownership of all the chef related gem dirs fixed everything.

Thanks,
Mark

Wow, we shouldn’t be sticking any pidfiles there by default. Can you file a bug for this? tickets.opscode.com

Thanks,


Dan DeLeo

On Fri, Apr 8, 2011 at 10:48 AM, Daniel DeLeo dan@kallistec.com wrote:

On Thursday, April 7, 2011 at 2:14 PM, Mark Rechler wrote:

Hi Dan,

Appreciate the help. I have tried changing the permissions and even ownership (chef:root) for the pem files (webui and validation) to be very liberal (a+rw) which did not help. The following is the only thing that really appears in the logs (no errors):

merb : chef-server-webui : worker (port 4040) ~

merb : chef-server-webui : worker (port 4040) ~ Started request handling: Thu Apr 07 14:07:53 -0700 2011
merb : chef-server-webui : worker (port 4040) ~ Params: {“name”=>“admin”, “action”=>“login_exec”, “controller”=>“users”, “password”=>"[FILTERED]", “form_submit”=>“login”}
merb : chef-server-webui : worker (port 4040) ~ {:dispatch_time=>0.034691, :action_time=>0.033662, :after_filters_time=>2.9e-05, :before_filters_time=>5.8e-05}
merb : chef-server-webui : worker (port 4040) ~

merb : chef-server (api) : worker (port 4000) ~

merb : chef-server (api) : worker (port 4000) ~ Started request handling: Thu Apr 07 14:07:53 -0700 2011
merb : chef-server (api) : worker (port 4000) ~ Params: {“format”=>nil, “action”=>“show”, “id”=>“admin”, “controller”=>“users”}
merb : chef-server (api) : worker (port 4000) ~ {:action_time=>0.013155, :after_filters_time=>2.6e-05, :before_filters_time=>0.007762, :dispatch_time=>0.013818}
merb : chef-server (api) : worker (port 4000) ~

Thanks again,
Mark

Try running both servers with debug logging to see if you get more info out of them. Perhaps your configuration file can only be read by root?


Dan DeLeo


#7

Hi Dan,

I have filed CHEF-2199. Appreciate the help.

Thanks,
Mark

On Fri, Apr 8, 2011 at 11:03 AM, Daniel DeLeo dan@kallistec.com wrote:

On Friday, April 8, 2011 at 7:59 AM, Mark Rechler wrote:

You read my mind, after running the server and webui in dev mode as the
chef user, I found:
FATAL: Failed to access
/usr/lib/ruby/gems/1.8/gems/chef-server-api-0.9.14/log/merb.4000.pid,
permission denied.

Changing the ownership of all the chef related gem dirs fixed everything.

Thanks,
Mark

Wow, we shouldn’t be sticking any pidfiles there by default. Can you file a
bug for this? tickets.opscode.com

Thanks,


Dan DeLeo

On Fri, Apr 8, 2011 at 10:48 AM, Daniel DeLeo dan@kallistec.com wrote:

On Thursday, April 7, 2011 at 2:14 PM, Mark Rechler wrote:

Hi Dan,

Appreciate the help. I have tried changing the permissions and even
ownership (chef:root) for the pem files (webui and validation) to be very
liberal (a+rw) which did not help. The following is the only thing that
really appears in the logs (no errors):

merb : chef-server-webui : worker (port 4040) ~

merb : chef-server-webui : worker (port 4040) ~ Started request handling:
Thu Apr 07 14:07:53 -0700 2011
merb : chef-server-webui : worker (port 4040) ~ Params: {“name”=>“admin”,
“action”=>“login_exec”, “controller”=>“users”, “password”=>"[FILTERED]",
“form_submit”=>“login”}
merb : chef-server-webui : worker (port 4040) ~ {:dispatch_time=>0.034691,
:action_time=>0.033662, :after_filters_time=>2.9e-05,
:before_filters_time=>5.8e-05}
merb : chef-server-webui : worker (port 4040) ~


merb : chef-server (api) : worker (port 4000) ~

merb : chef-server (api) : worker (port 4000) ~ Started request handling:
Thu Apr 07 14:07:53 -0700 2011
merb : chef-server (api) : worker (port 4000) ~ Params: {“format”=>nil,
“action”=>“show”, “id”=>“admin”, “controller”=>“users”}
merb : chef-server (api) : worker (port 4000) ~ {:action_time=>0.013155,
:after_filters_time=>2.6e-05, :before_filters_time=>0.007762,
:dispatch_time=>0.013818}
merb : chef-server (api) : worker (port 4000) ~

Thanks again,
Mark

Try running both servers with debug logging to see if you get more info out
of them. Perhaps your configuration file can only be read by root?


Dan DeLeo