Knife bootstrap issue



I am fairly new to Chef and I am trying to bootstrap to a Linux node. I am able to run the knife bootstrap command knife bootstrap IP -x username -P password --sudo --use-sudo-password
I am able to connect to Linux node, it performs the install then I get ERROR: SSL Validation failure connecting to host: localhost - SSL_connect returned=1 errno=0 state=error: certificate verify failed.

However, my client.rb file has a flag ssl_verfy_mode :verify_none
In addition, I have logged into the Linux node, ran knife ssl fetch and knife ssl check obtaining the Chef Server certificate but I am still getting the SSL connection error.

Any help would be greatly appreciated.


Did you try bootstrapping using the hostname instead of the IP address? While it is possible to attach an SSL certificate to an IP address I am not sure chef will function that way.


I have tried both FQDN and IP but same results.


Is it possible for you to prove the stacktrace and just remove any identifiable information. It would make this easier to troubleshoot.


Sounds like your chef server may have a self signed cert? Try adding --node-ssl-verify-mode none to your bootstrap command. If that doesn't fix it. Try adding -V -V to generate a debug output. should tell you what the SSL error is exactly.


Since I added the --node-ssl-verify-mode none within the bootstrap command I now get a 401 unauthorized. Here is the stacktrace output

Generated at 2019-05-07 13:26:23 -0400
Net::HTTPServerException: 401 "Unauthorized"
/opt/chef/embedded/lib/ruby/2.5.0/net/http/response.rb:122:in error!' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/http.rb:152:inrequest'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/http.rb:115:in get' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/node.rb:590:inload'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/node.rb:574:in find_or_create' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/policy_builder/dynamic.rb:72:inload_node'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/client.rb:472:in load_node' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/client.rb:267:inrun'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application.rb:303:in run_with_graceful_exit_option' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application.rb:279:inblock in run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/local_mode.rb:44:in with_server_connectivity' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application.rb:261:inrun_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application/client.rb:449:in run_application' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application.rb:66:inrun'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/bin/chef-client:25:in `<top (required)>'


This would imply that the chef-validator.pem key is incorrect.
You will also want to add -N <nodename>
Have you put your ORG-validator.pem key and your user.pem key in your ~/.chef directory is a great resource.


Solved, apparently, I had a bad client.pem file on the Linux node and a bad validator.pem. Cleared those from Chef Manage and regenerated the validator.pem and I was able to successfully bootstrap.

Thanks for all the help!