New errors after upgrading Chef clients to 11.6

Chef Infra (archive)
1

I’ve upgraded to 11.6 and am getting the following out of chef-client. I
though I’d paste the whole thing since it’s short. I did try it with
:debug in client.rb, but I didn’t see anything different. It’s trying to
contact a URL on the Chef server that’s not found. I’m not sure why it’s
trying http://chef/bookshelf instead of https://192.168.0.24.

(Note that, on another node, I’m getting a “Missing Cookbooks” error,
which is perfect since the cookbook is missing, but running chef-client
on that node appears to be working.)

Has anyone a suggestion? I see this unresolved ticket:
https://tickets.opscode.com/browse/CHEF-4069.

Many thanks.

root@db-1:/etc/chef# dpkg --list | grep chef
ii chef 11.6.0-1.ubuntu.12.04 The full stack of chef

root@db-1:/etc/chef# cat client.rb
log_level :info
log_location STDOUT
chef_server_url 'https://192.168.0.24:443
validation_client_name ‘chef-validator’

root@db-1:/etc/chef# chef-client
[2013-09-04T21:08:01-06:00] INFO: Forking chef instance to converge…
Starting Chef Client, version 11.6.0
[2013-09-04T21:08:01-06:00] INFO: *** Chef 11.6.0 ***
[2013-09-04T21:08:02-06:00] INFO: Run List is [recipe[apt],
recipe[mongodb::replica], role[install-database], role[install-replica]]
[2013-09-04T21:08:02-06:00] INFO: Run List expands to [apt,
mongodb::replica, mongodb]
[2013-09-04T21:08:02-06:00] INFO: Starting Chef Run for db-1
[2013-09-04T21:08:02-06:00] INFO: Running start handlers
[2013-09-04T21:08:02-06:00] INFO: Start handlers complete.
resolving cookbooks for run list: [“apt”, “mongodb::replica”, “mongodb”]
[2013-09-04T21:08:02-06:00] INFO: Loading cookbooks [apt, mongodb,
mongodb-10gen]
Synchronizing Cookbooks:

================================================================================
Error Syncing Cookbooks:

Networking Error:*
-----------------
**Error connecting to
https://chef/bookshelf/organization-00000000000000000000000000000000/checksum-6b7eab5f2d0d2fcfc27536c2f7372e88?AWSAccessKeyId=e30390185df9b3263bec503c5af5cf1873922cdf&Expires=1378351380&Signature=MNR9N44JeEKH8rczpTVZB5loUb0%3D

  • getaddrinfo: Name or service not known*

Your chef_server_url may be misconfigured, or the network could be down.

Relevant Config Settings:

chef_server_url “https://192.168.0.24:443

[2013-09-04T21:08:02-06:00] ERROR: Running exception handlers
[2013-09-04T21:08:02-06:00] ERROR: Exception handlers complete
[2013-09-04T21:08:02-06:00] FATAL: Stacktrace dumped to
/var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated
[2013-09-04T21:08:02-06:00] FATAL: Chef::Exceptions::ChildConvergeError:
Chef run process exited unsuccessfully (exit code 1)

root@db-1:/etc/chef# ping 192.168.0.24
PING 192.168.0.24 (192.168.0.24) 56(84) bytes of data.
64 bytes from 192.168.0.24: icmp_req=1 ttl=64 time=0.141 ms
64 bytes from 192.168.0.24: icmp_req=2 ttl=64 time=0.165 ms
64 bytes from 192.168.0.24: icmp_req=3 ttl=64 time=0.168 ms
^C
— 192.168.0.24 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.141/0.158/0.168/0.012 ms
root@db-1:/etc/chef# telnet 192.168.0.24 443
Trying 192.168.0.24…
Connected to 192.168.0.24.
Escape character is ‘^]’.
^C
Connection closed by foreign host.

2

check the chef wiki for chef-server.rb, change bookshelf url there, and
run sudo chef-server-ctl reconfigure

On Wed, Sep 4, 2013 at 8:34 PM, Russell Bateman russ@windofkeltia.comwrote:

I've upgraded to 11.6 and am getting the following out of chef-client. I
though I'd paste the whole thing since it's short. I did try it with :debug
in client.rb, but I didn't see anything different. It's trying to contact a
URL on the Chef server that's not found. I'm not sure why it's trying
http://chef/bookshelf instead of https://192.168.0.24.

