How to configure knife.rb?

Hi people,

I have this architecture : i’m using a chef server and a workstation on the same machine to bootstrap a windows mahine located in the same domain. I’m behind a proxy. when i configure the proxy knife bootstrap is not working anymore. I have to put the proxy though to use command like knife supermarket download cookbook.

I already used [http_proxy] in knife.rb but it doesn’t work. So how can i configure it please?

thanks!

I assume you will need to fill up the no-proxy setting in knife.rb to avoid using the proxy for local machines.

Documentation is here: https://docs.chef.io/config_rb_knife.html#proxy-settings

Hi @chernaj
I have an alternate solution for you. It might help you.

You need internet connectivity in your node just for one activity. i.e. Download chef-client on that node.
You can bypass this phase by manually downloading chef-client and keeping it any accessible location (accessible from node). I kept it in Nexus you can keep it in shared drive or locally on the node itself.
After that, run following bootstrap command:

knife bootstrap windows winrm “IP ADDRESS” -x “DOMAIN/USERNAME” -P “PASSWORD” --bootstrap-no-proxy “DOMAIN.ORG” --msi-url “SHARED DRIVE LOCATION”

Thanks! that’s a good idea indeed. i have a question though not about chef but about nexus,
i’m trying to mirror a private nuget repo using nexus, but i can’t change the url to make it accessible from outside (My knowledge of nexus is very short) Can you describe the process?
I appreciate the help!

We are on the same boat @chernaj. :grinning:
Even I have very limited knowledge in Nexus. http://stackoverflow.com/ might extend you some help.

@Tensibai
i tried your solution by setting the no_proxy and http_proxy / https_proxy. it doesn’t work tough.

no_proxy 'localhost, *.domain.local.com’
http_proxy 'http://193.56.47.8:8080
https_proxy ‘https://193.56.47.8:8080

here is the error i get : …ERROR: No response received from remote node after 2.67 minutes, giving up.
ERROR: Exception: execution expired
ERROR: HTTPClient::ConnectTimeoutError: execution expired

Thanks a lot for the help

IIRC the no_proxy list doesn’t use wildcards (no parsing done), remove the star * and all should be ok.

I.e: no_proxy 'localhost, .domain.local.com'

Okay i removed the * i still have this problem, it seems to come from winrm configuration maybe :
Waiting for remote response before bootstrap…ERROR: No response received from remote node after 2.32 minutes, giving up.
ERROR: Exception: undefined method split' for nil:NilClass ERROR: knife encountered an unexpected error This may be a bug in the 'bootstrap windows winrm' knife command or plugin Please collect the output of this command with the-VVoption before filing a bug report. Exception: NoMethodError: undefined methodsplit’ for nil:NilClass

You can always check winrm connectivity. Run following command from your workstation

Test-WSMan "IP OF THE NODE"

my workstation and server is a centos machine(both on the same machine), and i’m bootstraping windows machine.
So i can’t test this command on my workstation i tested knife ssl check though and i got this
Connecting to host accor-tools.accor.local.com:443
ERROR: ArgumentError: unknown proxy scheme `https’

thanks :slight_smile:

Any chance we can see it ? Guessing is far from the better option to help.

Here is the output of :
knife bootstrap windows winrm 10.200.24.160 -x domain\username’ -r ‘recipe[test]’ -p 5985 -VV

INFO: Using configuration from /home/exploit/stages/provisionning_cherifa/chef-repo/.chef/knife.rb
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key ca_trust_file and found value
DEBUG: Looking for key winrm_user and found value domain/username
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key winrm_transport and found value plaintext
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key winrm_password and found value
DEBUG: Looking for key winrm_port and found value 5985
DEBUG: Looking for key session_timeout and found value 30
DEBUG: Looking for key session_timeout and found value 30
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key winrm_transport and found value plaintext
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key winrm_transport and found value plaintext
DEBUG: Looking for key winrm_authentication_protocol and found value negotiate
DEBUG: Looking for key ca_trust_file and found value
DEBUG: Looking for key ssl_peer_fingerprint and found value
Enter your password:
DEBUG: Looking for key ca_trust_file and found value
DEBUG: Adding 10.200.24.160
DEBUG: WinRM::WinRMWebService options: {:user=>“domain\username”, :pass=>“password”, :basic_auth_only=>false, :disable_sspi=>false, :no_ssl_peer_verification=>false, :ssl_peer_fingerprint=>nil, :ca_trust_path=>nil}
DEBUG: Endpoint: http://10.200.24.160:5985/wsman
DEBUG: Transport: negotiate
Doing old-style registration with the validation key at /home/exploit/stages/provisionning_cher/chef-repo/.chef/exemple-validator.key…
Delete your validation key in order to use your user credentials instead

