I have a chef recipe that runs a chocolatey install for Microsoft SQL server. From my workbench when I run
knife winrm [IP] 'chef-client -o "recipe[NetDevMachine::default]"' -m -x 'domain\myuser'
over a node it fails with the error:
532459699 or sometimes 2022834173 or 2057043966
However if I log onto the VM as the same user and locally run
chef-client -o "recipe[NetDevMachine::default]"
It works. Does anyone know what the difference is between running chef-client locally and running it remotely from the workbench? What does chef-client do differently here? Both are pulling the recipe from the same chef-server repo.
Additional Details
I am using the same user for both
I have successfully run other recipes from the workstation, it's just this MicrosoftSQLServer install that's not working
running "knife winrm [IP] 'choco install MicrosoftSQLServer' -m -x 'domain\myuser' also does not work
Recipe contents:
powershell_script "choco install MicrosoftSQLServer2014" do
code <<-EOH
choco install MicrosoftSQLServer2014
EOH
end
Error:
[ERROR] Running C:\Users\myuser\AppData\Local\Temp\MicrosoftSQLServer2014\setup.exe with
/QUIET /IACCEPTSQLSERVERLICENSETERMS /ACTION=INSTALL /INSTANCENAME=MSSQLSERVER /FEATURES=SQL,TOOLS,LOCALDB
/SQLSVCACCOUNT="NT AUTHORITY\Network Service" /SQLSYSADMINACCOUNTS=BUILTIN\ADMINISTRATORS
/SKIPRULES=REBOOTREQUIREDCHECK UIMODE=AUTOADVANCE was not successful.
Exit code was '-532459699'.
Edit - the only difference I can see is that one runs in the foreground and the other doesn't. So the location of the compile chef-script is /temp/2 for the failing run. I don't know if there is a way to force chef to run in the foreground or if that will even help.
Thanks
I never got to the bottom of this and still don't understand how running the chef client remotely using knife was different from running chef client directly on the VM. Perhaps it was something to do with the handling of credentials or permissions when remotely sending commands.
But I did find that removing chocolatey and replacing it a command line silent install inside a chef powershell resource allowed me to install MSSQL.
Related
I wrote a small test project for Singularity Compose, consisting of a small server application, with the following YAML file:
version: "1.0"
instances:
server:
build:
context: ./server
recipe: server.recipe
ports:
- 9999:9999
When I call singularity-compose build, it successfully builds server.sif. Calling singularity-compose up also seemingly works without error, and calling singularity-compose ps results in something that looks just fine:
+ singularity-compose ps
INSTANCES NAME PID IMAGE
1 server 4176911 server.sif
However, the server application does not work, calling my test client results in it saying that there is no answer from the server.
But if I run server.sif directly without compose, everything works just fine.
Also, I tripple checked, my test application listens to port 9999, thus should be reachable from the outside.
What did I do wrong?
Edit:
I also checked whether there actually is any process listening at port 9999 by calling sudo lsof -i -P -n | grep LISTEN, this is not the case. Only when I manually start server.sif without compose it shows me the process listening.
Edit:
I went into the Singularity Compose shell and tried to start the Server application directly in there, just as a test, and it resulted in Permission denied. Not sure if that means anything.
Edit:
I now gave the application execution rights within the shell and called in there, this works. Am now trying to add execution rights in the recipe. If that works, it would be kind of strange, as the executable was build right there, and thus should already have execution rights.
Edit:
I added chmod +x in my recipe both after building Server and before executing it. Doesn't work either.
Also checked whether any bridges exist using brctl show, this is not the case.
Edit: My recipe, adjusted by the input of tsnowlan in his answer below:
Bootstrap: docker
From: ubuntu:20.04
%files
connection.cpp
connection.h
main.cpp
server.cpp
server.h
server.pro
%post
# get some basics
apt update
apt-get install -y wget
apt-get install -y software-properties-common
# get C++ compiler
apt-get install -y g++
apt-get install -y build-essential
apt-get install -y build-essential cmake
# get Qt
apt-get install -y qt5-default
# compile
qmake
make
ls
%runscript
/Server
%startscript
/Server
Again, note that the application works just fine both when compiled and startet normally and when started within a Singularity image (but without Singularity Compose).
The ls at the end of the %post block is used to verify that the Server application was build successfully.
Please share the server.recipe, as it is difficult to identify should be/is happening without it.
Without having that, my guess is that you have a %runscript in your definition file, but no %startscript. When the image is executed directly or via singularity run image.sif, the contents of %runscript determine what happens. To emulate the docker-compose style, the singularity images are started as persistent instances. In this case, the %startscript block determines what runs. If it is empty, it will just start up and sit there doing nothing. This would explain why when run by hand it works but not when using compose.
I'm new to Chef and I have stuck in a problem. I'm using AWS Chef Automate Server and EC2 ubuntu instance as Chef Node. My workstation is local machine where I have installed ChefDK on windows. I have successfully configured the Chef server with ChefDK.
When I bootstrap the node using Knife Bootstrap command, it bootstraps the ubuntu node but shows this error in the end cannot create /etc/chef/trusted_certs/opsworks-cm-ca-2016-root.pem: Directory nonexistent
The command I used here is knife bootstrap myEC2PublicIPHere -N UmaidNode1 -x ubuntu --sudo --run-list "recipe[nginx]" -i .chef/my_key.pem.