(Note that, on another node, I'm getting a "Missing Cookbooks" error,
which is perfect since the cookbook is missing, but running chef-client on
that node appears to be working.)

Has anyone a suggestion? I see this unresolved ticket:
https://tickets.opscode.com/browse/CHEF-4069.

Many thanks.

root@db-1:/etc/chef# dpkg --list | grep chef
ii chef 11.6.0-1.ubuntu.12.04 The full
stack of chef

root@db-1:/etc/chef# cat client.rb
log_level :info
log_location STDOUT
chef_server_url 'https://192.168.0.24:443'
validation_client_name 'chef-validator'

root@db-1:/etc/chef# chef-client
[2013-09-04T21:08:01-06:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 11.6.0
[2013-09-04T21:08:01-06:00] INFO: *** Chef 11.6.0 ***
[2013-09-04T21:08:02-06:00] INFO: Run List is [recipe[apt],
recipe[mongodb::replica], role[install-database], role[install-replica]]
[2013-09-04T21:08:02-06:00] INFO: Run List expands to [apt,
mongodb::replica, mongodb]
[2013-09-04T21:08:02-06:00] INFO: Starting Chef Run for db-1
[2013-09-04T21:08:02-06:00] INFO: Running start handlers
[2013-09-04T21:08:02-06:00] INFO: Start handlers complete.
resolving cookbooks for run list: ["apt", "mongodb::replica", "mongodb"]
[2013-09-04T21:08:02-06:00] INFO: Loading cookbooks [apt, mongodb,
mongodb-10gen]
Synchronizing Cookbooks:

================================================================================
Error Syncing Cookbooks:

================================================================================

Networking Error:*
-----------------
**Error connecting to
https://chef/bookshelf/organization-00000000000000000000000000000000/checksum-6b7eab5f2d0d2fcfc27536c2f7372e88?AWSAccessKeyId=e30390185df9b3263bec503c5af5cf1873922cdf&Expires=1378351380&Signature=MNR9N44JeEKH8rczpTVZB5loUb0%3D- getaddrinfo: Name or service not known
*

Your chef_server_url may be misconfigured, or the network could be down.

Relevant Config Settings:

chef_server_url "https://192.168.0.24:443" https://192.168.0.24:443

[2013-09-04T21:08:02-06:00] ERROR: Running exception handlers
[2013-09-04T21:08:02-06:00] ERROR: Exception handlers complete
[2013-09-04T21:08:02-06:00] FATAL: Stacktrace dumped to
/var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated
[2013-09-04T21:08:02-06:00] FATAL: Chef::Exceptions::ChildConvergeError:
Chef run process exited unsuccessfully (exit code 1)

root@db-1:/etc/chef# ping 192.168.0.24
PING 192.168.0.24 (192.168.0.24) 56(84) bytes of data.
64 bytes from 192.168.0.24: icmp_req=1 ttl=64 time=0.141 ms
64 bytes from 192.168.0.24: icmp_req=2 ttl=64 time=0.165 ms
64 bytes from 192.168.0.24: icmp_req=3 ttl=64 time=0.168 ms
^C
--- 192.168.0.24 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.141/0.158/0.168/0.012 ms
root@db-1:/etc/chef# telnet 192.168.0.24 443
Trying 192.168.0.24...
Connected to 192.168.0.24.
Escape character is '^]'.
^C
Connection closed by foreign host.

3

Ah, thanks for replying. I did see a post on stackoverflow.com
discussing /chef-server.rb/, but the problem wasn't exactly or even
related, I think, to mine. As it sits, my Chef server installation,
which is 11.0.8-1, does not have this file. At //etc/chef/, I see
nothing. At //etc/chef-server/, I see

/admin.pem//
//chef-server-running.json//
//chef-server-secrets.json//
//chef-validator.pem//
//chef-webui.pem//
/

Did I succeed in misinstalling? (I used dpkg on Ubuntu Precise server.)
Note that the web UI works perfectly well at this point and, as I say
below, other stuff works like knife and even chef-client from other nodes.

