Enable to provisoning a container

[chrisduong]

Hi,

== I set up chef-server and docker.io in the same host (Ubuntu Precise). I installed 'chef-metal-docker' gem there to provisioning docker container.

== The chef-server is the client of itself. I can confirm buy this command.
ubuntu@vpc-proxy-01:~/provisioner$ sudo chef-client
[2014-09-20T09:51:27+00:00] INFO: Forking chef instance to converge...
[2014-09-20T09:51:27+00:00] WARN:

---

SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server
  verify_api_cert true

To check your SSL configuration, or troubleshoot errors, you can use the
knife ssl check command like so:

  knife ssl check -c /etc/chef/client.rb

---

Starting Chef Client, version 11.14.6
[2014-09-20T09:51:27+00:00] INFO: *** Chef 11.14.6 ***
[2014-09-20T09:51:27+00:00] INFO: Chef-client pid: 4391
[2014-09-20T09:51:29+00:00] INFO: Run List is [recipe[build-essential]]
[2014-09-20T09:51:29+00:00] INFO: Run List expands to [build-essential]
[2014-09-20T09:51:29+00:00] INFO: Starting Chef Run for vpc-proxy-01.<>
[2014-09-20T09:51:29+00:00] INFO: Running start handlers
[2014-09-20T09:51:29+00:00] INFO: Start handlers complete.
[2014-09-20T09:51:29+00:00] INFO: HTTP Request Returned 404 Object Not Found:
resolving cookbooks for run list: ["build-essential"]
[2014-09-20T09:51:29+00:00] INFO: Loading cookbooks [build-essential@2.0.6]
Synchronizing Cookbooks:

• build-essential
  Compiling Cookbooks...
  Converging 7 resources
  Recipe: build-essential::_debian
• package[autoconf] action install[2014-09-20T09:51:29+00:00] INFO: Processing package[autoconf] action install (build-essential::_debian line 21)
  (up to date)
• package[binutils-doc] action install[2014-09-20T09:51:29+00:00] INFO: Processing package[binutils-doc] action install (build-essential::_debian line 22)
  (up to date)
• package[bison] action install[2014-09-20T09:51:29+00:00] INFO: Processing package[bison] action install (build-essential::_debian line 23)
  (up to date)

== My provisioned node snippet:
ubuntu@vpc-proxy-01:~$ cat provisioner/wario.rb
require 'chef_metal_docker'

machine 'wario' do
recipe 'apache'

machine_options :docker_options => {
  :base_image => {
      :name => 'ubuntu',
      :repository => 'ubuntu',
      :tag => '14.04'
  },
  :command => '/usr/sbin/httpd'
}

end

== However, I cannot create an docker container. The log is
ubuntu@vpc-proxy-01:~/provisioner$ sudo CHEF_DRIVER=docker chef-client wario.rb
[2014-09-20T09:49:48+00:00] INFO: Forking chef instance to converge...
[2014-09-20T09:49:48+00:00] WARN:

---

SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server
  verify_api_cert true

To check your SSL configuration, or troubleshoot errors, you can use the
knife ssl check command like so:

  knife ssl check -c /etc/chef/client.rb

---

Starting Chef Client, version 11.14.6
[2014-09-20T09:49:48+00:00] INFO: *** Chef 11.14.6 ***
[2014-09-20T09:49:48+00:00] INFO: Chef-client pid: 4151
[2014-09-20T09:49:50+00:00] INFO: Run List is [recipe[build-essential]]
[2014-09-20T09:49:50+00:00] INFO: Run List expands to [build-essential]
[2014-09-20T09:49:50+00:00] INFO: Starting Chef Run for vpc-proxy-01.<>
[2014-09-20T09:49:50+00:00] INFO: Running start handlers
[2014-09-20T09:49:50+00:00] INFO: Start handlers complete.
[2014-09-20T09:49:50+00:00] INFO: HTTP Request Returned 404 Object Not Found:
resolving cookbooks for run list: ["build-essential"]
[2014-09-20T09:49:50+00:00] INFO: Loading cookbooks [build-essential@2.0.6]
Synchronizing Cookbooks:

• build-essential
  Compiling Cookbooks...
  Converging 8 resources
  Recipe: build-essential::_debian

• package[autoconf] action install[2014-09-20T09:49:52+00:00] INFO: Processing package[autoconf] action install (build-essential::_debian line 21)
  (up to date)

