Vagrant and Chef client and server


#1

We have just started working with Chef and are still trying to figure it out.
We have successfully used Vagrant to created both a Chef server VM and a Chef
client VM that connects to the server. We used Vagrantfiles that we found on
the web that use the chef-server and chef-client cookbooks.

However, the client creation and connection to the server only works if the
client’s node does not exist on the server - if chef-client can create the node
on the server it works fine. But, we would like to create the node on the
server first, and populate a run list for it, before creating the VM with
Vagrant. The error I get when I try it is appended.

Does anyone know how to fix this?
Is there a better way to do it? By maybe doing less with vagrant and then using
"knife bootstrap"?

Thanks,
Jim

[2013-01-15T22:20:08+00:00] INFO: *** Chef 10.14.2 ***
[2013-01-15T22:20:08+00:00] INFO: Client key /etc/chef/client.pem is not
present - registering
[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 409 Conflict: Client
already exists
[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 403 Forbidden: You are
not allowed to take this action.

================================================================================
Chef encountered an error attempting to create the client “chefClient1”

Authorization Error:

Your validation client is not authorized to create the client for this node
(HTTP 403).

Possible Causes:

  • There may already be a client named “chefClient1”
  • Your validation client (chef-validator) may have misconfigured authorization
    permissions.
    [2013-01-15T22:20:08+00:00] FATAL: Stacktrace dumped to
    /srv/chef/file_store/chef-stacktrace.out
    [2013-01-15T22:20:08+00:00] FATAL: Net::HTTPServerException: 403 "Forbidden"
    The following SSH command responded with a non-zero exit status.
    Vagrant assumes that this means the command failed!

chef-client -c /tmp/vagrant-chef-1/client.rb -j /tmp/vagrant-chef-1/dna.json


#2

The easiest way for you to do it is to first spin up your vagrant VM with an empty run list, let it register itself into the Chef server, then do your stuff on the Chef server. Be aware that the Vagrantfile’s run_list might overwrite the one on the Chef server (haven’t tested that).

  • cassiano

On Wednesday, January 16, 2013 at 16:10, james.fluke@colostate.edu wrote:

We have just started working with Chef and are still trying to figure it out.
We have successfully used Vagrant to created both a Chef server VM and a Chef
client VM that connects to the server. We used Vagrantfiles that we found on
the web that use the chef-server and chef-client cookbooks.

However, the client creation and connection to the server only works if the
client’s node does not exist on the server - if chef-client can create the node
on the server it works fine. But, we would like to create the node on the
server first, and populate a run list for it, before creating the VM with
Vagrant. The error I get when I try it is appended.

Does anyone know how to fix this?
Is there a better way to do it? By maybe doing less with vagrant and then using
"knife bootstrap"?

Thanks,
Jim

[2013-01-15T22:20:08+00:00] INFO: *** Chef 10.14.2 ***
[2013-01-15T22:20:08+00:00] INFO: Client key /etc/chef/client.pem is not
present - registering
[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 409 Conflict: Client
already exists
[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 403 Forbidden: You are
not allowed to take this action.

================================================================================
Chef encountered an error attempting to create the client “chefClient1”

Authorization Error:

Your validation client is not authorized to create the client for this node
(HTTP 403).

Possible Causes:

  • There may already be a client named “chefClient1”
  • Your validation client (chef-validator) may have misconfigured authorization
    permissions.
    [2013-01-15T22:20:08+00:00] FATAL: Stacktrace dumped to
    /srv/chef/file_store/chef-stacktrace.out
    [2013-01-15T22:20:08+00:00] FATAL: Net::HTTPServerException: 403 "Forbidden"
    The following SSH command responded with a non-zero exit status.
    Vagrant assumes that this means the command failed!

chef-client -c /tmp/vagrant-chef-1/client.rb -j /tmp/vagrant-chef-1/dna.json


#3

On Wednesday, January 16, 2013 at 10:10 AM, james.fluke@colostate.edu wrote:

We have just started working with Chef and are still trying to figure it out.
We have successfully used Vagrant to created both a Chef server VM and a Chef
client VM that connects to the server. We used Vagrantfiles that we found on
the web that use the chef-server and chef-client cookbooks.

However, the client creation and connection to the server only works if the
client’s node does not exist on the server - if chef-client can create the node
on the server it works fine. But, we would like to create the node on the
server first, and populate a run list for it, before creating the VM with
Vagrant. The error I get when I try it is appended.

If you want to follow this approach, you need to create the client first and use it to create the node. Personally, I really like this approach, so it’s what I’m doing in my experimental rewrite of bootstrap. Relevant code is here:

BTW, please don’t use that repo in production, there’s a ton of work-in-progress, options that don’t work, etc.


Daniel DeLeo


#4

Yeah, that is the way that works for us. But, we would really like to set up the node on the server and then create the VM that goes with it. Then we could destroy the client VM and recreate it whenever we needed to without touching the server.

And, so far, the Chef server run list_gets added to the Vagrantfile run_list.