On 9/4/2013 10:36 PM, Ranjib Dey wrote:

check the chef wiki for chef-server.rb, change bookshelf url there,
and run sudo chef-server-ctl reconfigure

On Wed, Sep 4, 2013 at 8:34 PM, Russell Bateman <russ@windofkeltia.com
mailto:russ@windofkeltia.com> wrote:

I've upgraded to 11.6 and am getting the following out of
chef-client. I though I'd paste the whole thing since it's short.
I did try it with :debug in client.rb, but I didn't see anything
different. It's trying to contact a URL on the Chef server that's
not found. I'm not sure why it's trying http://chef/bookshelf
instead of https://192.168.0.24.

(Note that, on another node, I'm getting a "Missing Cookbooks"
error, which is perfect since the cookbook is missing, but running
chef-client on that node appears to be working.)

Has anyone a suggestion? I see this unresolved ticket:
https://tickets.opscode.com/browse/CHEF-4069.

Many thanks.



*root@db-1:/etc/chef# dpkg --list | grep chef*
ii  chef 11.6.0-1.ubuntu.12.04        The full stack of chef

*root@db-1:/etc/chef# cat client.rb*
log_level        :info
log_location     STDOUT
chef_server_url  'https://192.168.0.24:443'
validation_client_name 'chef-validator'

*root@db-1:/etc/chef# chef-client*
[2013-09-04T21:08:01-06:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 11.6.0
[2013-09-04T21:08:01-06:00] INFO: *** Chef 11.6.0 ***
[2013-09-04T21:08:02-06:00] INFO: Run List is [recipe[apt],
recipe[mongodb::replica], role[install-database],
role[install-replica]]
[2013-09-04T21:08:02-06:00] INFO: Run List expands to [apt,
mongodb::replica, mongodb]
[2013-09-04T21:08:02-06:00] INFO: Starting Chef Run for db-1
[2013-09-04T21:08:02-06:00] INFO: Running start handlers
[2013-09-04T21:08:02-06:00] INFO: Start handlers complete.
resolving cookbooks for run list: ["apt", "mongodb::replica",
"mongodb"]
[2013-09-04T21:08:02-06:00] INFO: Loading cookbooks [apt, mongodb,
mongodb-10gen]
Synchronizing Cookbooks:

================================================================================
Error Syncing Cookbooks:
================================================================================

*Networking Error:**
**-----------------**
**Error connecting to
https://chef/bookshelf/organization-00000000000000000000000000000000/checksum-6b7eab5f2d0d2fcfc27536c2f7372e88?AWSAccessKeyId=e30390185df9b3263bec503c5af5cf1873922cdf&Expires=1378351380&Signature=MNR9N44JeEKH8rczpTVZB5loUb0%3D
- getaddrinfo: Name or service not known*

*Your chef_server_url may be misconfigured, or the network could
be down.*


Relevant Config Settings:
-------------------------
chef_server_url "https://192.168.0.24:443" <https://192.168.0.24:443>


[2013-09-04T21:08:02-06:00] ERROR: Running exception handlers
[2013-09-04T21:08:02-06:00] ERROR: Exception handlers complete
[2013-09-04T21:08:02-06:00] FATAL: Stacktrace dumped to
/var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated
[2013-09-04T21:08:02-06:00] FATAL:
Chef::Exceptions::ChildConvergeError: Chef run process exited
unsuccessfully (exit code 1)

*root@db-1:/etc/chef# ping 192.168.0.24*
PING 192.168.0.24 (192.168.0.24) 56(84) bytes of data.
64 bytes from 192.168.0.24 <http://192.168.0.24>: icmp_req=1
ttl=64 time=0.141 ms
64 bytes from 192.168.0.24 <http://192.168.0.24>: icmp_req=2
ttl=64 time=0.165 ms
64 bytes from 192.168.0.24 <http://192.168.0.24>: icmp_req=3
ttl=64 time=0.168 ms
^C
--- 192.168.0.24 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.141/0.158/0.168/0.012 ms
*root@db-1:/etc/chef# telnet 192.168.0.24 443*
Trying 192.168.0.24...
Connected to 192.168.0.24.
Escape character is '^]'.
^C
Connection closed by foreign host.
4

On Thursday, September 5, 2013 at 7:10 AM, Russell Bateman wrote:

