I am new to Chef and am evaluating it for future use at my company. Over the last week I have found a few useful tutorials to get me going. One in-particular is the EC2 Bootstrap guide which I’ve used with varied success.
Next I create a run list to install the apache2 cookbook since that is the web server I am most comfortable with. The run list looks good so I move to Step 6 of the tutorial which allows me to execute “chef-client” remotely for the node I spun up. The command it says to use is:
knife ssh name:NODENAME -x ubuntu “sudo chef-client” -a ec2.public_hostname
The “-a ec2.public_hostname” is suppose to tell knife to use the public hostname of the server since the FDQN is set to the internal ip address. The problem is that it does not work. I instead get the following error
“FATAL: 1 node found, but does not have the required attribute to establish the connection. Try setting another attribute to open the connection using --attribute.”
Googling has given me no useful information. I looked at the node attributes via the web browser on opscode.com and notice an ec2 node attributes with no value, and wonder if that’s suppose to be a json valued key/pair list.
So it seems either something is broken with knife-ec2 or I am missing something minor. I would really appreciate any insight anyone has on how to get this command to work.
I am new to Chef and am evaluating it for future use at my company. Over the last week I have found a few useful tutorials to get me going. One in-particular is the EC2 Bootstrap guide which I've used with varied success.
Next I create a run list to install the apache2 cookbook since that is the web server I am most comfortable with. The run list looks good so I move to Step 6 of the tutorial which allows me to execute "chef-client" remotely for the node I spun up. The command it says to use is:
knife ssh name:NODENAME -x ubuntu "sudo chef-client" -a ec2.public_hostname
The "-a ec2.public_hostname" is suppose to tell knife to use the public hostname of the server since the FDQN is set to the internal ip address. The problem is that it does not work. I instead get the following error
"FATAL: 1 node found, but does not have the required attribute to establish the connection. Try setting another attribute to open the connection using --attribute."
Googling has given me no useful information. I looked at the node attributes via the web browser on opscode.com and notice an ec2 node attributes with no value, and wonder if that's suppose to be a json valued key/pair list.
So it seems either something is broken with knife-ec2 or I am missing something minor. I would really appreciate any insight anyone has on how to get this command to work.
I am new to Chef and am evaluating it for future use at my company. Over the last week I have found a few useful tutorials to get me going. One in-particular is the EC2 Bootstrap guide which I've used with varied success.
Next I create a run list to install the apache2 cookbook since that is the web server I am most comfortable with. The run list looks good so I move to Step 6 of the tutorial which allows me to execute "chef-client" remotely for the node I spun up. The command it says to use is:
knife ssh name:NODENAME -x ubuntu "sudo chef-client" -a ec2.public_hostname
The "-a ec2.public_hostname" is suppose to tell knife to use the public hostname of the server since the FDQN is set to the internal ip address. The problem is that it does not work. I instead get the following error
"FATAL: 1 node found, but does not have the required attribute to establish the connection. Try setting another attribute to open the connection using --attribute."
Googling has given me no useful information. I looked at the node attributes via the web browser on opscode.com and notice an ec2 node attributes with no value, and wonder if that's suppose to be a json valued key/pair list.
So it seems either something is broken with knife-ec2 or I am missing something minor. I would really appreciate any insight anyone has on how to get this command to work.
I think the issue may be related to the use of a VPC. I believe you
have to assign an EIP to an instance in a VPC to have a public
resolvable CNAME associated with the instance.
I think the issue may be related to the use of a VPC. I believe you
have to assign an EIP to an instance in a VPC to have a public
resolvable CNAME associated with the instance.
It does have a public CNAME though. If I go to the control panel and click on the instance The instance info has.
Public DNS:ec2-54-218-44-44.us-west-2.compute.amazonaws.com
So it is getting a host name and an IP address. I am fully able to ssh into the machine and run "chef-client" manually, so it's not a problem of it not getting an IP address it's a problem of Chef not retaining that information.
Thanks
James
On Jun 20, 2013, at 6:25 AM, Kevin Karwaski wrote:
I think the issue may be related to the use of a VPC. I believe you
have to assign an EIP to an instance in a VPC to have a public
resolvable CNAME associated with the instance.
