private-chef cookbook crashing with common-name attribute
dfduarte opened this issue · comments
Good afternoon,
I'm trying to run the chef-server cookbook using chef-provisioning (and chef-solo from Vagrant), and it returning the following error:
================================================================================
Recipe Compile Error in /opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/default.rb
================================================================================
Chef::Exceptions::ValidationFailed
----------------------------------
common_name is required
Cookbook Trace:
---------------
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/nginx.rb:58:in `block in from_file'
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/nginx.rb:57:in `from_file'
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/default.rb:208:in `block in from_file'
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/default.rb:191:in `each'
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/default.rb:191:in `from_file'
Relevant File Content:
----------------------
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/nginx.rb:
51:
52: ssl_keyfile = File.join(nginx_ca_dir, "#{node['private_chef']['nginx']['server_name']}.key")
53: ssl_crtfile = File.join(nginx_ca_dir, "#{node['private_chef']['nginx']['server_name']}.crt")
54: ssl_dhparam = File.join(nginx_ca_dir, 'dhparams.pem')
55:
56: # Generate self-signed SSL certificate
57: openssl_x509 ssl_crtfile do
58>> common_name node['private_chef']['nginx']['server_name']
59: org node['private_chef']['nginx']['ssl_company_name']
60: org_unit node['private_chef']['nginx']['ssl_organizational_unit_name']
61: country node['private_chef']['nginx']['ssl_country_name']
62: key_length node['private_chef']['nginx']['ssl_key_length']
63: expire node['private_chef']['nginx']['ssl_duration']
64: owner 'root'
65: group 'root'
66: mode '0644'
67: end
[2015-09-10T17:10:11+00:00] ERROR: Running exception handlers
[2015-09-10T17:10:11+00:00] ERROR: Exception handlers complete
[2015-09-10T17:10:11+00:00] FATAL: Stacktrace dumped to /opt/opscode/embedded/cookbooks/cache/chef-stacktrace.out
[2015-09-10T17:10:13+00:00] FATAL: Chef::Exceptions::ValidationFailed: common_name is required
STDERR: sudo: unable to resolve host ip-10-0-0-151
sudo: unable to resolve host ip-10-0-0-151
sudo: unable to resolve host ip-10-0-0-151
ERROR: CONFIGURATION ERROR:Specified config file /etc/opscode/pivotal.rb does not exist
sudo: unable to resolve host ip-10-0-0-151
ERROR: CONFIGURATION ERROR:Specified config file /etc/opscode/pivotal.rb does not exist
---- End output of "bash" "/tmp/chef-script20150910-3220-19gpj5q" ----
Ran "bash" "/tmp/chef-script20150910-3220-19gpj5q" returned 1
These errors started suddenly, and the chef-client cannot run the recipe due this. Note: I've used the wrapper that manages this cookbook (chef-server) before, without problems
The only one attribute passed by wrapper, is:
node.override['chef-server']['api-fqdn'] = node['ipaddress']
I was able to repo this too.
[2015-09-23T16:46:46+00:00] WARN: common_name nil currently does not overwrite the value of common_name. This will change in Chef 13, and the value will be set to nil instead. Please change your code to explicitly accept nil using "property :common_name, [MyType, nil]", or stop setting this value to nil.
================================================================================
Recipe Compile Error in /opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/default.rb
================================================================================
Chef::Exceptions::ValidationFailed
----------------------------------
common_name is required
Cookbook Trace:
---------------
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/nginx.rb:58:in `block in from_file'
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/nginx.rb:57:in `from_file'
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/default.rb:208:in `block in from_file'
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/default.rb:191:in `each'
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/default.rb:191:in `from_file'
Relevant File Content:
----------------------
/opt/opscode/embedded/cookbooks/cache/cookbooks/private-chef/recipes/nginx.rb:
51:
52: ssl_keyfile = File.join(nginx_ca_dir, "#{node['private_chef']['nginx']['server_name']}.key")
53: ssl_crtfile = File.join(nginx_ca_dir, "#{node['private_chef']['nginx']['server_name']}.crt")
54: ssl_dhparam = File.join(nginx_ca_dir, 'dhparams.pem')
55:
56: # Generate self-signed SSL certificate
57: openssl_x509 ssl_crtfile do
58>> common_name node['private_chef']['nginx']['server_name']
59: org node['private_chef']['nginx']['ssl_company_name']
60: org_unit node['private_chef']['nginx']['ssl_organizational_unit_name']
61: country node['private_chef']['nginx']['ssl_country_name']
62: key_length node['private_chef']['nginx']['ssl_key_length']
63: expire node['private_chef']['nginx']['ssl_duration']
64: owner 'root'
65: group 'root'
66: mode '0644'
67: end
Running handlers:
[2015-09-23T16:46:46+00:00] ERROR: Running exception handlers
Running handlers complete
[2015-09-23T16:46:46+00:00] ERROR: Exception handlers complete
Chef Client failed. 1 resources updated in 10.379691033 seconds
[2015-09-23T16:46:46+00:00] FATAL: Stacktrace dumped to /opt/opscode/embedded/cookbooks/cache/chef-stacktrace.out
[2015-09-23T16:46:47+00:00] FATAL: Chef::Exceptions::ValidationFailed: common_name is required
/cc @ryancragun
Hello jjasghar.
I figured out that this problem is related to a known bug with the Nginx cookbook (that Chef-server cookbook uses, also). The bug is a cookbook crash, when the machine to be configured, don't have a resolvable hostname and a VALID hostname (at least), and don't have a hostname set within OHAI.
At least here, I solved this setting a valid and correct hostname for my instance.
I don't know if this is related to your problem, as my issue here (besides the both problem are the same), but it's a good way to look for the solution.
Ah yep! I just sudo echo "127.0.0.1 <HOSTNAME> <HOSTNAME>" >> /etc/hosts
and it worked. Thanks!
Facing this as well when installing on EC2.
[ec2-user@ip-XYZ ~]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain chef.orgname.com
Confirmed on ec2 default ubuntu 14.04
This just bit me today also. I too am attempting to use the 'official' ubuntu image on EC2.
Make an entry in /etc/hosts using the name provided by executing the 'hostname' command.
127.0.0.1 ip-172-28-0-156.ec2.internal
Any suggestions on how to work around this if you want to host the chef-server on a different sub-domain? I've changed the following, for example:
default['private_chef']['nginx']['server_name'] = "chef.#{node['fqdn']}"
That appears to work for the hosting, but the cert generated is based on the hostname only - I want the common_name for the server cert to be chef.hostname
Confirmed on ec2 default ubuntu 14.04
Fixed with:
hostname `curl http://169.254.169.254/latest/meta-data/public-hostname`
This should largely be resolved by setting the api_fqdn
as appropriate or leaving unset to use IP addresses. Feel free to open new issues if this is manifesting presently.
just updating that this is still relevant as of today, fixing using sudo echo "127.0.0.1 <HOSTNAME> <HOSTNAME>" >> /etc/hosts
I used this command to avoid looking up for hostname:
eval "sudo echo \"127.0.0.1 $(hostname) $(hostname)\" >> /etc/hosts"
i got the same error and tried to install/ un-install the chef. no luck
then, i tried the above step. and then "reconfigured" it is working. thanks.
echo "127.0.0.1 chef_server chef_server.com">> /etc/hosts