Re: Why don't work search and how to search in run_list (for example with knife search)?


#1

Hello,

This is by design - if search were to return nodes which haven’t run
the recipe yet, you could very easily imagine a situation where other
services start failing, because it can’t access a database server, or
a load balancer is pointing at nodes which don’t even have the service
running yet.

There may be a way to force the issue and search for nodes who don’t
have the recipe run yet, however usually when I hear of people wanting
to do this, they are looking for immediate configuration to be
performed, instead of assuming eventual infrastructure consistency.
This means running the server’s chef-client, running it on the client,
and then re-running it on the server. Often this is accomplished by
having chef-client be scheduled every 5 minutes or every hour.

Consider it pessimistic view:

Either it:

  1. assumes the chef-client will prepare the node for service very
    soon, and potentially causes failures in your infrastructure
  2. it makes no assumption about the state of the node, and simply
    recognizes that it simply isn’t ready for service yet

Does this make sense?


Graham Christensen


#2

On 19.08.2013 17:24, Graham Christensen wrote:

Hello,

This is by design - if search were to return nodes which haven’t run
the recipe yet, you could very easily imagine a situation where other
services start failing,
What services you mean (chef-server services or may be other bacula for
example)?

because it can’t access a database server, or
What database it can’t access chef-server ?
a load balancer is pointing at nodes which don’t even have the service
running yet.
I don’t know about load balancers. Because I install chef server by
trivial instruction on the opscode site.

And in the course of its operation I changed on it the DNS settings.
Because they changed in our new environment.
Probably because of it search ceased to work normally?
Or I don’t understand you ((

There may be a way to force the issue and search for nodes who don’t
have the recipe run yet,
How? How I can do this search please hep me with a command.
Only I don’t understand why it can do it is required to me (run search
command)
however usually when I hear of people wanting
to do this, they are looking for immediate configuration to be
performed,
At the beginning I thought exactly so. But now i understand that i am
not right.
instead of assuming eventual infrastructure consistency.
Where i can read about this in docs of chef ?
This means running the server’s chef-client, running it on the client,
and then re-running it on the server.
I can not understand what the client and server has in mind.

I have backup server which is do search for client’s which is has recipe
cbacula::client (he’s name is backup)

I have a server which is client of backup server named zeus

I have a chef-server. But on the chef-server i can’t run chef-client
because of errors:

srvadm@chef-server:~$ sudo chef-client
[sudo] password for srvadm:
[Mon, 19 Aug 2013 17:55:38 +0400] INFO: *** Chef 10.18.2 ***
[Mon, 19 Aug 2013 17:55:38 +0400] INFO: [inet6] no default interface,
picking the first ipaddress
[Mon, 19 Aug 2013 17:55:39 +0400] INFO: HTTP Request Returned 401
Unauthorized: Failed to authenticate. Ensure that your client key is valid.

================================================================================
Chef encountered an error attempting to load the node data for
"chef-server.example.lab"

Authentication Error:

Failed to authenticate to the chef server (http 401).

Server Response:

Failed to authenticate. Ensure that your client key is valid.

Relevant Config Settings:

chef_server_url "http://chef-server.example.lab:4000"
node_name "chef-server.example.lab"
client_key “/etc/chef/client.pem”

If these settings are correct, your client_key may be invalid.

[Mon, 19 Aug 2013 17:55:39 +0400] FATAL: Stacktrace dumped to
/var/cache/chef/chef-stacktrace.out
[Mon, 19 Aug 2013 17:55:39 +0400] FATAL: Net::HTTPServerException: 401
"Unauthorized"

I don’t know about how can run chef-client on the chef-server by default
install. My be it shouldn’t work by default. Or This is my problem
because of misspelled configuration.

I rerun chef-client on all of this servers and this don’t help me with a
knife search.

At the backup server i check this via shef -z command:

shef -z

loading configuration: /etc/chef/client.rb
Session type: client
Loading.[2013-08-19T18:01:21+04:00] INFO: [inet6] no default interface,
picking the first ipaddress
…[2013-08-19T18:01:22+04:00] INFO: Run List is [role[backup_server],
recipe[cbacula::client]]
[2013-08-19T18:01:22+04:00] INFO: Run List expands to
[cbacula::database, cbacula::director, cbacula::storage,
cbacula::webacula, cbacula::client]
[2013-08-19T18:01:22+04:00] INFO: HTTP Request Returned 404 Not Found:
No routes match the request: /reports/nodes/backup.example.lab/runs
.[2013-08-19T18:01:22+04:00] INFO: Loading cookbooks [apt, aws,
build-essential, cbacula, database, mysql, openssl, postgresql, xfs]
[2013-08-19T18:01:22+04:00] INFO: Storing updated
cookbooks/cbacula/recipes/director.rb in the cache.
[2013-08-19T18:01:22+04:00] INFO: Storing updated
cookbooks/cbacula/recipes/webacula.rb in the cache.
[2013-08-19T18:01:23+04:00] INFO: Storing updated
cookbooks/cbacula/recipes/database.rb in the cache.
.[2013-08-19T18:01:23+04:00] INFO: Storing updated
cookbooks/cbacula/metadata.rb in the cache.
done.

This is shef, the Chef shell.
Chef Version: 10.18.2
http://www.opscode.com/chef
http://wiki.opscode.com/display/chef/Home

run help' for help,exit’ or ^D to quit.

Ohai2u srvadm@backup.example.lab!
chef > var = search(:node, ‘recipes:cbacula::client’)
=> [node[backup.example.lab]]
chef >

If you can see i it also return only one client.

Often this is accomplished by
having chef-client be scheduled every 5 minutes or every hour.

Chef-server receives data from chef-clients after they will be started
at the end of running process.
This is not work in my variant. Search was not work.
You meant that I must start it on clients every hour?
I think this is optional.

Consider it pessimistic view:

Either it:

  1. assumes the chef-client will prepare the node for service very
    soon, and potentially causes failures in your infrastructure
    If I understand you - i am too think that this no good idea - to run
    chef-client by cron (for example)
  2. it makes no assumption about the state of the node, and simply
    recognizes that it simply isn’t ready for service yet

Does this make sense?

Partly yes - but the question remains for me open

Thank you for participate.


Best regards,

CVisionLab System Administrator
Vladmir Skubriev