Also, Looking at the AWS panel I have no assigned Elastic IPs, so it's not a vpc server even though it says vpc_id I believe that all regular ec2 instances run on an amazon owned vpc and not a customer configured vpc if that makes any sense. Meaning Amazon itself uses a non customer managed vpc to manage non vpc instances.
james
On Jun 20, 2013, at 6:31 AM, Kevin Karwaski wrote:
It looks like EC2 instances launched in non-default VPCs do not
receive public addressing:
I think the issue may be related to the use of a VPC. I believe you
have to assign an EIP to an instance in a VPC to have a public
resolvable CNAME associated with the instance.
Also, Looking at the AWS panel I have no assigned Elastic IPs, so it's not a vpc server even though it says vpc_id I believe that all regular ec2 instances run on an amazon owned vpc and not a customer configured vpc if that makes any sense. Meaning Amazon itself uses a non customer managed vpc to manage non vpc instances.
james
On Jun 20, 2013, at 6:31 AM, Kevin Karwaski wrote:
It looks like EC2 instances launched in non-default VPCs do not
receive public addressing:
I think the issue may be related to the use of a VPC. I believe you
have to assign an EIP to an instance in a VPC to have a public
resolvable CNAME associated with the instance.
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran “knife ec2 server list” I get
Instance ID Name Public IP Private IP Flavor Image SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don’t understand why it’s not in the meta data.
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
Here's what ohai is grabbing:
This is what I see when I hit the metadata store on an EC2 instance:
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't understand why it's not in the meta data.
Thank you for all your help. I did some digging and I got it to work. It was related to vpc, and I'll go ahead an explain it in detail so others don't have to spend 3 days banging their heads against the wall.
Amazon sets "default" vpcs for all regions except "N. Virginia". I use using "Oregon" (us-west2). I tried to delete the vpc but got some nasty warning. It seems that you are unable to delete these VPCs because if you do you won't be able to create EC2 instances in those regions anymore.
After changing my knife.rb file to use us-east-1c and generating a new pem file. I was able to execute the knife file to remotely execute chef-client. So the moral of the story is use "us-east" region until there is a work around for these other regions.
Again, thank you very much.
James
On Jun 20, 2013, at 7:02 AM, Kevin Karwaski wrote:
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't understand why it's not in the meta data.
Thank you for all your help. I did some digging and I got it to work. It was related to vpc, and I'll go ahead an explain it in detail so others don't have to spend 3 days banging their heads against the wall.
Amazon sets "default" vpcs for all regions except "N. Virginia". I use using "Oregon" (us-west2). I tried to delete the vpc but got some nasty warning. It seems that you are unable to delete these VPCs because if you do you won't be able to create EC2 instances in those regions anymore.
After changing my knife.rb file to use us-east-1c and generating a new pem file. I was able to execute the knife file to remotely execute chef-client. So the moral of the story is use "us-east" region until there is a work around for these other regions.
Again, thank you very much.
James
On Jun 20, 2013, at 7:02 AM, Kevin Karwaski wrote:
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't understand why it's not in the meta data.
FWIW, OHAI discovery works for me on regions other than us-east-1 (I have
some instances in us-west-1 and in eu-west-1). I don't have any VPCs there,
though. Maybe this works the way you describe only for VPC-enabled accounts?
Thank you for all your help. I did some digging and I got it to work.
It was related to vpc, and I'll go ahead an explain it in detail so others
don't have to spend 3 days banging their heads against the wall.
Amazon sets "default" vpcs for all regions except "N. Virginia". I use
using "Oregon" (us-west2). I tried to delete the vpc but got some nasty
warning. It seems that you are unable to delete these VPCs because if you
do you won't be able to create EC2 instances in those regions anymore.
After changing my knife.rb file to use us-east-1c and generating a new
pem file. I was able to execute the knife file to remotely execute
chef-client. So the moral of the story is use "us-east" region until there
is a work around for these other regions.
Again, thank you very much.
James
On Jun 20, 2013, at 7:02 AM, Kevin Karwaski wrote:
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image
SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small
ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't
understand why it's not in the meta data.
I don't ever remember asking for vpc enabled account, how do I turn that off? It made me real miserable for 3 days.
