Hello All -
I’m having issues running chef-client post-validation through the webUI,
wondered if anyone can spot my ‘gotcha’.
Error as reported in server.log:
~ WARNING: making https request to
https://puck.test.5to1.com/openid/server/node/Titania without verifying
server certificate; no CA path was specified.
~ Discovery failed for https://puck.XXX.XXX.com/openid/server/node/Titania:
Failed to fetch identity URL
https://puck.XXX.XXX.com/openid/server/node/Titania : Error connecting to
SSL URL https://puck.XXX.XXX.com/openid/server/node/Titania: hostname does
not match - (Merb::ControllerExceptions::BadRequest)
Error running chef-client on Titania: (Titania.XXX.XXX.com)
/usr/lib/ruby/1.8/open-uri.rb:32:in `initialize’: Permission denied -
/var/log/chef/client.log (Errno::EACCES)
(let me know if trace is important)
@Titania: openssl s_client -connect puck.XXX.XXX.com
…
CN result:
subject=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./emailAddress=ops@
issuer=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./emailAddress=ops@
Notes:
OS: Ubuntu 8.10
Puck and Titania are on the same subnet
I'm guessing that you may need to update /etc/chef/server.rb to
include your openid provider.
openid_providers [ "https://puck.test.5to1.com/openid/" ]
On Wed, Jun 17, 2009 at 1:16 PM, Joseph Smithjoseph.smith@5to1.com wrote:
Hello All -
I'm having issues running chef-client post-validation through the webUI,
wondered if anyone can spot my 'gotcha'.
Error as reported in server.log:
~ WARNING: making https request to
https://puck.test.5to1.com/openid/server/node/Titania without verifying
server certificate; no CA path was specified.
~ Discovery failed for https://puck.XXX.XXX.com/openid/server/node/Titania:
Failed to fetch identity URL
https://puck.XXX.XXX.com/openid/server/node/Titania : Error connecting to
SSL URL https://puck.XXX.XXX.com/openid/server/node/Titania: hostname does
not match - (Merb::ControllerExceptions::BadRequest)
Error running chef-client on Titania: (Titania.XXX.XXX.com)
/usr/lib/ruby/1.8/open-uri.rb:32:in `initialize': Permission denied -
/var/log/chef/client.log (Errno::EACCES)
(let me know if trace is important)
@Titania: openssl s_client -connect puck.XXX.XXX.com
...
CN result:
subject=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./emailAddress=ops@
issuer=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./emailAddress=ops@
Notes:
OS: Ubuntu 8.10
Puck and Titania are on the same subnet
It looks like you generated the certificates with capitalized
hostnames that are not fully qualified, which is your issue. The SSL
certificate must match the fqdn you are using in chef - so try again
with certificates build for cn=puck.xxx.xxx.com.
Adam
On Wed, Jun 17, 2009 at 10:16 AM, Joseph Smithjoseph.smith@5to1.com wrote:
Hello All -
I'm having issues running chef-client post-validation through the webUI,
wondered if anyone can spot my 'gotcha'.
Error as reported in server.log:
~ WARNING: making https request to
https://puck.test.5to1.com/openid/server/node/Titania without verifying
server certificate; no CA path was specified.
~ Discovery failed for https://puck.XXX.XXX.com/openid/server/node/Titania:
Failed to fetch identity URL
https://puck.XXX.XXX.com/openid/server/node/Titania : Error connecting to
SSL URL https://puck.XXX.XXX.com/openid/server/node/Titania: hostname does
not match - (Merb::ControllerExceptions::BadRequest)
Error running chef-client on Titania: (Titania.XXX.XXX.com)
/usr/lib/ruby/1.8/open-uri.rb:32:in `initialize': Permission denied -
/var/log/chef/client.log (Errno::EACCES)
(let me know if trace is important)
@Titania: openssl s_client -connect puck.XXX.XXX.com
...
