Packer: Chef client key is not present

Do I need to copy the client.pem from my workstation (where packer is running the build) to the bootsraped instance before chef is installed? If yes, can you please share a snippet of the json file which does that?

Thanks

validation_key_path (the path on your machine where packer is running), if specified, should automatically copy the private key to where chef expects it and use it automatically for authenticating to the chef server.

However I think this might currently be bugged, relating to this: https://github.com/mitchellh/packer/issues/3263

My solution was to have a manual file provisioning step before chef to both create the chef directory, and place the private key where chef would look for it later. I was doing this for the validation key rather than the private key though, but I suspect it might be the same kind of issue. If you specify the validation key, it will automatically download the client key for subsequent chef client runs.

TL;DR: Use validation key instead of client key, and workaround the current bug :(

I have tried every combination I can think of with no avail. Please find bellow the provisioner snipped code

"provisioners": [
    {
        "type": "shell",
        "inline": [
            "sudo mkdir -p /tmp/packer-chef-client",
            "sudo chmod 777 /tmp/packer-chef-client"
        ]
    },
    {
        "type": "file",
        "source": "{{user `galaxy_home`}}/.chef/liora.pem",
        "destination": "/tmp/packer-chef-client/liora.pem"
    },
    {
        "type": "shell",
        "inline": [
            "sudo chmod 400 /tmp/packer-chef-client/liora.pem"
        ]
    },
    {
        "type": "chef-client",
        "server_url": "https://api.opscode.com/organizations/lmb",
        "config_template": "{{user `galaxy_home`}}/templates/client.rb.template",
        "validation_client_name": "lmb-validator",
        "validation_key_path": "{{user `galaxy_home`}}/.chef/liora.pem",
        "skip_clean_node": true,
        "skip_clean_client": true,
        "node_name": "liora",
        "run_list": [
            "role[clm-server]"
        ],
        "chef_environment": "{{user `chef_env`}}"
    }

Here is the error I hit:

