I'm running knife bootstrap command from chef-workstation. When I use ipv6 address for the chef client, It sends the following error:
tsi@chef-workstation:~/chef-repo$ knife -v
Chef: 11.12.2
tsi@chef-workstation:~/chef-repo$ knife bootstrap 2003:1b39:220:1::1011 -x tsi -P 'xxxx' -N 'testnode' -r 'role[WebServer]' --sudo
Connecting to 2003:1b39:220:1::1011
ERROR: Network Error: getaddrinfo: Name or service not known
Check your knife configuration and network settings
tsi@chef-workstation:~/chef-repo$
It seems the workstation interprets the ipv6 address as a hostname and then tries resolving it.
tsi@chef-workstation:~/chef-repo$ knife bootstrap vm -x tsi -P xxxx -N 'testnode' -r 'role[WebServer]' --sudo
Connecting to vm
vm sudo: unable to resolve host mrtg-server
vm knife sudo password:
Enter your password:
After gaining access to the VM using the workaround, I discovered a new issue with ipv6 similar to the one above:
I also tried to use ipv6 address instead of "chef-server" dns name, but had a same result: "Error connecting to https://[2003:1b39:130:1::102]/organizations/dtna/clients - getaddrinfo: Name or service not known"
tsi@chef-workstation:~/chef-repo$ knife bootstrap vm -x tsi -P 'xxxx' -N 'testnode' -r 'role[WebServer]' --sudo --bootstrap-proxy http://[2003:1b39:220:1::a00a]:8080 --use-sudo-password
Connecting to vm
vm sudo: unable to resolve host mrtg-server
vm [sudo] password for htadmin: Starting first Chef Client run...
vm [2014-06-23T18:12:24+02:00] WARN:
vm * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
vm SSL validation of HTTPS requests is disabled. HTTPS connections are still
vm encrypted, but chef is not able to detect forged replies or man in the middle
vm attacks.
vm
vm To fix this issue add an entry like this to your configuration file:
vm
vm ```
vm # Verify all HTTPS connections (recommended)
vm ssl_verify_mode :verify_peer
vm
vm # OR, Verify only connections to chef-server
vm verify_api_cert true
vm ```
vm
vm To check your SSL configuration, or troubleshoot errors, you can use the
vm `knife ssl check` command like so:
vm
vm ```
vm knife ssl check -c /etc/chef/client.rb
vm ```
vm
vm * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
vm
vm Starting Chef Client, version 11.12.2
vm Creating a new client identity for testnode using the validator key.
vm
vm ================================================================================
vm Chef encountered an error attempting to create the client "testnode"
vm ================================================================================
vm
vm
vm Network Error:
vm --------------
vm There was a network error connecting to the Chef Server:
vm Error connecting to https://chef-server/organizations/dtna/clients - getaddrinfo: Name or service not known
vm
vm
vm
vm Relevant Config Settings:
vm -------------------------
vm chef_server_url "https://chef-server/organizations/dtna"
vm
vm If your chef_server_url is correct, your network could be down.
vm
vm
vm
vm [2014-06-23T18:12:26+02:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
vm Chef Client failed. 0 resources updated in 2.08654598 seconds
vm [2014-06-23T18:12:26+02:00] ERROR: Error connecting to https://chef-server/organizations/dtna/clients - getaddrinfo: Name or service not known
vm [2014-06-23T18:12:26+02:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
tsi@chef-workstation:~/chef-repo$ ls
accumulator-0.2.0.tar.gz chefignore cookbooks environments Rakefile roles
certificates config data_bags LICENSE README.md
tsi@chef-workstation:~/chef-repo$ cd .chef/
tsi@chef-workstation:~/chef-repo/.chef$ ls
dtna-validator.pem knife.rb tsi.pem
tsi@chef-workstation:~/chef-repo/.chef$ vi knife.rb
tsi@chef-workstation:~/chef-repo/.chef$ knife bootstrap vm -x tsi -P 'xxxx' -N 'testnode' -r 'role[WebServer]' --sudo --bootstrap-proxy http://[2003:1b39:220:1::a00a]:8080 --use-sudo-password
Connecting to vm
vm sudo: unable to resolve host mrtg-server
vm [sudo] password for htadmin: Starting first Chef Client run...
vm [2014-06-23T18:23:53+02:00] WARN:
vm * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
vm SSL validation of HTTPS requests is disabled. HTTPS connections are still
vm encrypted, but chef is not able to detect forged replies or man in the middle
vm attacks.
vm
vm To fix this issue add an entry like this to your configuration file:
vm
vm ```
vm # Verify all HTTPS connections (recommended)
vm ssl_verify_mode :verify_peer
vm
vm # OR, Verify only connections to chef-server
vm verify_api_cert true
vm ```
vm
vm To check your SSL configuration, or troubleshoot errors, you can use the
vm `knife ssl check` command like so:
vm
vm ```
vm knife ssl check -c /etc/chef/client.rb
vm ```
vm
vm * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
vm
vm Starting Chef Client, version 11.12.2
vm Creating a new client identity for testnode using the validator key.
vm
vm ================================================================================
vm Chef encountered an error attempting to create the client "testnode"
vm ================================================================================
vm
vm
vm Network Error:
vm --------------
vm There was a network error connecting to the Chef Server:
vm Error connecting to https://[2003:1b39:130:1::102]/organizations/dtna/clients - getaddrinfo: Name or service not known
vm
vm
vm
vm Relevant Config Settings:
vm -------------------------
vm chef_server_url "https://[2003:1b39:130:1::102]/organizations/dtna"
vm
vm If your chef_server_url is correct, your network could be down.
vm
vm
vm
vm [2014-06-23T18:23:56+02:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
vm Chef Client failed. 0 resources updated in 2.113761997 seconds
vm [2014-06-23T18:23:56+02:00] ERROR: Error connecting to https://[2003:1b39:130:1::102]/organizations/dtna/clients - getaddrinfo: Name or service not known
vm [2014-06-23T18:23:56+02:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
tsi@chef-workstation:~/chef-repo/.chef$