I think I see the issue - all the files on the node (which is ubuntu) are
owned by root.
I think I have two choices, change them to chef/chef or use the "sudo"
option.
?
On Thu, Sep 22, 2011 at 11:28 AM, Aaron Abramson aabramson@wi-figuys.comwrote:
C:\chef>knife ssh "role:" "sudo
chef-client" -P
knife sudo password:
Enter your password:
[Thu, 22 Sep 2011 10:23:14 -0400] INFO: *** Chef 0.10.4 ***
[Thu, 22 Sep 2011 10:23:15 -0400] INFO: HTTP Request Returned
401 Unauthorized: Failed to authenticate. Ensure that your client key is
valid.
[Thu, 22 Sep 2011 10:23:15 -0400] FATAL: Stacktrace dumped to
/var/cache/chef/chef-stacktrace.out
[Thu, 22 Sep 2011 10:23:15 -0400] FATAL:
Net::HTTPServerException: 401 "Unauthorized"knife ssh "role:" "sudo chef-client" -P
As Denis said, you're successfully connecting to the server with your users
password. And you can see that it executed "sudo chef-client", and then was
waiting for input for the "sudo password".Update your sudoers file to grant passwordless sudo access for your user.
But, since you're not defining a username for knife ssh (ie -x ubuntu, or
-x admin), knife is SSH'ing as root. So your command really should be:knife ssh "role:" "chef-client" -P
Since you're already the root user on the remote machine, and have no need
to "sudo" to gain superuser privileges again.On Sep 22, 2011, at 10:02 AM, Denis Barishev wrote:
Hello Maven,
On 09/22/2011 06:26 PM, Maven User wrote:
Jessica - thank you so much!
The learning curve has felt very steep, these types of exchanges have
helped me out a ton.The final thread/step in this process is getting around having to specify
my password when running knife.So when I do something like:
C:\chef>knife ssh "role:" "sudo
chef-client"
WARNING: Failed to connect to node[] --
Net::SSH::AuthenticationFailed: @But when I do this:
C:\chef>knife ssh "role:" "sudo
chef-client" -P
knife sudo password:
Enter your password:
[Thu, 22 Sep 2011 10:23:14 -0400] INFO: *** Chef 0.10.4 ***
[Thu, 22 Sep 2011 10:23:15 -0400] INFO: HTTP Request Returned
401 Unauthorized: Failed to authenticate. Ensure that your client key is
valid.
[Thu, 22 Sep 2011 10:23:15 -0400] FATAL: Stacktrace dumped to
/var/cache/chef/chef-stacktrace.out
[Thu, 22 Sep 2011 10:23:15 -0400] FATAL:
Net::HTTPServerException: 401 "Unauthorized"Isn't the authorization handled via the pem files or do I need to set up
ssh keys as well?As I can see you have successfully run a knife ssh command by suppling the
right password. You mus provide knife ssh with either a password or pem key
path (-i option). Here you can see that knife ssh has sshed into the node
and tried to run chef-client there but it failed. The reason is probably
that you haven't configured chef-client there. Make sure you have the right
chef configuration directory with client.rb and validation/client key on the
remote machine.Denis
On Wed, Sep 21, 2011 at 4:41 PM, Jessica Bourne jessica@opscode.comwrote:
Hi Maven,
I completely agree, we've been working on separating instructions based
on OS as well as type of install (client vs workstation). This should make
it clearer what is needed to run both. Client has chef-client configured so
they can run recipes, and workstations have knife configured so they can
manage the nodes. It isn't necessary to run both on a node unless you want
to run recipes on it and manage other nodes from it. The directions
currently explain how to set the node up with both, but it may not be needed
depending on what you want to do with your install.The instructions on the Installation on Windows page will guide you
through almost everything you need for a workstation, except for SSH
and bootstrapping new nodes from it. I'd recommend installing the gems on
the knife page, you will definitely need at least the net-ssh packages to
use SSH. Afterwards you can confirm you can SSH, and then follow the knife
windows bootstrap guide to bootstrap new nodes with knife if needed. The
gems really should be included on the Installation on Windows page to make
this clearer.The knife windows bootstrap page is separate because not everyone who
installs Windows will need to bootstrap new Windows nodes. This page can be
