Knife bootstrap issue

#1

Hello,

I am fairly new to Chef and I am trying to bootstrap to a Linux node. I am able to run the knife bootstrap command knife bootstrap IP -x username -P password --sudo --use-sudo-password
I am able to connect to Linux node, it performs the install then I get ERROR: SSL Validation failure connecting to host: localhost - SSL_connect returned=1 errno=0 state=error: certificate verify failed.

However, my client.rb file has a flag ssl_verfy_mode :verify_none
In addition, I have logged into the Linux node, ran knife ssl fetch and knife ssl check obtaining the Chef Server certificate but I am still getting the SSL connection error.

Any help would be greatly appreciated.

#2

Did you try bootstrapping using the hostname instead of the IP address? While it is possible to attach an SSL certificate to an IP address I am not sure chef will function that way.

#3

I have tried both FQDN and IP but same results.

#4

Is it possible for you to prove the stacktrace and just remove any identifiable information. It would make this easier to troubleshoot.

#5

Sounds like your chef server may have a self signed cert? Try adding --node-ssl-verify-mode none to your bootstrap command. If that doesn't fix it. Try adding -V -V to generate a debug output. should tell you what the SSL error is exactly.

#6

Since I added the --node-ssl-verify-mode none within the bootstrap command I now get a 401 unauthorized. Here is the stacktrace output

chef-stacktrace.out
Generated at 2019-05-07 13:26:23 -0400
Net::HTTPServerException: 401 "Unauthorized"
/opt/chef/embedded/lib/ruby/2.5.0/net/http/response.rb:122:in error!' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/http.rb:152:inrequest'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/http.rb:115:in get' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/node.rb:590:inload'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/node.rb:574:in find_or_create' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/policy_builder/dynamic.rb:72:inload_node'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/client.rb:472:in load_node' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/client.rb:267:inrun'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application.rb:303:in run_with_graceful_exit_option' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application.rb:279:inblock in run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/local_mode.rb:44:in with_server_connectivity' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application.rb:261:inrun_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application/client.rb:449:in run_application' /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/lib/chef/application.rb:66:inrun'
/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.12.9/bin/chef-client:25:in `<top (required)>'

#7

This would imply that the chef-validator.pem key is incorrect.
You will also want to add -N <nodename>
Have you put your ORG-validator.pem key and your user.pem key in your ~/.chef directory

https://docs.chef.io/chefdk_setup.html is a great resource.

#8

Solved, apparently, I had a bad client.pem file on the Linux node and a bad validator.pem. Cleared those from Chef Manage and regenerated the validator.pem and I was able to successfully bootstrap.

Thanks for all the help!