Knife bootstrap windows winrm fails


#1

Hi

I am bootstrapping one windows node. But it is failing with following error.

*** Chef 12.5.1 ***
Chef-client pid: 4080
Client key C:\chef\client.pem is not present - registering
Failed to register new client, 4 tries remaining
Response: HTTP 502 - 502 "Proxy Error ( The ISA Server denied the specified Uniform Resource Locator (URL).

What should I do to correct it?

P.S.I am not using Chef management console.

Regards
Manish


#2

You have a proxy blocking communication from the node to the chef server…


#3

But I can ping my Chef server from node and vice versa.
How can I resolve it? Any thoughts about that?


#4

I can’t tell what configuration you’re on, are you using an internal chef server or hosted chef ? Do you need to go through your proxy or not to communicate with the chef server ?

If you can ping, just add your chef-server url to the no_proxy variable (if you wish chef to use proxy)


#5

I am working with internal chef server. I have very limited rights on Chef server. Probably I will ask infrastructure team to add chef-server url to the no_proxy variable. If it doesn’t work, I will try to bootstrap nodes with Custom Template.

Thanks Tensibai


#6

I mean on the client side, see –bootstrap-no-proxy for knife bootstrap option and client.rb docs for more details.


#7

Hi Tensibai

This is how my bootstrap command looks like:

knife boots trap windows winrm FQDN -x “domain\username” -P “password” --bootstrap-no-proxy --msi-url https://nexus.xyz.org/nexus/se
rvice/local/repositories/Test/content/Chef_Client/chef-client-12.5.1-1-x86/12.5.1/chef-client-12.5.1-1-x86-12.5.1-x86.msi

I am getting same error:

Failed to register new client, 3 tries remaining
Response: HTTP 502 - 502 "Proxy Error ( The ISA Server denied the specified Uniform Resource Locator (URL).
ERROR: Failed to execute command on FQDN return code 1

Any Suggestions?


#8

--bootstrap-no-proxy need an argument, the list of domain for which it should not use the proxy, if your chef server url is fully qualified and in the same domain as your nexus I would add global.tesco.org or even tesco.org if there's only internal (no proxy needed) addresses under this domain.


#9

Kudos. It worked. Thanks

I guess this would be my last doubt in this thread:

I gave following commands while creating chef server:
chef-server-ctl user-create manish manish mehra name@something.com password -f admin.pem
chef-server-ctl org-create tpo tpo --association_user manish -f validator.pem

And my knife.rb looks like this:

current_dir = File.dirname(FILE)
log_level :info
log_location STDOUT
node_name "manish"
client_key "E:/chef-repo/.chef/admin.pem"
validation_client_name "validator"
validation_key "E:/chef-repo/.chef/validator.pem"
chef_server_url "https://somewhere/organizations/tpo"
syntax_check_cache_path "#{ENV[‘HOME’]}/^.chef/syntaxcache"
cookbook_path [“E:/chef-repo/cookbooks”]

I get following error:
“Ensure that your node_name and client key are correct.”

I must be doing something foolish. What is that?


#10

Hi

I have resolved the issue.
validation_client_name “validator” was the problem.
It should be validation_client_name “tpo-validator”

I am really thankful for your help @Tensibai.

Regards
Manish Mehra