• package[binutils-doc] action install[2014-09-20T09:49:52+00:00] INFO: Processing package[binutils-doc] action install (build-essential::_debian line 22)
  (up to date)

• package[bison] action install[2014-09-20T09:49:52+00:00] INFO: Processing package[bison] action install (build-essential::_debian line 23)
  (up to date)

  • package[build-essential] action install[2014-09-20T09:49:52+00:00] INFO: Processing package[build-essential] action install (build-essential::_debian line 24)
    (up to date)

• package[flex] action install[2014-09-20T09:49:52+00:00] INFO: Processing package[flex] action install (build-essential::_debian line 25)
  (up to date)

• package[gettext] action install[2014-09-20T09:49:52+00:00] INFO: Processing package[gettext] action install (build-essential::_debian line 26)
  (up to date)

• package[ncurses-dev] action install[2014-09-20T09:49:52+00:00] INFO: Processing package[ncurses-dev] action install (build-essential::_debian line 27)
  [2014-09-20T09:49:52+00:00] INFO: package[ncurses-dev] is a virtual package, actually acting on package[libncurses5-dev](up to date)
  Recipe: @recipe_files::/home/ubuntu/provisioner/wario.rb

• machine[wario] action converge[2014-09-20T09:49:52+00:00] INFO: Processing machine[wario] action converge (@recipe_files::/home/ubuntu/provisioner/wario.rb line 3)
  [2014-09-20T09:49:52+00:00] INFO: Processing chef_node[wario] action create (basic_chef_client::block line 61)
  [2014-09-20T09:49:52+00:00] INFO: HTTP Request Returned 403 Forbidden: error
  [2014-09-20T09:49:52+00:00] INFO: Running queued delayed notifications before re-raising exception

  Error executing action converge on resource 'machine[wario]'

  Net::HTTPServerException

  chef_node[wario](basic_chef_client::block line 61) had an error: Net::HTTPServerException: 403 "Forbidden"

  Resource Declaration:

  In /home/ubuntu/provisioner/wario.rb

  3: machine 'wario' do
  4: recipe 'apache'
  5:
  6: machine_options :docker_options => {
  7: :base_image => {
  8: :name => 'ubuntu',
  9: :repository => 'ubuntu',
  10: :tag => '14.04'
  11: },
  12: :command => '/usr/sbin/httpd'
  13: }
  14: end

  Compiled Resource:

  Declared in /home/ubuntu/provisioner/wario.rb:3:in `from_file'

  machine("wario") do
  action :converge
  retries 0
  retry_delay 2
  guard_interpreter :default
  chef_server {:chef_server_url=>"https://vpc-proxy-01.<>", :options=>{:client_name=>"vpc-proxy-01.<>", :signing_key_filename=>"/etc/chef/client.pem"}}
  driver "docker"
  machine_options {:docker_options=>{:base_image=>{:name=>"ubuntu", :repository=>"ubuntu", :tag=>"14.04"}, :command=>"/usr/sbin/httpd"}}
  cookbook_name "@recipe_files"
  recipe_name "/home/ubuntu/provisioner/wario.rb"
  run_list_modifiers [recipe[apache]]
  end

[2014-09-20T09:49:52+00:00] INFO: Running queued delayed notifications before re-raising exception

Running handlers:
[2014-09-20T09:49:52+00:00] ERROR: Running exception handlers
Running handlers complete
[2014-09-20T09:49:52+00:00] ERROR: Exception handlers complete
[2014-09-20T09:49:52+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 4.21188368 seconds
[2014-09-20T09:49:52+00:00] ERROR: machine[wario](@recipe_files::/home/ubuntu/provisioner/wario.rb line 3) had an error: Net::HTTPServerException: chef_node[wario](basic_chef_client::block line 61) had an error: Net::HTTPServerException: 403 "Forbidden"
[2014-09-20T09:49:52+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
ubuntu@vpc-proxy-01:~/provisioner$ ^C

Please enlighten me. Thanks

[chrisduong]

My client config is

root@vpc-proxy-01:/home/ubuntu/provisioner# cat /etc/chef/client.rb
log_level :info
log_location STDOUT
chef_server_url 'https://vpc-proxy-01.'
validation_client_name 'admin'
validation_key '/etc/chef/admin.pem'

[chrisduong]

Sorry, after I make the client 'vpc-proxy-01.domain' is the admin, the issue is gone.