Confused with knife.rb file?


#1

Hi,
I am creating knife.rb file on my local workstation and I got confused with what value has to specified for parameter chef_server_url? is it the IP address of my local workstation or IP address of my chef-server( i am not using hosted chef for chef server. created my own chef server in one of the machine)
if anyone helps me with this it will be a great help.

Thanks,
Amar.


#2

It would be the IP address of the chef server (not your local workstation). A DNS name would be preferable (IMO) as it will make remembering the machine address easier (among other things).


#3

Thank you. I am hosting my chef-server in GENI test bed(if you know what it is, www.geni.net) it can be accessed by ssh and it is completely CLI. is it enough to give IP address or IP address + port number?
can you give me an example?


#4

I am not familiar with GENI. But if you are accessing the server via a non standard SSL port (EG: Anything other than say TCP port 443) then you would need to specify the exact port you are using. If there is no web UI, then I am unsure what port you will be using for connection (outside of SSH). Although here is a chef document that defines what the standard ports that are used in a chef deployment.
Here is an example of my knife.rb file (with obfuscated data of course) that has a successful connection back to our chef server that is using the standard web SSL port (443). As it is standard, I do not need to specify the port.

current_dir = File.dirname(FILE)
log_level :info
log_location STDOUT
node_name “sysadmin"
client_key “#{current_dir}/sysadmin.pem"
chef_server_url "https://mychefserver.fqdn/organizations/myorganization"
cookbook_path [”#{current_dir}/…/cookbooks”]


#5

Thank you very much. will try it.


#6

I should also say that if you do want to specify a NON-standard SSL port it would be define like so:

chef_server_url “https://mychefserver.fqdn:8443/organizations/myorganization”


#7

i specified like what you said but my chef-server machine is not accepting ssl connection.
i am wondering how to enable it.


#8

Can you telnet to the SSL port (assuming this is 443) of the chef server to verify it is open? Also, what error are you getting?
You can use the knife command to fetch the ssl certificates from the server. I suspect you are using a self signed certificate as well?
When you are in the chef development kit, and have CD’d to your chef-repo, try using the"knife ssl verify" command to start debugging, then try using “knife ssl fetch” command to download and store the chef servers SSL certificates within your local chef-repo config, assuming that this is the issue.


#9

I am not able to fetch ssl certificate from the chef-server

my machine is not accepting ssl connection.


#10

Have you added a user to the beginning of the connection string in the knife.rb file? Or is that appended when the “knife ssl fetch” is run? Just looking at the connection string in the error and it has “abg55@” in there. You shouldn’t need to specify a user at it is all tied into the SSL certificates created for each user.
If you haven’t added a a user to the connection string then this is a port 443 issue plain and simple. Can you confirm that you can/cannot connect to the service via telnet to port 443? Telnet will provide a nice simple “Is the port open?” test.


#11

Hi Svucich,

The username is chef-server system login name. I removed it and changed the port to 443. Now I am getting connection timed out. That port might have disabled will check and get back to you.

Thanks,
Amar.