chef-provisioning
chef-provisioning copied to clipboard
chef-boneyard
client.rb contains incorrect chef_server_url
I am using v1.1.1 in local mode to setup a machine that should then be managed by a server specified in chef_server_url. My problem is that the created /etc/chef/client.rb points to http://localhost:8889 and not what I specified, even though the node is registered with the server and gets recipes from it during the provisioning run.
I've tried this with ssh and vagrant provisioners, and using 'with_chef_server' or specifying chef_server on the machine resource.
For example:
machine "test2" do
chef_server( :chef_server_url => "http://192.168.1.67:8889")
end
Hmm, I have suspicions. I'm seeing this: chefzero://localhost:8889/nodes/ as the URL. I bet we don't detect it.
Oh, right. That shouldn't matter, because the chef server should be pointable regardless. Testing.
Just reran this with chef-client 12.3 on both workstation and target; same result. I think I had 12.2 on workstation and 12.3 on client originally.
I was looking at this during office hours and it was taking too long to troubleshoot, but it looks like this is definitely a bug. The first weird thing I see is that chef_server is indeed a machine attribute, but I don't know where that is coming from.
We should also update our documentation so it is super clear how you specify which chef-server a machine should register itself with for convergence.
@christinedraper said that when doing this the machine initially converges correctly, but its only the client.rb content which contains the wrong URL for a chef server. I hypothesize that https://github.com/chef/chef-provisioning/blob/master/lib/chef/provisioning/convergence_strategy/precreate_chef_objects.rb#L11 is getting the chef-server URL incorrectly.
As a workaround you should be able to specify
machine "test2" do
chef_config "chef_server_url \"http://192.168.1.67:8889\""
end
I did a bit of debug on this. Turns out it is significant that the 'chef server' I am pointing at is chef-zero running on localhost.
So for example, with the above I'm doing:
chef-zero -H 192.168.1.67
where 192.168.1.67 is the IP address of localhost. Another scenario is where I'm using vagrant VMs running on a private network on localhost with IP addresses 10.0.1.x and I'm running chef-zero -H 10.0.1.1
Anyway, what's happening is that setup_convergence does:
chef_server_url = make_url_available_to_remote(chef_server_url)
make_url_available_to_remote calls is_local_machine() and gets the answer 'true'. It then proceeds to call forward_port() which constructs a URL with the host set to 'localhost', overriding the host information in the chef_server_url that was set.
https://github.com/chef/chef-provisioning/blob/master/lib/chef/provisioning/transport/ssh.rb#L146-L162
I found a workaround to this issue for the time being:
with_chef_server Chef::Config[:chef_server_url],
:client_name => Chef::Config[:node_name],
:signing_key_filename => Chef::Config[:client_key]
machine 'target-machine' do
action :converge
machine_options( {
bootstrap_options: {
key_name: 'id_rsa'
},
ssh_username: 'root',
transport_options: {
host: 'target-machine',
username: 'root',
ssh_options: {
keys: ['/root/.ssh/id_rsa']
}
},
convergence_options: {
ssl_verify_mode: :verify_none,
chef_version: '12.17.44',
chef_config: "chef_server_url '#{Chef::Config[:chef_server_url]}'\n",
install_url: ''
}
})
recipe 'some::recipe'
end
I got bit by this issue when trying to chef-provisioning-ssh from the Chef Server. Port forwarding wasn't working for me in that environment.
