Register chef client to server failed


#1

the chef client first run need register to chef server, i am suffering a problem.

My step is:
1.create a barebone /etc/chef/chient.rb:
log_level :info
log_location STDOUT
chef_server_url ‘http:// ip-172-31-9-42’
validation_client_name ‘validation.pem’

note:the validation.pem from chef server /etc/chef/

  1. and use the command to register: chef-client -120

Chef encountered an error attempting to create the client “ip-172-31-14-120.cn-north-1.compute.internal”

System Info:

chef_version=14.0.190
ruby=ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
program_name=chef-client worker: ppid=5225;start=01:53:26;
executable=/opt/chef/bin/chef-client

Running handlers:
[2018-04-13T01:53:27+00:00] ERROR: Running exception handlers
Running handlers complete
[2018-04-13T01:53:27+00:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 01 seconds
[2018-04-13T01:53:27+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2018-04-13T01:53:27+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-04-13T01:53:27+00:00] ERROR: SSL Error connecting to https://ip-172-31-9-42/organizations/geekrainy/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)
[2018-04-13T01:53:27+00:00] ERROR: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

Starting Chef Client, version 14.0.190
Creating a new client identity for ip-172-31-14-120.cn-north-1.compute.internal using the validator key.
[2018-04-13T01:55:29+00:00] ERROR: SSL Validation failure connecting to host: ip-172-31-9-42 - SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)


#2

Your error is that the chef-client is rejecting the chef-server’s SSL
certificate for being self-signed:

ERROR: SSL Validation failure connecting to host: ip-172-31-9-42 -
SSL_connect returned=1 errno=0 state=error: certificate verify failed (self
signed certificate)

you can resolve this by either replacing the certificate with one issued
from a CA, or by telling the node to skip ssl verification.

to skip verification add ssl_verify_mode :verify_none

You could also add the Chef-Server’s certificate into the node’s trusted
certificates.


#3

Thank you very much! the registering is successfully!