Thanks for your response.
Jim

From: Cassiano Leal [mailto:cassianoleal@gmail.com]
Sent: Wednesday, January 16, 2013 11:14 AM
To: chef@lists.opscode.com
Subject: [chef] Re: Vagrant and Chef client and server

The easiest way for you to do it is to first spin up your vagrant VM with an empty run list, let it register itself into the Chef server, then do your stuff on the Chef server. Be aware that the Vagrantfile’s run_list might overwrite the one on the Chef server (haven’t tested that).

  • cassiano

On Wednesday, January 16, 2013 at 16:10, james.fluke@colostate.edumailto:james.fluke@colostate.edu wrote:

We have just started working with Chef and are still trying to figure it out.
We have successfully used Vagrant to created both a Chef server VM and a Chef
client VM that connects to the server. We used Vagrantfiles that we found on
the web that use the chef-server and chef-client cookbooks.

However, the client creation and connection to the server only works if the
client’s node does not exist on the server - if chef-client can create the node
on the server it works fine. But, we would like to create the node on the
server first, and populate a run list for it, before creating the VM with
Vagrant. The error I get when I try it is appended.

Does anyone know how to fix this?
Is there a better way to do it? By maybe doing less with vagrant and then using
"knife bootstrap"?

Thanks,
Jim

[2013-01-15T22:20:08+00:00] INFO: *** Chef 10.14.2 ***
[2013-01-15T22:20:08+00:00] INFO: Client key /etc/chef/client.pem is not
present - registering
[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 409 Conflict: Client
already exists
[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 403 Forbidden: You are
not allowed to take this action.

================================================================================
Chef encountered an error attempting to create the client “chefClient1”

Authorization Error:

Your validation client is not authorized to create the client for this node
(HTTP 403).

Possible Causes:

  • There may already be a client named “chefClient1”
  • Your validation client (chef-validator) may have misconfigured authorization
    permissions.
    [2013-01-15T22:20:08+00:00] FATAL: Stacktrace dumped to
    /srv/chef/file_store/chef-stacktrace.out
    [2013-01-15T22:20:08+00:00] FATAL: Net::HTTPServerException: 403 "Forbidden"
    The following SSH command responded with a non-zero exit status.
    Vagrant assumes that this means the command failed!

chef-client -c /tmp/vagrant-chef-1/client.rb -j /tmp/vagrant-chef-1/dna.json


#5

If your problem is with having to manually delete the clients and nodes after you destroy a VM, might I suggest you try my own vagrant-butcher [0] gem?

It does the deleting automatically when you run vagrant destroy, no configuration or code changes needed.

Next time you spin up the same VM, it will simply re-create the client and node in the Chef server as usual. You can then leave the run list on the Vagrant file.

[0] https://rubygems.org/gems/vagrant-butcher

Cheers,

  • cassiano

On Wednesday, January 16, 2013 at 16:32, Fluke,James wrote:

Yeah, that is the way that works for us. But, we would really like to set up the node on the server and then create the VM that goes with it. Then we could destroy the client VM and recreate it whenever we needed to without touching the server.

And, so far, the Chef server run list_gets added to the Vagrantfile run_list.

Thanks for your response.
Jim

From: Cassiano Leal [mailto:cassianoleal@gmail.com]
Sent: Wednesday, January 16, 2013 11:14 AM
To: chef@lists.opscode.com (mailto:chef@lists.opscode.com)
Subject: [chef] Re: Vagrant and Chef client and server

The easiest way for you to do it is to first spin up your vagrant VM with an empty run list, let it register itself into the Chef server, then do your stuff on the Chef server. Be aware that the Vagrantfile’s run_list might overwrite the one on the Chef server (haven’t tested that).

  • cassiano

On Wednesday, January 16, 2013 at 16:10, james.fluke@colostate.edu (mailto:james.fluke@colostate.edu) wrote:

We have just started working with Chef and are still trying to figure it out.

We have successfully used Vagrant to created both a Chef server VM and a Chef

client VM that connects to the server. We used Vagrantfiles that we found on

the web that use the chef-server and chef-client cookbooks.

However, the client creation and connection to the server only works if the

client’s node does not exist on the server - if chef-client can create the node

on the server it works fine. But, we would like to create the node on the

server first, and populate a run list for it, before creating the VM with

Vagrant. The error I get when I try it is appended.

Does anyone know how to fix this?

Is there a better way to do it? By maybe doing less with vagrant and then using

“knife bootstrap”?

Thanks,

Jim

[2013-01-15T22:20:08+00:00] INFO: *** Chef 10.14.2 ***

[2013-01-15T22:20:08+00:00] INFO: Client key /etc/chef/client.pem is not

present - registering

[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 409 Conflict: Client

already exists

[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 403 Forbidden: You are

not allowed to take this action.

================================================================================

Chef encountered an error attempting to create the client “chefClient1”

================================================================================

Authorization Error:


Your validation client is not authorized to create the client for this node

(HTTP 403).

