How to set hostname and chef_server_url


#1

Hello,

I’m learning chef via its online tutorial Chef Server setting part in a local mode.

Why I ask this question?
when I run command knife ssl fetch on my Ubuntu 16.04 VM, , ERROR occur related to knife.rb’s chef_server_url setting.

my questions:

  1. How to set a hostname for Chef server?
    in my /etc/hosts, I have several hostnames for this VM, will Chef choose the first one when install Chef Server or just use localhost? Ask this is because the tutorial shows below lines in its install script
    until (curl -D - localhost:8000/_status) | grep “200 OK”; do sleep 15s; done
    while (curl localhost:8000/_status) | grep “fail”; do sleep 15s; done
    this really confused me a lot.

BTW, in my hosts file I use:
10.0.2.11 hdp01
hadoop, can I use this for Chef server at the same time?

  1. How to set the chef_server_url value for knife.rb once I have a valid hostname
    I tried below:
    localhost
    127.0.0.1
    https://localhost:8000
    for chef_server_url in knife.rb, but I always get error after running knife ssl fetch:
    The service at the given URI does not accept SSL connections

Would you please help me out? Thanks a lot!

David


#2

addition:

I have created organization and user and copy .pem files to .chef folder


#3

So the Chef URL will be in your knife.rb config file something similar to this:

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                "username"
chef_server_url  "https://someserver/organizations/org"
client_key "/path/to/your/pem"

for the knife ssl fetch part, you need to specify the URL for your chef instance. You can try knife ssl fetch https://localhost:8000.


#4

Thanks replying.

for the knife.rb, my question is, since I use a local VM to learn chef so I don’t have a (FQDN) but tried local hostname and don’t know how to set the chef_server_url item.

while running knife ssl fetch https://localhost:8000, got same error again.


#5

Is that port accessible from your VM on your local machine? I am not sure what hypervisor you are using but sometimes you need to setup port forwarding. I am assuming that is the case since you are using non default port 443.


#6

Actually I work in the VM not work from my windows PC via ssh connection to it.

all the settings and commands are inside the VM itself.

Also I have setup the firewall and permit all ports: 22,80,443
sudo ufw status verbose
[sudo] password for hduser:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From


22/tcp ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)

BTW, the tutorial URL is here:
https://learn.chef.io/modules/manage-a-node-chef-server/ubuntu/bring-your-own-system/set-up-your-chef-server#/

Frankly speaking this page is not so excellent as previous ones with which I learned very quickly.

I don’t think this is something complicated but basic settings, hostname and server url. Hope someone can help.


#7

Hello,

Its not clear to me what you are trying, but basically there should be two separate components :

  • Chef Server

  • Chef WorkStation

Chef Server :

  • This is where you create your organization.

  • You should then download the knife.rb for your org, which would look like :

current_dir = File.dirname(FILE)

log_level :info

log_location STDOUT

node_name “userX”

client_key “#{current_dir}/userX.pem”

chef_server_url “https://chef-server/organizations/your-org

cookbook_path ["#{current_dir}/…/cookbooks"]

Chef Workstation :

  • This is where you will develop your application

  • In the .chef directory, put the following files :

ORGANIZATION-validator.pem

USER.pem

knife.rb

You should then run the command "

knife ssl fetch

and

knife ssl check

Hope that helps.


#8

Hi David,

Can you please tell us the landscape setup you created in details?

For example:

  • Chef server on VM instance 1
  • Chef DK on your actual computer
  • Node on VM instance 2
    You cannot use localhost as chef-server name as localhost is the name of the computer when you are working on it. In simple way, for any program, localhost is the computer on which it runs. When chef-client runs on a node, that node is localhost to that program, when you use chefDK, your workstation is localhost for that program.

In your case, if you are having two servers(or VMs) in which ChefDK is installed in one, and chef-server is installed on second server, when you configure knife.rb with chef-server URL as localhost, it is pointing to the same host in which your ChefDK runs not to chef-server.

To create FQDN for your server, simply edit your /etc/hosts file to add entries something like,

192.168.0.106 chef-server.azreal.in chef-server

Here, chef-server.azreal.in is FQDN and chef-server is my hostname. Ensure that the ip address that you mention here is in the same network of your local computer.


#9

Hi Ridhulraj,

I install and setup Chef DK and Chef server all in the same VM manually. This is a simulation that all my work are in Linux.
Must I install DK and Server separately in different VMs?

And I haven’t have a chance to setup Chef nodes (another VMs) until I can access the chef server.

I will try the FQDN part from your post. If it can be easily set as this in hosts file, then can I just use https://192.168.0.106 or https://chef-server.azreal.in for the chef_server_url in knife.rb?

Then I might still get error:
The service at the given URI does not accept SSL connections
So does it relate to the Org/User pem RSA file?

Thank you so much!
David


#10

Hello David,

After changing hostname/fqdn try to run chef-server-ctl reconfigure command. Also, you might need to reset pem files after the server hostname change.

Once you done these, ensure the port 443 is open and is listening to requests. Try to run knife ssl fetch command and post output/error to check further on this.

Useful commands to troubleshoot :

  • chef-server-ctl status
  • This command shows you status of chef-server services running, to ensure all the services are up and running
  • chef-server-ctl test
  • It runs the API test suite against localhost and shows you status of all test cases, look at the failures for more details and try to troubleshoot the issue.

Regards,

Ridhul


#11

Hello Ridhul,

Sorry for replying late. I’m busy with some other things.

I have successfully get knife done. Mostly based on your knowledge/skill sharing. Thank you so much!

A bit different is, I find the settings in /etc/hosts is not valid for knife.rb, the reason is chef will use a default hostname (by run hostname command), so I easily set that name to be chef-server-url.

And very important is, as you suggested, run chef-server-ctl reconfigurate once anything changed.

Thanks again and Best Regards,

David