After that I added some other cookbooks in the server and run Knife ssh command from my windows workstation to run Chef-client on the node, but this command is not working. I have tried it with different attributes, but always the similar issue FATAL: 1 node found, but does not have the required attribute to establish the connection. Try setting another attribute to open the connection using --attribute.
The command I tried here is knife ssh 'name:*' --attribute myEC2PublicIpHere -x ubuntu -i .chef/my_key.pem 'sudo chef-client'.
Furthur upon running this command knife node show UmaidNode1, it shows the data about node where IP is blank. I don't know why it is not getting this IP here. Showing the output Node Name: UmaidNode1 Environment: _default FQDN: IP: Run List: recipe[nginx], recipe[apache] Roles: Recipes: Platform: Tags:
enter image description here
The issue is finally resolved. I don't know why, but the problem was with the ChefDK version. I was using the latest version 4.8.23. It always creates directory /etcchef but the chef searches for all files in the directory /etc/chef. So it was unable to get the files like client.rb etc.
NOTE: I even make the required /etc/chef directory by myself, but it didn't work.
I installed an older version of ChefDK and now it's working fine.
When using the db2setup (Wizard) to install a new version of DB2 V10.5.0.3 (or the universal fixpack V10.5.7) the installer appears to hang near the end of the Create DB2 Administration task. There is a das directory created in the /home/dasusrX directory but it has no visible files. The logs show no errors. Manually trying to create the DAS also hangs using dascrt -u dasusrX
In the console where I launched the db2setup I found I needed to enter the dasusrX password a couple of times. There is no prompt displayed. I believe the system also hangs during the Configuring DB2 instances task and luckily I used the same password for other users so I entered it there as well to complete the install.
I figured this out running the dascrt -d -u dasusrX and saw it hung at the su dasusrX -c /bin/pwd command and when I tried that command manually, it propmted for the dasusrX password. This may be a unique situation for our server set up as root is accessible only via sudo -i so perhaps in other situations there would be no prompt for dasusrX password when using su as root.
Though I have followed the usual steps for using the dotCloud CLI under Cygwin, dotcloud push fails in all cases: --rsync, --hg, and --git.
I am on Windows 8 and Cygwin.
How can I push successfully?
Sample output:
me#host /cygdrive/d/project
$ dotcloud push --rsync
==> Pushing code with rsync from "./" to application myapp
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at /home/lapo/package/rsync-3.0.9-1/src/rsync-3.0.9/io.c(605) [sender=3.0.9]
me#host /cygdrive/d/project
$ dotcloud push --git
Permission denied (publickey,password).r from "./" to application myapp
fatal: The remote end hung up unexpectedly
me#host /cygdrive/d/project
$ dotcloud push --hg
==> Pushing code with mercurial from "./" to application myapp
abort: no suitable response from remote hg!
Error: Mercurial returned a fatal error
You may be running into a bug in Cygwin's group permissions. Vineet Gupta gives a workaround in his blog. The problem comes from the very strict permissions expected by ssh around the keys, and the solution is to set the permission on the ssh key properly (to 600, rw by owner only). Cygwin seems to need the group to be added manually.
Updating the steps to get the dotCloud CLI installed, including setting the permissions, leads to:
Start the Cygwin Setup.
Select default choices until you reach the package selection dialog.
Enable the following packages:
net/openssh
net/rsync
devel/git
devel/mercurial
python/python (make sure it’s at least 2.6!)
web/wget
After the installation, you should have a Cygwin icon on your desktop. Start it: you will get a command-line shell.
Download easy_install
wget http://peak.telecommunity.com/dist/ez_setup.py
Install easy_install
python ez_setup.py
You now have easy_install; let’s use it to install pip:
easy_install pip
Now install dotcloud (the CLI)
pip install dotcloud
Set up the CLI with your credentials. This will also download the ssh key.
dotcloud setup
New Step Update the permissions on your dotCloud key:
chgrp Users ~/.dotcloud_cli/dotcloud.key
chmod 600 ~/.dotcloud_cli/dotcloud.key
Now you should be able to dotcloud push
If you have multiple dotCloud accounts, then you will need to repeat this process for each account, since each account has its own key. Also note that you shouldn't have to set these permissions manually, but it seems like the group ownership is sometimes the wrong default in Cygwin. Linux and OSX don't seem to show this problem, though the permissions must be 600 for all OSes, so it is worth checking.
Hi! I get following error when tried to start the Cygwin sshd Windows service:
$ cygrunsrv.exe -S sshd
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.
I used ssh-host-config to install the service with privilege separation. The script created two users: sshd and sshd_server.
The following solved this issue for me:
Add the "Full Control" permission for the SYSTEM user to the following directories:
C:\Cygwin
C:\Cygwin\var
C:\Cygwin\var\log
If it still doesn't help then, try running ssh-host-config -y and retry cygrunsrv -S sshd.
Also, I actually uninstalled the sshd service by issuing cygrunsrv -R sshd prior to retrying and only after that running ssh-host-config -y.
(I found the solution at http://www.noah.org/wiki/Sshd_on_Windows)