Possible Causes:


  • There may already be a client named “chefClient1”

  • Your validation client (chef-validator) may have misconfigured authorization

permissions.

[2013-01-15T22:20:08+00:00] FATAL: Stacktrace dumped to

/srv/chef/file_store/chef-stacktrace.out

[2013-01-15T22:20:08+00:00] FATAL: Net::HTTPServerException: 403 “Forbidden”

The following SSH command responded with a non-zero exit status.

Vagrant assumes that this means the command failed!

chef-client -c /tmp/vagrant-chef-1/client.rb -j /tmp/vagrant-chef-1/dna.json


#6

First, from your reply I realized that I could just remove the client and not the node from the server. That works and is a definite improvement since then I can keep the node’s run list.

But I would still prefer to not touch the server at all.

I can see how we could preserve the run lists in the Vagrant files, but then we would have to manage the Vagrant files ourselves. And, it seems like we would need to learn both Vagrant and Chef pretty well. If we could do most of it in Chef then, hopefully, it can do a lot of the management for us, and we would only have to learn the basics of Vagrant.

Also, from the other recent thread here, it is clear that knife can create ec2 VMs. Can it create local VMs as well?

Thanks,
Jim

From: Cassiano Leal [mailto:cassianoleal@gmail.com]
Sent: Wednesday, January 16, 2013 11:37 AM
To: chef@lists.opscode.com
Subject: [chef] Re: RE: Re: Vagrant and Chef client and server

If your problem is with having to manually delete the clients and nodes after you destroy a VM, might I suggest you try my own vagrant-butcher [0] gem?

It does the deleting automatically when you run vagrant destroy, no configuration or code changes needed.

Next time you spin up the same VM, it will simply re-create the client and node in the Chef server as usual. You can then leave the run list on the Vagrant file.

[0] https://rubygems.org/gems/vagrant-butcher

Cheers,

  • cassiano

On Wednesday, January 16, 2013 at 16:32, Fluke,James wrote:

Yeah, that is the way that works for us. But, we would really like to set up the node on the server and then create the VM that goes with it. Then we could destroy the client VM and recreate it whenever we needed to without touching the server.

And, so far, the Chef server run list_gets added to the Vagrantfile run_list.

Thanks for your response.

Jim

From: Cassiano Leal [mailto:cassianoleal@gmail.com]
Sent: Wednesday, January 16, 2013 11:14 AM
To: chef@lists.opscode.commailto:chef@lists.opscode.com
Subject: [chef] Re: Vagrant and Chef client and server

The easiest way for you to do it is to first spin up your vagrant VM with an empty run list, let it register itself into the Chef server, then do your stuff on the Chef server. Be aware that the Vagrantfile’s run_list might overwrite the one on the Chef server (haven’t tested that).

  • cassiano

On Wednesday, January 16, 2013 at 16:10, james.fluke@colostate.edumailto:james.fluke@colostate.edu wrote:

We have just started working with Chef and are still trying to figure it out.

We have successfully used Vagrant to created both a Chef server VM and a Chef

client VM that connects to the server. We used Vagrantfiles that we found on

the web that use the chef-server and chef-client cookbooks.

However, the client creation and connection to the server only works if the

client’s node does not exist on the server - if chef-client can create the node

on the server it works fine. But, we would like to create the node on the

server first, and populate a run list for it, before creating the VM with

Vagrant. The error I get when I try it is appended.

Does anyone know how to fix this?

Is there a better way to do it? By maybe doing less with vagrant and then using

“knife bootstrap”?

Thanks,

Jim

[2013-01-15T22:20:08+00:00] INFO: *** Chef 10.14.2 ***

[2013-01-15T22:20:08+00:00] INFO: Client key /etc/chef/client.pem is not

present - registering

[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 409 Conflict: Client

already exists

[2013-01-15T22:20:08+00:00] INFO: HTTP Request Returned 403 Forbidden: You are

not allowed to take this action.

================================================================================

Chef encountered an error attempting to create the client “chefClient1”

================================================================================

Authorization Error:


Your validation client is not authorized to create the client for this node

(HTTP 403).

Possible Causes:


  • There may already be a client named “chefClient1”

  • Your validation client (chef-validator) may have misconfigured authorization

permissions.

[2013-01-15T22:20:08+00:00] FATAL: Stacktrace dumped to

/srv/chef/file_store/chef-stacktrace.out

[2013-01-15T22:20:08+00:00] FATAL: Net::HTTPServerException: 403 “Forbidden”

The following SSH command responded with a non-zero exit status.

Vagrant assumes that this means the command failed!

chef-client -c /tmp/vagrant-chef-1/client.rb -j /tmp/vagrant-chef-1/dna.json


#7

Also, from the other recent thread here, it is clear that knife can create
ec2 VMs. Can it create local VMs as well?****

**

There is a knife plugin to manage vagrant VMs the way knife ec2 works.
https://github.com/garrettux/knife-vagrant You may want to give this a try.

Thanks
Gourav