Thanks
James
On Jun 20, 2013, at 11:25 PM, Maciej Pasternacki wrote:
FWIW, OHAI discovery works for me on regions other than us-east-1 (I have some instances in us-west-1 and in eu-west-1). I don't have any VPCs there, though. Maybe this works the way you describe only for VPC-enabled accounts?
-- M
On 20 June 2013 16:03, Kevin Karwaski kkarwaski@fiksu.com wrote:
Your welcome! Thanks for sharing some of your findings!
Thank you for all your help. I did some digging and I got it to work. It was related to vpc, and I'll go ahead an explain it in detail so others don't have to spend 3 days banging their heads against the wall.
Amazon sets "default" vpcs for all regions except "N. Virginia". I use using "Oregon" (us-west2). I tried to delete the vpc but got some nasty warning. It seems that you are unable to delete these VPCs because if you do you won't be able to create EC2 instances in those regions anymore.
After changing my knife.rb file to use us-east-1c and generating a new pem file. I was able to execute the knife file to remotely execute chef-client. So the moral of the story is use "us-east" region until there is a work around for these other regions.
Again, thank you very much.
James
On Jun 20, 2013, at 7:02 AM, Kevin Karwaski wrote:
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't understand why it's not in the meta data.
I don't ever remember asking for vpc enabled account, how do I turn that
off? It made me real miserable for 3 days.
Thanks
James
On Jun 20, 2013, at 11:25 PM, Maciej Pasternacki wrote:
FWIW, OHAI discovery works for me on regions other than us-east-1 (I have
some instances in us-west-1 and in eu-west-1). I don't have any VPCs there,
though. Maybe this works the way you describe only for VPC-enabled accounts?
Thank you for all your help. I did some digging and I got it to work.
It was related to vpc, and I'll go ahead an explain it in detail so others
don't have to spend 3 days banging their heads against the wall.
Amazon sets "default" vpcs for all regions except "N. Virginia". I use
using "Oregon" (us-west2). I tried to delete the vpc but got some nasty
warning. It seems that you are unable to delete these VPCs because if you
do you won't be able to create EC2 instances in those regions anymore.
After changing my knife.rb file to use us-east-1c and generating a new
pem file. I was able to execute the knife file to remotely execute
chef-client. So the moral of the story is use "us-east" region until there
is a work around for these other regions.
Again, thank you very much.
James
On Jun 20, 2013, at 7:02 AM, Kevin Karwaski wrote:
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image
SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small
ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't
understand why it's not in the meta data.
I don't ever remember asking for vpc enabled account, how do I turn that
off? It made me real miserable for 3 days.
Thanks
James
On Jun 20, 2013, at 11:25 PM, Maciej Pasternacki wrote:
FWIW, OHAI discovery works for me on regions other than us-east-1 (I have
some instances in us-west-1 and in eu-west-1). I don't have any VPCs there,
though. Maybe this works the way you describe only for VPC-enabled accounts?
Thank you for all your help. I did some digging and I got it to work.
It was related to vpc, and I'll go ahead an explain it in detail so others
don't have to spend 3 days banging their heads against the wall.
Amazon sets "default" vpcs for all regions except "N. Virginia". I use
using "Oregon" (us-west2). I tried to delete the vpc but got some nasty
warning. It seems that you are unable to delete these VPCs because if you
do you won't be able to create EC2 instances in those regions anymore.
After changing my knife.rb file to use us-east-1c and generating a new
pem file. I was able to execute the knife file to remotely execute
chef-client. So the moral of the story is use "us-east" region until there
is a work around for these other regions.
Again, thank you very much.
James
On Jun 20, 2013, at 7:02 AM, Kevin Karwaski wrote:
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image
SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small
ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't
understand why it's not in the meta data.
Here's a blog post from Amazon describing the new VPC behavior and
probably why you are seeing different behavior with different regions.
I haven't dealt with it yet so, I'm not sure how to address the
changes when using knife.
"The default VPC features are available to new AWS customers and
existing customers launching instances in a Region for the first time.
If you’ve previously launched an EC2 instance in a Region or
provisioned ELB, RDS, or ElastiCache in a Region, we won’t create a
default VPC for you in that Region.
If you are an existing AWS customer and you want to start gaining
experience with this new behavior, you have two options. You can
create a new AWS account or you can pick a Region that you haven't
used (as defined above). You can see the set of available platforms in
the AWS Management Console (this information is also available through
the EC2 APIs and from the command line). Be sure to check the
Supported Platforms and Default VPC values for your account to see how
your account is configured in a specific Region."
