[Solved] Chef-server fails to create new user

I installed chef-server and ran the reconfigure command. But when I try to create the admin with the following command -
chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME
I get this error -
ERROR: Error connecting to https://127.0.0.1/users/, retry 1/5
.
.
.
ERROR: Errno::ECONNRESET: Error connecting to https://127.0.0.1/users/ - Connection reset by peer - SSL_connect

May be try http in localhost

Hi ,

Can you paste here the knife.rb file and hostname of your chef-server machine…I think its trying to connect local host rather than your chef-server IP.

Hi,

I’ve just installed chef following the chef rally tutorials. So I haven’t explored knife yet. I’ve done a standalone installation. After facing this error, I edited the /etc/opscode/chef-server.rb file (which was originally empty) and added the following…
server_name = "chef(DOT)controller(DOT)com"
lb[‘vip’]=server_name
#api_fqdn = server_name
notification_email = “NO-REPLY-CHEF@example(DOT)com”
#######################
## nginx configuration #
########################
nginx[‘url’] = "https://#{server_name}"
nginx[‘server_name’] = server_name
nginx[‘ssl_port’]=443

After this the IP address in the error changed to Error connecting to https://chef(DOT)controller(DOT)com/users/ - Connection reset by peer - SSL_connect

My hostname is chef(DOT)controller(DOT)com

I also modified the url in /etc/opscode/pivotal.rb hoping to fix the issue but it didn’t work either.
node_name "pivotal"
chef_server_url "https://chef(DOT)controller(DOT)com:443"
chef_server_root "https://chef(DOT)controller(DOT)com:443"
no_proxy "chef(DOT)controller(DOT)com"
client_key key.path
ssl_verify_mode :verify_none

Hi,

I would double check to make sure you have a resolvable hostname and FQDN (via the hostname and hostname -f commands, respectively).

I suspect that the issue is here:

lb[‘vip’]=server_name

This setting is meant for specifying a virtual IP address. Unless you have a specific reason not to, it’s a safe bet that you should get rid of this and let Chef server default to listening on localhost. If you’re setting this to use "“chef(DOT)controller(DOT)com” and it’s not working, I suspect that this goes back to the resolvability / fqdn issue.

In addition to confirming the output of hostname -f, it would be helpful to see the output for these commands:

  • chef-server-ctl status
  • chef-server-ctl tail nginx

Also, just to confirm - make sure you’re running chef-server-ctl reconfigure after applying any changes.

Hi,

Thanks for your response.

I checked my hostname as you asked and got this response - chef(dot)controller(dot)com
So I guess hostname is not an issue.
After that I ran chef-server-ctl status which gave this output:
run: bookshelf: (pid 985) 41s; run: log: (pid 984) 41s
run: nginx: (pid 3056) 2s; run: log: (pid 986) 41s
run: oc_bifrost: (pid 1007) 41s; run: log: (pid 1006) 41s
run: oc_id: (pid 1046) 41s; run: log: (pid 1008) 41s
run: opscode-erchef: (pid 998) 41s; run: log: (pid 997) 41s
run: opscode-expander: (pid 1005) 41s; run: log: (pid 1004) 41s
run: opscode-solr4: (pid 991) 41s; run: log: (pid 990) 41s
run: postgresql: (pid 1000) 41s; run: log: (pid 999) 41s
run: rabbitmq: (pid 982) 41s; run: log: (pid 981) 41s
run: redis_lb: (pid 994) 41s; run: log: (pid 993) 41s

BUT…running this chef-server-ctl tail nginx returned an error.

==> /var/log/opscode/nginx/error.log <==
2017/07/26 21:00:19 [emerg] 3108#0: still could not bind()
2017/07/26 21:00:21 [emerg] 3111#0: bind() to 0.0.0.0:80 failed (98: Address already in use)

==> /var/log/opscode/nginx/rewrite-port-80.log <==
127.0.0.1 - - [22/Jul/2017:14:00:57 +0530] “GET / HTTP/1.1” 301 191 “-” "curl/7.29.0"
127.0.0.1 - - [22/Jul/2017:14:01:07 +0530] “GET / HTTP/1.1” 301 191 “-” “curl/7.29.0”

==> /var/log/opscode/nginx/current <==
2017-07-26_15:30:21.52031 nginx: [emerg] still could not bind()
2017-07-26_15:30:21.67545 nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

So I ran netstat -tulpn | grep :80 and saw that httpd was listening on the port.
tcp6 0 0 :::80 :::* LISTEN 958/httpd

I stopped httpd and ran chef-server-ctl tail nginx to see if it worked but I got the same error as above. So I executed chef-server-ctl reconfigure hoping to fix it but it didn’t work.

I again ran netstat -tulpn | grep :80 to check what was occupying port 80 and got this result.
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3995/nginx: master

Now I’m really confused as to how nginx can listen on the same port and log that it failed to bind.

There’s definitely some additional tweaking involved if you want to run Chef server alongside other stuff, particularly another web server. The first thing I’d do is get rid of the extra stuff you’ve added to chef-server.rb and pivotal.rb, and then do another chef-server-ctl reconfigure, just to get you back to a mostly default setup.

Assuming that you do want to run Chef server alongside Apache in the long run, what you’d need to do is change the ports that nginx uses:

nginx['non_ssl_port'] = 7001
nginx['ssl_port'] = 7002

7001 and 7002 are just example ports here. Whatever you select, be sure to check it against the ports that Chef uses.

1 Like

Thanks for all the help! I finally got it working.
This is how I did it.
I restored my VM to a cleaner state. Then stopped apache service, set my hostname and then ran the user create cmd. Worked like a charm!

Glad to hear it’s working! Marking this as solved.