Waiting for remote response before bootstrap.DEBUG: echo . & echo Response received.
…DEBUG: echo . & echo Response received.
…DEBUG: echo . & echo Response received.
…DEBUG: echo . & echo Response received.
…DEBUG: echo . & echo Response received.
…DEBUG: echo . & echo Response received.
ERROR: No response received from remote node after 2.32 minutes, giving up.
ERROR: Exception: undefined method split' for nil:NilClass /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/winrm-1.7.2/lib/winrm/http/transport.rb:226:ininit_auth’: undefined method split' for nil:NilClass (NoMethodError) from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/winrm-1.7.2/lib/winrm/http/transport.rb:166:insend_request’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/winrm-1.7.2/lib/winrm/winrm_service.rb:489:in send_message' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/winrm-1.7.2/lib/winrm/winrm_service.rb:150:inopen_shell’
from /home/exploit/.chefdk/gem/ruby/2.1.0/gems/knife-windows-1.4.0/lib/chef/knife/winrm_session.rb:49:in relay_command' from /home/exploit/.chefdk/gem/ruby/2.1.0/gems/knife-windows-1.4.0/lib/chef/knife/winrm_knife_base.rb:130:inblock in relay_winrm_command’
from /home/exploit/.chefdk/gem/ruby/2.1.0/gems/knife-windows-1.4.0/lib/chef/knife/winrm_knife_base.rb:128:in each' from /home/exploit/.chefdk/gem/ruby/2.1.0/gems/knife-windows-1.4.0/lib/chef/knife/winrm_knife_base.rb:128:inrelay_winrm_command’
from /home/exploit/.chefdk/gem/ruby/2.1.0/gems/knife-windows-1.4.0/lib/chef/knife/winrm_knife_base.rb:114:in run_command' from /home/exploit/.chefdk/gem/ruby/2.1.0/gems/knife-windows-1.4.0/lib/chef/knife/bootstrap_windows_winrm.rb:70:inwait_for_remote_response’
from /home/exploit/.chefdk/gem/ruby/2.1.0/gems/knife-windows-1.4.0/lib/chef/knife/bootstrap_windows_base.rb:329:in bootstrap' from /home/exploit/.chefdk/gem/ruby/2.1.0/gems/knife-windows-1.4.0/lib/chef/knife/bootstrap_windows_winrm.rb:53:inrun’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/knife.rb:421:in block in run_with_pretty_exceptions' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/local_mode.rb:44:inwith_server_connectivity’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/knife.rb:420:in run_with_pretty_exceptions' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/knife.rb:219:inrun’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/application/knife.rb:148:in run' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/bin/knife:25:in<top (required)>'
from /opt/chefdk/bin/knife:49:in load' from /opt/chefdk/bin/knife:49:in

thanks in advance.

Obviously the no_proxy can’t match 10.200.24.160 as a domain name… Still from memory, IP address have to be fully set in the no_proxy variable, you can try adding 10.200. but I’m really unsure this would work.

Best idea is to configure your Dns system properly to then bootstrap with a fqdn like mymachine.domain.local.com which would trigger the no_proxy entry .domain.local.com.

yes thanks! i configured the dns and now it works. in fact knife doesn’t match the fqdn with the Ip adress!

Thanks a lot again!

I don’t know any system where the no_proxy configuration does something fancy as a DNS PTR query to get the name from an IP address.
That’s always just a string match between the target and the entries configured.

hi people!