CN result:
subject=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./emailAddress=ops@
issuer=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./emailAddress=ops@
Notes:
OS: Ubuntu 8.10
Puck and Titania are on the same subnet
--
Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-4759 E: adam@opscode.com
Hello Joseph,
Your 'CN=Puck.' isn't a fully qualified domain. You can specify this
for the SSL certificate request in a json file per the Chef
Installation document.
I ran into similar troubles on EC2 nodes where the internal hostname
contained upcase letters (ie, domU-xx-xx-xx). Forcing these to be
lowercase via the json file (chef server_fqdn, for example) resolved
the issue for me.
On Jun 17, 2009, at 11:16 AM, Joseph Smith wrote:
Hello All -
I'm having issues running chef-client post-validation through the
webUI, wondered if anyone can spot my 'gotcha'.
Error as reported in server.log:
~ WARNING: making https request to https://puck.test.5to1.com/openid/server/node/Titania
without verifying server certificate; no CA path was specified.
~ Discovery failed for https://puck.XXX.XXX.com/openid/server/node/Titania
: Failed to fetch identity URL https://puck.XXX.XXX.com/openid/server/node/Titania
: Error connecting to SSL URL https://puck.XXX.XXX.com/openid/server/node/Titania
: hostname does not match - (Merb::ControllerExceptions::BadRequest)
Error running chef-client on Titania: (Titania.XXX.XXX.com)
/usr/lib/ruby/1.8/open-uri.rb:32:in `initialize': Permission denied
- /var/log/chef/client.log (Errno::EACCES)
(let me know if trace is important)
@Titania: openssl s_client -connect puck.XXX.XXX.com
...
CN result:
subject=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./
emailAddress=ops@
issuer=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./
emailAddress=ops@
Notes:
OS: Ubuntu 8.10
Puck and Titania are on the same subnet
--
Opscode, Inc
Joshua Timberman, Senior System Engineer
C: 720.878.4322 E: joshua@opscode.com
Also, capital letters are not valid in hostnames.
Adam
On Wed, Jun 17, 2009 at 11:05 AM, Joshua Timbermanjoshua@opscode.com wrote:
Hello Joseph,
Your 'CN=Puck.' isn't a fully qualified domain. You can specify this for the
SSL certificate request in a json file per the Chef Installation document.
I ran into similar troubles on EC2 nodes where the internal hostname
contained upcase letters (ie, domU-xx-xx-xx). Forcing these to be lowercase
via the json file (chef server_fqdn, for example) resolved the issue for me.
On Jun 17, 2009, at 11:16 AM, Joseph Smith wrote:
Hello All -
I'm having issues running chef-client post-validation through the webUI,
wondered if anyone can spot my 'gotcha'.
Error as reported in server.log:
~ WARNING: making https request to
https://puck.test.5to1.com/openid/server/node/Titania without verifying
server certificate; no CA path was specified.
~ Discovery failed for
https://puck.XXX.XXX.com/openid/server/node/Titania: Failed to fetch
identity URL https://puck.XXX.XXX.com/openid/server/node/Titania : Error
connecting to SSL URL https://puck.XXX.XXX.com/openid/server/node/Titania:
hostname does not match - (Merb::ControllerExceptions::BadRequest)
Error running chef-client on Titania: (Titania.XXX.XXX.com)
/usr/lib/ruby/1.8/open-uri.rb:32:in `initialize': Permission denied -
/var/log/chef/client.log (Errno::EACCES)
(let me know if trace is important)
@Titania: openssl s_client -connect puck.XXX.XXX.com
...
CN result:
subject=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./emailAddress=ops@
issuer=/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=Puck./emailAddress=ops@
Notes:
OS: Ubuntu 8.10
Puck and Titania are on the same subnet
--
Opscode, Inc
Joshua Timberman, Senior System Engineer
C: 720.878.4322 E: joshua@opscode.com
--
Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-4759 E: adam@opscode.com