Problem starting chef-client in Getting Started with EC2 Rails Infrastructure


#1

I think I followed all the instructions between Getting Started with
EC2 Rails Infrastructure and Chef 0.7.0 on EC2 Rails Infrastructure
Notes

When I got to the instruction to run chef-client:
chef-client -t cat /etc/chef/validation_token -j config/
ops_master.json

I get the error:
/usr/lib/ruby/1.8/net/http.rb:2097:in error!': 401 "Authorization Required" (Net::HTTPServerException) from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/rest.rb:232:inrun_request’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/rest.rb:95:in
post_rest' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/client.rb:227:inauthenticate’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/client.rb:74:in
run' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/application/ client.rb:163:inrun_application’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/application/
client.rb:161:in loop' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/application/ client.rb:161:inrun_application’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/application.rb:
53:in run' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/bin/chef-client:26 from /usr/bin/chef-client:19:inload’
from /usr/bin/chef-client:19

It wasn’t clear that if I was using the roles stuff if I still need to
edit config/ops_master.json or leave it as:
{
“run_list”: [ “role[base]”, “role[ops_master]” ]
}

Also its not really clear how to set up the user associated with
$ldap_user. Do you need to create the home dir manually before doing
the .ssh stuff? If so where does the userid of the chown come from?
From ldap? If so its not working for me maybe because I didn’t get
the chef-client to run properly?

Thanks!


Robert J Berger - CTO
Runa.com (Solana Systems Corp)
+1 408-838-8896
http://blog.ibd.com / http://www.runa.com


#2

Hiya!

On 14/07/2009, at 8:31 PM, Robert J Berger wrote:

I think I followed all the instructions between Getting Started with
EC2 Rails Infrastructure and Chef 0.7.0 on EC2 Rails Infrastructure
Notes

When I got to the instruction to run chef-client:
chef-client -t cat /etc/chef/validation_token -j config/
ops_master.json

I get the error:
/usr/lib/ruby/1.8/net/http.rb:2097:in error!': 401 "Authorization Required" (Net::HTTPServerException) from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/rest.rb:232:inrun_request’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/rest.rb:95:in
post_rest' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/client.rb: 227:inauthenticate’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/client.rb:
74:in run' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/application/ client.rb:163:inrun_application’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/application/
client.rb:161:in loop' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/application/ client.rb:161:inrun_application’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/lib/chef/application.rb:
53:in run' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.0/bin/chef-client:26 from /usr/bin/chef-client:19:inload’
from /usr/bin/chef-client:19

This error means your client is not authorized - navigate to your chef
server and ‘validate’ the registration.

A validation token will only work for the first run if an invalid
registration does not already exist on the Chef Server.

It wasn’t clear that if I was using the roles stuff if I still need
to edit config/ops_master.json or leave it as:
{
“run_list”: [ “role[base]”, “role[ops_master]” ]
}

Not sure what you mean here?

Also its not really clear how to set up the user associated with
$ldap_user. Do you need to create the home dir manually before doing
the .ssh stuff? If so where does the userid of the chown come from?
From ldap? If so its not working for me maybe because I didn’t get
the chef-client to run properly?

Nor this…?

Thanks!


Robert J Berger - CTO
Runa.com (Solana Systems Corp)
+1 408-838-8896
http://blog.ibd.com / http://www.runa.com


AJ Christensen, Software Engineer
Opscode, Inc.
E: aj@opscode.com


#3

On Jul 14, 2009, at 2:31 AM, Robert J Berger wrote:

I think I followed all the instructions between Getting Started with
EC2 Rails Infrastructure and Chef 0.7.0 on EC2 Rails Infrastructure
Notes

Note that the 0.7.0 version is ‘old’ - we’re ramping up to release
0.7.6 soon, and that particular AMI is a work in progress.

It wasn’t clear that if I was using the roles stuff if I still need
to edit config/ops_master.json or leave it as:
{
“run_list”: [ “role[base]”, “role[ops_master]” ]
}

In the 0.6.2 “version” of the AMI, we use site-cookbooks to tell chef
about base and ops_master, but 0.7.x will use the new roles feature.

Also its not really clear how to set up the user associated with
$ldap_user. Do you need to create the home dir manually before doing
the .ssh stuff? If so where does the userid of the chown come from?
From ldap? If so its not working for me maybe because I didn’t get
the chef-client to run properly?

The “$ldap_user” is the one you created by editing the openldap.ldif
file and adding to the LDAP server, on the ops_master. Once clients
run Chef the first time, they’ll be configured to connect to the LDAP
server and the user will be there, though the home directory and SSH
keys won’t. We leave this as an open task so you can build upon the
site-cookbooks by adding user home directories and ssh keys, though
that is still undocumented.


Opscode, Inc
Joshua Timberman, Senior Solutions Engineer
C: 720.878.4322 E: joshua@opscode.com