So knife bootstrap windows winrm fqdn -x domain/username -r ‘recipe[test]’ -p 5985 works but all other knife commands don’t work:
knife cookbook upload test -VV shows this :
INFO: Using configuration from /home/exploit/stages/provisionning_cherifa/chef-repo/.chef/knife.rb
DEBUG: No chefignore file found at /home/exploit/stages/provisionning_cherifa/chef-repo/chefignore no files will be ignored
DEBUG: Chef::HTTP calling Chef::HTTP::JSONInput#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::JSONOutput#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::Authenticator#handle_request
DEBUG: Signing the request as exploitatos
DEBUG: Chef::HTTP calling Chef::HTTP::RemoteRequestID#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_request
DEBUG: Using 193.56.47.8:8080 for proxy
DEBUG: Initiating GET to https://accor-tools.accor.local.com/organizations/exemple/cookbooks?num_versions=all
DEBUG: ---- HTTP Request Header Data: ----
DEBUG: Accept: application/json
DEBUG: Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
DEBUG: X-Ops-Server-API-Version: 1
DEBUG: X-OPS-SIGN: algorithm=sha1;version=1.1;
DEBUG: X-OPS-USERID: exploitatos
DEBUG: X-OPS-TIMESTAMP: 2016-07-22T09:55:32Z
DEBUG: X-OPS-CONTENT-HASH: 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
DEBUG: X-OPS-AUTHORIZATION-1: wN6+mE8ziPp8U1XYHSCsggqwufVU0g2w1bIf8Zks6TGoVCfrSM+/KBQVvSzp
DEBUG: X-OPS-AUTHORIZATION-2: Yubbza1/+TXqT/BPmI3MINOrRteRkMzMjsUXcXCBOlTWfkcccu5s9kyMQsAM
DEBUG: X-OPS-AUTHORIZATION-3: DBvphpqfeMExCsqq1VilCtmKn2rPzo6N/fbX8rPszXuAtC97dxzofMLIfx1D
DEBUG: X-OPS-AUTHORIZATION-4: xhx0Wzpx8PYnIAOLyyDwnBH3t/+0X4DOMl5+JB6rJ3Oi5gqGSydrdlmhMD+K
DEBUG: X-OPS-AUTHORIZATION-5: KD64Yc3oiIy7KoRhMwi6fE7ZXlQxsu5Gv7IJok1hW6UWzuPGpz72e60IxZAH
DEBUG: X-OPS-AUTHORIZATION-6: utRPQ7mLEOhjwzqZT2R2LQUcKmcZdj0QLlMbBW7rQg==
DEBUG: HOST: accor-tools.accor.local.com:443
DEBUG: X-REMOTE-REQUEST-ID: 4f47f406-290d-4aec-87e7-799450af2949
DEBUG: ---- End HTTP Request Header Data ----
/opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:119:in error!': 503 "Service Unavailable" (Net::HTTPFatalError) from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:128:invalue’
from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:915:in connect' from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:863:indo_start’
from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:852:in start' from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:1375:inrequest’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/http/basic_client.rb:65:in request' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/http.rb:277:inblock in send_http_request’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/http.rb:308:in block in retrying_http_errors' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/http.rb:306:inloop’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/http.rb:306:in retrying_http_errors' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/http.rb:271:insend_http_request’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/http.rb:143:in request' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/http.rb:110:inget’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/cookbook_version.rb:574:in list_all_versions' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/knife/cookbook_upload.rb:103:inrun’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/knife.rb:421:in block in run_with_pretty_exceptions' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/local_mode.rb:44:inwith_server_connectivity’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/knife.rb:420:in run_with_pretty_exceptions' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/knife.rb:219:inrun’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/lib/chef/application/knife.rb:148:in run' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.8.1/bin/knife:25:in<top (required)>'
from /opt/chefdk/bin/knife:49:in load' from /opt/chefdk/bin/knife:49:in

Some HTTPS service is failing with this 503. You should check your Chef Server's logs (chef-server-ctl tail is a good place to start) for more information about this. You will either see that the request does show up in Chef Server's nginx log, in which case the erchef service may not be running or otherwise having issues, or else the request isn't showing up, in which case it could be an issue with your proxy server.