Specifying policy group and policy name in json file


#1

I have created a first-boot.json file with y policy group and policy name in it

{
   "policy_group": "0.1.55",
   "policy_name": "am-chef-0.1.42"
}

I am trying to run chef-client -j first-boot.json on the client node and I keep getting

Chef::PolicyBuilder::Policyfile::ConfigurationError: Error loading policyfile from policy_groups/0.1.55/policies/am-chef-0.1.42: Net::HTTPServerException - 404 "Object Not Found"

Though this policy is visible when I run a chef show-policy command on chef server. Is this because I am running chef-client command on node and node is not aware of what policies are there on server?


#2

Chef client knows how to download the policy. Some possibilities for what’s going wrong include:

  • Wrong Chef Server, if you have several
  • Wrong organization name
  • You uploaded your policy and cookbooks in the legacy policyfile mode (policy_document_native_api false in a config file)

One thing you can do to help check things out is run knife raw policy_groups/0.1.55/policies/am-chef-0.1.42 on the machine you run chef push from, it should return the policy lockfile. If that doesn’t work then perhaps you have the policy group or name slightly wrong.


#3

@kallistec when I run knife raw command on my chef server I get the same error specifying that the policy does not exist. But when I use chef show-policy am_chef_client command on chef server I get the following output

am_chef_client
===============
* am-chef-0.1.42:   cf2883e1bb

so it looks like the policy does exist on the chef server. Not sure if its just the directory path which its not identifying. I am using chef-client -j first-boot.json command to bootstrap a node using user data where my json file specifies the policy group and the policy which needs to be applied.


#4

And also where can I find all such endpoints ? policy_groups/policy_group/policies/policy_name. I tried looking for this here https://docs.chef.io/api_chef_server.html#policies . But the syntax you mentioned doesn’t seem to be here.


#5

ok I was able to fix the policy not found error. but I would like to understand the list of REQUEST_PATH for knife raw command


#6

You were looking in the right place, seems we just missed it in the docs. You can file an issue for that here: https://github.com/chef/chef-web-docs/issues


#7

@kallistec This issue still persists. I mis-interpreted the output.

Some further debugging gave:

knife list /polices lists the policy correctly
/policies/am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067.json

knife list /policy_groups outputs
/policy_groups/AM-chef-0.1.57.json

knife show /policy_groups/AM-chef-0.1.57.json outputs
"am_chef_client": { "revision_id": "2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067" }

knife show /policies/am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067.json outputs a correct json.

So that means policy and the policy groups exists on chef server. Now I have put the same in first-boot.json

{
  "policy_group": "AM-chef-0.1.57",
  "policy_name": "am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067"
}

but this gives me

`Chef::PolicyBuilder::Policyfile::ConfigurationError: Error loading policyfile from `policy_groups/AM-chef-0.1.57/policies/am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067': Net::HTTPServerException - 404 "Object Not Found"`

The same error I get when I try to use

knife raw policy_groups/AM-chef-0.1.57/policies/am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067

I am not sure what am I missing here. Any help would be appreciated.


#8

Based on this, your policy group is called am_chef_client and your policy name is am-chef-0.1.42

Based on the way you’re naming things and what you’re attempting to do, it looks like you have a bit of misunderstanding of how things get versioned with policyfiles. The basic goal is that you should need to do the least amount of manually copying version numbers as possible. To do that, policy versions are automatically computed and assigned to a policy group when you run chef push You can then promote that through your policy groups to control which nodes get which versions of a policy. So in 99% of cases you don’t need to do any manual versioning of things aside from the regular flow.


#9

ok so my mistake was I was putting policy version with policy name (the long UUID string). Skipping that UUID things worked for me . Thanks @kallistec