I don't ever remember asking for vpc enabled account, how do I turn that
off? It made me real miserable for 3 days.
Thanks
James
On Jun 20, 2013, at 11:25 PM, Maciej Pasternacki wrote:
FWIW, OHAI discovery works for me on regions other than us-east-1 (I have
some instances in us-west-1 and in eu-west-1). I don't have any VPCs there,
though. Maybe this works the way you describe only for VPC-enabled accounts?
Thank you for all your help. I did some digging and I got it to work.
It was related to vpc, and I'll go ahead an explain it in detail so others
don't have to spend 3 days banging their heads against the wall.
Amazon sets "default" vpcs for all regions except "N. Virginia". I use
using "Oregon" (us-west2). I tried to delete the vpc but got some nasty
warning. It seems that you are unable to delete these VPCs because if you
do you won't be able to create EC2 instances in those regions anymore.
After changing my knife.rb file to use us-east-1c and generating a new
pem file. I was able to execute the knife file to remotely execute
chef-client. So the moral of the story is use "us-east" region until there
is a work around for these other regions.
Again, thank you very much.
James
On Jun 20, 2013, at 7:02 AM, Kevin Karwaski wrote:
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image
SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small
ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't
understand why it's not in the meta data.
Thank you Alex, some good information there. I am not sure how to handle the changes, but for the moment as long as I know what the problem is I can avoid it during the learning process. and revisit it when we are ready to start spinning our services.
Thanks
James
On Jun 20, 2013, at 11:45 PM, Alex Koch wrote:
Here's a blog post from Amazon describing the new VPC behavior and
probably why you are seeing different behavior with different regions.
I haven't dealt with it yet so, I'm not sure how to address the
changes when using knife.
"The default VPC features are available to new AWS customers and
existing customers launching instances in a Region for the first time.
If you’ve previously launched an EC2 instance in a Region or
provisioned ELB, RDS, or ElastiCache in a Region, we won’t create a
default VPC for you in that Region.
If you are an existing AWS customer and you want to start gaining
experience with this new behavior, you have two options. You can
create a new AWS account or you can pick a Region that you haven't
used (as defined above). You can see the set of available platforms in
the AWS Management Console (this information is also available through
the EC2 APIs and from the command line). Be sure to check the
Supported Platforms and Default VPC values for your account to see how
your account is configured in a specific Region."
I don't ever remember asking for vpc enabled account, how do I turn that
off? It made me real miserable for 3 days.
Thanks
James
On Jun 20, 2013, at 11:25 PM, Maciej Pasternacki wrote:
FWIW, OHAI discovery works for me on regions other than us-east-1 (I have
some instances in us-west-1 and in eu-west-1). I don't have any VPCs there,
though. Maybe this works the way you describe only for VPC-enabled accounts?
Thank you for all your help. I did some digging and I got it to work.
It was related to vpc, and I'll go ahead an explain it in detail so others
don't have to spend 3 days banging their heads against the wall.
Amazon sets "default" vpcs for all regions except "N. Virginia". I use
using "Oregon" (us-west2). I tried to delete the vpc but got some nasty
warning. It seems that you are unable to delete these VPCs because if you
do you won't be able to create EC2 instances in those regions anymore.
After changing my knife.rb file to use us-east-1c and generating a new
pem file. I was able to execute the knife file to remotely execute
chef-client. So the moral of the story is use "us-east" region until there
is a work around for these other regions.
Again, thank you very much.
James
On Jun 20, 2013, at 7:02 AM, Kevin Karwaski wrote:
Ohai should be capturing this info from the on-instance EC2 metadata
store; from the output of your curl command above it looks like that
info is not present on your instance. You ran that curl command from
the EC2 instance, right?
<?xml version="1.0" encoding="iso-8859-1"?>
404 - Not Found
404 - Not Found
I ran "knife ec2 server list" I get
Instance ID Name Public IP Private IP Flavor Image
SSH Key Security Groups State
i-22371517 i-22371517 54.218.44.44 172.31.41.147 m1.small
ami-70f96e40 awsjames default running
So it sees the server sees the public IP address I just don't
understand why it's not in the meta data.