Unable to connect via ssh for bootstrap of chef client on EC2 CentOS5 Instance
I am unable to connect via ssh for bootstrap of Chef Client for an EC2 CentOS5 instance. See the gist at https://gist.github.com/1447831.
This appears to be an intermittent issue.
This is blocking my progress on bringing up Chef for our company.
Comments are currently closed for this discussion. You can start a new one.
2 Posted by admins-chef-numenta on 08 Dec, 2011 06:21 PM
Switching from ec2-user to chef-knife (one of our AWS users) I am still not able to connect.
Note, the same configuration worked previously with other instances.
New gist: https://gist.github.com/1447914
3 Posted by admins-chef-numenta on 08 Dec, 2011 06:31 PM
If I use an Amazon Linux AMI (ami-1b814f72) with the following knife command:
% knife ec2 server create "role[base-aws]" -N aws-test-01 -I ami-1b814f72 -f m1.large -G default -i certificates/chef-knife.pem -S chef-knife --ssh-user ec2-user --region us-east-1 -Z us-east-1d -V -V
I am not able to ssh into the box for bootstrap. See the same error messages. That said, I just noticed that I was not in the root of my chef-repo. I believe that may have been affecting the certs. Am running again to confirm.
See the latest gist at https://gist.github.com/1447946
Support Staff 4 Posted by Steven Danna on 08 Dec, 2011 06:31 PM
Hi,
A few questions to get us started:
For instances where authentication is failing, are you able to connect using your system's standard ssh client? From the log it appears that the problem may be in the EC2 instance itself.
Does authentication begin working if you wait a bit longer. It could be that, for some reason, ssh is coming up before all of the necessary authentication bits have been placed on your instance. Since you are using an m1.large, I doubt this is likely.
Sincerely,
Steven
5 Posted by admins-chef-numenta on 08 Dec, 2011 06:34 PM
Ok, by moving to the root of my chef-repo, things are working properly for creating an instance up through ssh connect for the bootstrap.
The bootstrap process is failing as shown in this gist: https://gist.github.com/1447955
6 Posted by admins-chef-numenta on 08 Dec, 2011 06:36 PM
Hi Steven -
Believe I found the issue with ssh authentication. It would appear it was due to my not being in the root of my chef-repo and therefore the path to certs being incorrect (being relative vs. absolute).
Need to conduct a few more tests to confirm. But am still hitting issues in the bootstrap process.
7 Posted by admins-chef-numenta on 08 Dec, 2011 06:48 PM
Hi Steven -
Ok, so I shifted to a different AMI (ami-0129cc68). If I use ec2-user as the ssh user, the bootstrap fails when attempting to connect via ssh.
See gist https://gist.github.com/1447999.
I shifted to using chef-knife as my ssh user and I am seeing the same thing.
See gist https://gist.github.com/1448012.
Right now, I am dead in the water.
Jordan
8 Posted by admins-chef-numenta on 08 Dec, 2011 06:51 PM
A quick summary of where I stand.
If I use a CentOS5 AMI, I am unable to connect in the bootstrap process with either ec2-user or chef-knife as my ssh user.
If I use an Amazon Linux AMI, I am able to connect in the bootstrap process with ec2-user as my ssh user.
The build of the chef gems fails during the Amazon Linux bootstrap process.
I am dead in the water here.
Support Staff 9 Posted by Steven Danna on 08 Dec, 2011 06:54 PM
Hi,
In the cases where SSH is failing during the knife ec2 command, can you try making a connection directly using ssh, dong something like:
ssh -i ~/path/to/key user@PUBLIC_IP_OF_INSTANCE
Sincerely,
Steven
10 Posted by admins-chef-numenta on 08 Dec, 2011 07:12 PM
Hi Steven -
Ok, I have ssh connection working properly with an Amazon Linux AMI (ami-38c33651) and I have addressed the earlier build issues by putting in place a custom bootstrap as outlined in http://tickets.opscode.com/browse/CHEF-2515.
Am using the command:
$ knife ec2 server create "role[base-aws]" -N aws-test-01 -I ami-38c33651 -f m1.large -d amazon-linux-gems -G default -i ~/.ssh/chef-knife.pem -S chef-knife --ssh-user chef-knife --region us-east-1 -Z us-east-1d -V -V DEBUG: Using configuration from /Users/jdeamattson/repos/chef-repo/.chef/knife.rb
Now, I am hitting an error in the bootstrap script. See https://gist.github.com/1448102.
Support Staff 11 Posted by Steven Danna on 08 Dec, 2011 07:15 PM
Hi,
It appears that the bootstrap is having trouble finding your custom bootstrap script. If you are passing in a bootstrap like follows:
Then you should have a file named:
Can you confirm that this is the case?
Sincerely,
Steven
12 Posted by admins-chef-numenta on 08 Dec, 2011 07:29 PM
Hi Steven -
Got it!
I found http://tickets.opscode.com/browse/CHEF-2736, which pointed me in the right direction.
My experience points to a number of places where a bit more robust error handling would help out substantially for those of us getting started.
Jordan
Support Staff 13 Posted by Steven Danna on 08 Dec, 2011 07:31 PM
Hi,
Glad to hear you've got it sorted. Are you still blocked on anything at the moment?
We agree 100% and are working to improve chef's error message. For instance, I believe that the message you received when knife could not find the bootstrap file is fixed by related changes in 0.10.6.
Sincerely,
Steven
admins-chef-numenta closed this discussion on 08 Dec, 2011 07:45 PM.