used on Mac or Linux as well, to bootstrap new Windows nodes from that
workstation instead. If you do decide to bootstrap new nodes from this
machine you will need 1.9.X, but otherwise you can use Ruby 1.8.7 without
issues. It really just depends on how you'd like to have your nodes
managed.If you have a Mac or Linux machine available, you could always just try
setting it up as the workstation instead and then using the knife-windows
bootstrap plugin to bootstrap new nodes as clients from it as there is a bit
more documentation on those OSes right now. If you did it this way no
configuration should be needed on the Windows machine except for SSH or
WinRM access, and the bootstrap plugin would install ruby, gems, and
chef-client. It would not configure knife though, so you'd need to manage
the nodes from the Linux/Mac workstation in this type of setup.If you're still getting errors after installing those gems on Windows,
feel free to update this thread with some more information on the errors you
are getting.Thanks,
JessicaOn Wed, Sep 21, 2011 at 10:15 AM, Maven User maven.2.user@gmail.comwrote:
By the way - this page:
http://wiki.opscode.com/display/chef/Installation+on+Windows
Suggests ruby 1.8.7, but then this one:
http://wiki.opscode.com/display/chef/Knife+Windows+Bootstrap
Requires 1.9.X+
:-/
On Wed, Sep 21, 2011 at 9:44 AM, Maven User maven.2.user@gmail.comwrote:
Cool - I'd love to help out in any way to document this process (it's
been pretty painful).FWIW - it'd be HUGELY helpful if all instructions for each platform were
organized by platform.Right now, there are "how to setup chef on windows", a "knife-windows"
and then finally a generalized "knife" pages. All of which have little bits
needed to get things working successfully on windows (something I still
haven't managed).Just so I'm clear - I can jump right to the link below to set up knife
on windows? Then I have to go to the generalized Knife page and also
install those gems?On Tue, Sep 20, 2011 at 6:35 PM, Jessica Bourne jessica@opscode.comwrote:
Hi Maven,
We've actually been working on updating our installation
instructions, including the documentation on Windows. They won't be
completed for a few more weeks, but I'll be sure to review this thread once
they are in draft so we can be sure your concerns are addressed.The gems listed on the knife doc are necessary, some of them are what
enable you to ssh from that node. If you're still getting errors after
installing the gems on the knife page, feel free to respond to this thread
with the command you are using and the error you are getting, as well as the
Windows version. Without specific errors it can be difficult to figure out
why knife ssh is failing on that node.Knife-windows is used to bootstrap new windows nodes, more
information on it can be found on this wiki page:
http://wiki.opscode.com/display/chef/Knife+Windows+BootstrapThanks,
JessicaOn Tue, Sep 20, 2011 at 11:18 AM, Maven User maven.2.user@gmail.comwrote:
It gets even more confusing.
So it starts there but talks about knife-windows (is that absolutely
necessary?) then if you click into the standard "knife" documentation,
there's a big blue box that states "Knife requires some extra gems!" - are
those required if you don't plan on doing any cloud work? I've noticed on
windows, I can't do "knife ssh" without errors but I'm done flailing and
don't want to just run off and start installing gems.On Tue, Sep 20, 2011 at 1:19 PM, Maven User maven.2.user@gmail.comwrote:
http://wiki.opscode.com/display/chef/Installation+on+Windows
??
On Tue, Sep 20, 2011 at 12:28 PM, Daniel DeLeo dan@kallistec.comwrote:
On Monday, September 19, 2011 at 10:37 AM, Maven User wrote:
Thanks again for all the tips up until this point - the
documentation for knife usage on windows is really confusing.It just skips from running the client install/setup to running
knife commands - nothing about the "knife configure -i" step.I'm also not sure if this is expected behavior but the windows
guide talks about C:\chef.chef yet knife creates a lot of things in ~/.chef
(in windows).Do things need to be replicated between these two areas or did I
make a mistake?What documentation are you using?
--
Dan DeLeo