Ah, thanks for replying. I did see a post on stackoverflow.com (http://stackoverflow.com) discussing chef-server.rb, but the problem wasn't exactly or even related, I think, to mine. As it sits, my Chef server installation, which is 11.0.8-1, does not have this file. At /etc/chef, I see nothing. At /etc/chef-server, I see

admin.pem
chef-server-running.json
chef-server-secrets.json
chef-validator.pem
chef-webui.pem
Did I succeed in misinstalling? (I used dpkg on Ubuntu Precise server.) Note that the web UI works perfectly well at this point and, as I say below, other stuff works like knife and even chef-client from other nodes.
chef-server.rb isn't created by default and if your hostname and such are correct you can run chef-server without one (default settings used). The root of the issue here is that chef-server is distributing URLs based on the server hosts view of its own FQDN. You could edit etc/hosts to have the correct hostname you want to talk to the server as and run 'chef-server-ctl reconfigure' to solve the problem as well.

--
Daniel DeLeo

5

Perfect. This fixed my problem. /etc/hosts didn't have my hostname
spelled as the client/nodename in the web UI. I also reconfigured my
Chef server, though it's unclear it needed it.

Thanks for your help, Daniel!

On 09/05/2013 04:51 PM, Daniel DeLeo wrote:

On Thursday, September 5, 2013 at 7:10 AM, Russell Bateman wrote:

Ah, thanks for replying. I did see a post on stackoverflow.com
http://stackoverflow.com discussing /chef-server.rb/, but the
problem wasn't exactly or even related, I think, to mine. As it sits,
my Chef server installation, which is 11.0.8-1, does not have this
file. At //etc/chef/, I see nothing. At //etc/chef-server/, I see

/admin.pem//
//chef-server-running.json//
//chef-server-secrets.json//
//chef-validator.pem//
//chef-webui.pem//
/

Did I succeed in misinstalling? (I used dpkg on Ubuntu Precise
server.) Note that the web UI works perfectly well at this point and,
as I say below, other stuff works like knife and even chef-client
from other nodes.
chef-server.rb isn't created by default and if your hostname and such
are correct you can run chef-server without one (default settings
used). The root of the issue here is that chef-server is distributing
URLs based on the server hosts view of its own FQDN. You could edit
etc/hosts to have the correct hostname you want to talk to the server
as and run 'chef-server-ctl reconfigure' to solve the problem as well.

--
Daniel DeLeo

6

This seems like a bug in 11.6, no? Is there a ticket open? I couldn't
find one.

On 9/6/2013 12:11 AM, Russell Bateman wrote:

Perfect. This fixed my problem. /etc/hosts didn't have my hostname
spelled as the client/nodename in the web UI. I also reconfigured my
Chef server, though it's unclear it needed it.

Thanks for your help, Daniel!

On 09/05/2013 04:51 PM, Daniel DeLeo wrote:

On Thursday, September 5, 2013 at 7:10 AM, Russell Bateman wrote:

Ah, thanks for replying. I did see a post on stackoverflow.com
http://stackoverflow.com discussing /chef-server.rb/, but the
problem wasn't exactly or even related, I think, to mine. As it sits,
my Chef server installation, which is 11.0.8-1, does not have this
file. At //etc/chef/, I see nothing. At //etc/chef-server/, I see

/admin.pem//
//chef-server-running.json//
//chef-server-secrets.json//
//chef-validator.pem//
//chef-webui.pem//
/

Did I succeed in misinstalling? (I used dpkg on Ubuntu Precise
server.) Note that the web UI works perfectly well at this point and,
as I say below, other stuff works like knife and even chef-client
from other nodes.
chef-server.rb isn't created by default and if your hostname and such
are correct you can run chef-server without one (default settings
used). The root of the issue here is that chef-server is distributing
URLs based on the server hosts view of its own FQDN. You could edit
etc/hosts to have the correct hostname you want to talk to the server
as and run 'chef-server-ctl reconfigure' to solve the problem as well.

--
Daniel DeLeo

7

On Friday, September 6, 2013 at 6:51 AM, Jeff Blaine wrote:

This seems like a bug in 11.6, no? Is there a ticket open? I couldn't
find one.

Not a chef-client bug. Arguably a bug in the server. People used to never have this problem because merb generates URLs for a response based on the Host (and related) headers in the request. This is tricky to get correct from a security perspective (cf., Skeleton Scribe: Practical HTTP Host header attacks ), but obviously the way this works currently can be confusing when things go wrong.

I've talked over a few possible resolutions with the server guys so I think we'll improve this in a future release.

--
Daniel DeLeo