Specifying policy group and policy name in json file

akajain · November 17, 2017, 1:26pm

I have created a first-boot.json file with y policy group and policy name in it

{
   "policy_group": "0.1.55",
   "policy_name": "am-chef-0.1.42"
}

I am trying to run chef-client -j first-boot.json on the client node and I keep getting

Chef::PolicyBuilder::Policyfile::ConfigurationError: Error loading policyfile from policy_groups/0.1.55/policies/am-chef-0.1.42: Net::HTTPServerException - 404 "Object Not Found"

Though this policy is visible when I run a chef show-policy command on chef server. Is this because I am running chef-client command on node and node is not aware of what policies are there on server?

kallistec · November 20, 2017, 12:02am

Chef client knows how to download the policy. Some possibilities for what’s going wrong include:

Wrong Chef Server, if you have several
Wrong organization name
You uploaded your policy and cookbooks in the legacy policyfile mode (policy_document_native_api false in a config file)

One thing you can do to help check things out is run knife raw policy_groups/0.1.55/policies/am-chef-0.1.42 on the machine you run chef push from, it should return the policy lockfile. If that doesn’t work then perhaps you have the policy group or name slightly wrong.

akajain · November 20, 2017, 8:56am

@kallistec when I run knife raw command on my chef server I get the same error specifying that the policy does not exist. But when I use chef show-policy am_chef_client command on chef server I get the following output

am_chef_client
===============
* am-chef-0.1.42:   cf2883e1bb

so it looks like the policy does exist on the chef server. Not sure if its just the directory path which its not identifying. I am using chef-client -j first-boot.json command to bootstrap a node using user data where my json file specifies the policy group and the policy which needs to be applied.

akajain · November 20, 2017, 1:32pm

And also where can I find all such endpoints ? policy_groups/policy_group/policies/policy_name. I tried looking for this here https://docs.chef.io/api_chef_server.html#policies . But the syntax you mentioned doesn’t seem to be here.

akajain · November 20, 2017, 3:05pm

ok I was able to fix the policy not found error. but I would like to understand the list of REQUEST_PATH for knife raw command

kallistec · November 20, 2017, 3:57pm

You were looking in the right place, seems we just missed it in the docs. You can file an issue for that here: https://github.com/chef/chef-web-docs/issues

akajain · November 22, 2017, 3:29pm

@kallistec This issue still persists. I mis-interpreted the output.

Some further debugging gave:

knife list /polices lists the policy correctly
/policies/am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067.json

knife list /policy_groups outputs
/policy_groups/AM-chef-0.1.57.json

knife show /policy_groups/AM-chef-0.1.57.json outputs
"am_chef_client": { "revision_id": "2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067" }

knife show /policies/am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067.json outputs a correct json.

So that means policy and the policy groups exists on chef server. Now I have put the same in first-boot.json

{
  "policy_group": "AM-chef-0.1.57",
  "policy_name": "am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067"
}

but this gives me

`Chef::PolicyBuilder::Policyfile::ConfigurationError: Error loading policyfile from `policy_groups/AM-chef-0.1.57/policies/am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067': Net::HTTPServerException - 404 "Object Not Found"`

The same error I get when I try to use

knife raw policy_groups/AM-chef-0.1.57/policies/am_chef_client-2f8eebded82d305ad8affe82c25ce18f7abf45cd2bc877a9f1ea7f21a8175067

I am not sure what am I missing here. Any help would be appreciated.

kallistec · November 22, 2017, 11:38pm

Based on this, your policy group is called am_chef_client and your policy name is am-chef-0.1.42

Based on the way you’re naming things and what you’re attempting to do, it looks like you have a bit of misunderstanding of how things get versioned with policyfiles. The basic goal is that you should need to do the least amount of manually copying version numbers as possible. To do that, policy versions are automatically computed and assigned to a policy group when you run chef push You can then promote that through your policy groups to control which nodes get which versions of a policy. So in 99% of cases you don’t need to do any manual versioning of things aside from the regular flow.

akajain · November 23, 2017, 5:25am

ok so my mistake was I was putting policy version with policy name (the long UUID string). Skipping that UUID things worked for me . Thanks @kallistec

Topic		Replies	Views
A little fuzzy on managing policy_group Chef Infra (archive)	2	483	May 1, 2017
Policyfile: client.rb not updated when policy changes Chef Infra (archive)	1	372	August 21, 2019
Bootstrap doesn't permanent set policy_name and policy_group Chef Infra (archive)	2	500	June 5, 2017
Failing to feed run_list to first-boot.json from userdata Chef Infra (archive)	3	1785	January 21, 2012
Removing node from Policy/-group Chef Infra (archive)	0	399	June 25, 2019

Specifying policy group and policy name in json file

Related Topics