Using Chef 12 , Chef Client unable to connect to chef Server

Question

Command I ran:

knife bootstrap 10.x.x.x-x ec2-x-i xx.pem --sudo -r "role[x]"`

Error:

[2014-12-31T12:07:53+00:00] ERROR: Connection refused connecting to https://chefserver.dsh.com/organizations/digital/clients, retry 1/5`

Logs show this:

Chef encountered an error attempting to create the client "ip-10-x-x-x.ec2.internal"`

I have tired things so far:

• Edited my knife.rb
• chef_server_url from FQDN of Chef Server to IP address

Now I getting different error:

Original Exception: OpenSSL::SSL::SSLError: hostname "10.x.x.x" does not match the server certificate`

Answer 1

I found the below steps extremely useful at multiple instances on AWS when I faced the same error. With these steps you dont have to reconfigure your server based off ipaddress.

On AWS sometimes you might see something like ip-10-x-x-x as the public hostname without the ec2.internal part (from the metadata endpoint). In that case all you need to do is on your workstation add the entry

ipaddress ip-10-x-x-x

to your local /etc/hosts.

This would allow a DNS call to https://ip-10-x-x-x/organizations (Your chef server url) to get routed to that ipaddress (in case your direct DNS routing is not working) and allow the SSL handshake to take place allowing knife to work from local without reconfiguring your chef server using ipaddress

Answer 2

On Chef Server:

• I have changed my hostname from chefserver.dsh.com to https://IPAddress
• $sudo chef-server-ctl reconfigure

On Chef WorkStation:

• Edit the knife.rb on workstation @chef_server_url to https://IPAddress:443/organizations/name
• $sudo knife ssl fetch

Answer 3

The host name in the SSL certificate is not matching the IP address that you are using.

Is chefserver.dsh.com resolving to the IP address of the instance?

You have to either use the host name (and still ignore the self-signed certificate) or completely disable SSL certificate validation. This and this could help.