What are all the required ports to be open so the node/client can communicate back to the Chef server?
We have new Windows Server VMs in Azure, and port 5985 was opened so that the Chef server can connect to and bootstrap the Azure VMs. But what ports are required so the VMs (nodes) can connect back to the Chef server? We had port 443 opened and confirmed that we can connect to the Chef server using telnet <ip of chef server> 443. However, after bootstrap, the nodes are not appearing in the Chef server UI, so this makes me think we need addition ports open, or does something else need to be done to port 443 by the firewall team?
I’ve confirmed that the bootstrap completely successfully, as I’ve been able to run chef-client and deploy cookbooks/recipes on these nodes, so my guess is that the node data is not getting posted back to the chef server. Does posting the node data back to the chef server do so over 80/443? What else might prevent the node data from being posted back to the chef server?
Also, in my PowerShell console, if I run knife node list or knife node show <node> I can see these new nodes. Just can’t see them in the Chef UI.
Wow! -VV produces a lot of output. I’ll examine the log output and ask our Chef/Cloud Architects to run chef-server-ctl tail nginx on the chef server (I don’t have access). Thanks for the tip, Jake!
How do you deploy a cookbook to a node if the node isn’t even showing up in chef server?
Can you post the chef-client command line that you are using on the node? Also check your /etc/chef/client.rb file if it points to the correct chef server.
Also pay attention to the output of chef-client. It may run almost to the end, and then fail just before posting the data back to the server. But even for that to happen, the node would at least have to exist on the chef-server.