 [exec] amazon-ebs output will be in this color.
 [exec] ==> amazon-ebs: Prevalidating AMI Name...
 [exec] ==> amazon-ebs: Inspecting the source AMI...
 [exec] ==> amazon-ebs: Creating temporary keypair: packer 56fdf982-6e59-d101-fede-07de5b642b52
 [exec] ==> amazon-ebs: Launching a source AWS instance...
 [exec]     amazon-ebs: Instance ID: i-057696a9d705231ff
 [exec] ==> amazon-ebs: Waiting for instance (i-057696a9d705231ff) to become ready...
 [exec] ==> amazon-ebs: Waiting for SSH to become available...
 [exec] ==> amazon-ebs: Connected to SSH!
 [exec] ==> amazon-ebs: Provisioning with shell script: /var/folders/jc/9j09z7nj3zj0f0qtlf0r1klm0000gn/T/packer-shell024315174
 [exec] ==> amazon-ebs: Uploading /Users/liora/git/Galaxy/.chef/liora.pem => /tmp/packer-chef-client/liora.pem
 [exec] ==> amazon-ebs: Provisioning with shell script: /var/folders/jc/9j09z7nj3zj0f0qtlf0r1klm0000gn/T/packer-shell214895278
 [exec]     amazon-ebs: Installing Chef...
 [exec]     amazon-ebs: curl -L https://www.chef.io/chef/install.sh | sudo bash
 [exec]     amazon-ebs: % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
 [exec]     amazon-ebs: Dload  Upload   Total   Spent    Left  Speed
 [exec]     amazon-ebs: ubuntu 12.04 x86_64
 [exec]     amazon-ebs: 100 19559  100 19559    0     0  19942      0 --:--:-- --:--:-- --:--:-- 20523
 [exec]     amazon-ebs: Getting information for chef stable  for ubuntu...
 [exec]     amazon-ebs: downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=&p=ubuntu&pv=12.04&m=x86_64
 [exec]     amazon-ebs: to file /tmp/install.sh.1070/metadata.txt
 [exec]     amazon-ebs: trying wget...
 [exec]     amazon-ebs: sha1 d202d57512b6a2d795d0fb6df566ca906745c7d8
 [exec]     amazon-ebs: sha256   92b7f3eba0a62b20eced2eae03ec2a5e382da4b044c38c20d2902393683c77f7
 [exec]     amazon-ebs: url  https://packages.chef.io/stable/ubuntu/12.04/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: version  12.8.1
 [exec]     amazon-ebs: downloaded metadata file looks valid...
 [exec]     amazon-ebs: downloading https://packages.chef.io/stable/ubuntu/12.04/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: to file /tmp/install.sh.1070/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: trying wget...
 [exec]     amazon-ebs: trying curl...
 [exec]     amazon-ebs: Comparing checksum with sha256sum...
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: You are installing an omnibus package without a version pin.  If you are installing
 [exec]     amazon-ebs: on production servers via an automated process this is DANGEROUS and you will
 [exec]     amazon-ebs: be upgraded without warning on new releases, even to new major releases.
 [exec]     amazon-ebs: Letting the version float is only appropriate in desktop, test, development or
 [exec]     amazon-ebs: CI/CD environments.
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: Installing chef
 [exec]     amazon-ebs: installing with dpkg...
 [exec]     amazon-ebs: Selecting previously unselected package chef.
 [exec]     amazon-ebs: (Reading database ... 47562 files and directories currently installed.)
 [exec]     amazon-ebs: Unpacking chef (from .../chef_12.8.1-1_amd64.deb) ...
 [exec]     amazon-ebs: Setting up chef (12.8.1-1) ...
 [exec]     amazon-ebs: Thank you for installing Chef!
 [exec]     amazon-ebs: Processing triggers for initramfs-tools ...
 [exec]     amazon-ebs: update-initramfs: Generating /boot/initrd.img-3.2.0-89-virtual
 [exec]     amazon-ebs: Creating directory: /tmp/packer-chef-client
 [exec]     amazon-ebs: Creating configuration file 'client.rb'
 [exec]     amazon-ebs: Uploading /Users/liora/git/Galaxy/.chef/liora.pem...
 [exec]     amazon-ebs: Creating JSON attribute file
 [exec]     amazon-ebs: Executing Chef: sudo chef-client --no-color -c /tmp/packer-chef-client/client.rb -j /tmp/packer-chef-client/first-boot.json
 [exec]     amazon-ebs: [2016-04-01T04:34:43+00:00] INFO: Forking chef instance to converge...
 [exec]     amazon-ebs: [2016-04-01T04:34:43+00:00] INFO: *** Chef 12.8.1 ***
 [exec]     amazon-ebs: [2016-04-01T04:34:43+00:00] INFO: Chef-client pid: 3176
 [exec]     amazon-ebs: [2016-04-01T04:34:45+00:00] INFO: HTTP Request Returned 401 Unauthorized: error
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: ================================================================================
 [exec]     amazon-ebs: Chef encountered an error attempting to load the node data for "liora"
 [exec]     amazon-ebs: ================================================================================
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: Authentication Error:
 [exec]     amazon-ebs: ---------------------
 [exec]     amazon-ebs: Failed to authenticate to the chef server (http 401).
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: Server Response:
 [exec]     amazon-ebs: ----------------
 [exec]     amazon-ebs: Invalid signature for user or client 'liora'
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: Relevant Config Settings:
 [exec]     amazon-ebs: -------------------------
 [exec]     amazon-ebs: chef_server_url   "https://api.opscode.com/organizations/lmb"
 [exec]     amazon-ebs: node_name         "liora"
 [exec]     amazon-ebs: client_key        "/tmp/packer-chef-client/liora.pem"
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: If these settings are correct, your client_key may be invalid, or
 [exec]     amazon-ebs: you may have a chef user with the same client name as this node.
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: [2016-04-01T04:34:45+00:00] ERROR: Running exception handlers
 [exec]     amazon-ebs: [2016-04-01T04:34:45+00:00] ERROR: Exception handlers complete
 [exec]     amazon-ebs: [2016-04-01T04:34:45+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
 [exec]     amazon-ebs: [2016-04-01T04:34:45+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
 [exec]     amazon-ebs: [2016-04-01T04:34:45+00:00] ERROR: 401 "Unauthorized"
 [exec]     amazon-ebs: [2016-04-01T04:34:46+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
 [exec]     amazon-ebs: Creating configuration file 'knife.rb'
 [exec] ==> amazon-ebs: Terminating the source AWS instance...
 [exec] ==> amazon-ebs: No AMIs to cleanup
 [exec] ==> amazon-ebs: Deleting temporary keypair...
 [exec] Build 'amazon-ebs' errored: Error executing Chef: Non-zero exit status: 1
 [exec] ==> Some builds didn't complete successfully and had errors:
 [exec] --> amazon-ebs: Error executing Chef: Non-zero exit status: 1
 [exec] ==> Builds finished but no artifacts were created.

Have you generated the validation key with matching client name from the chef.io site? If not, do so and use that. Whilst your client key might be valid I think chef isn't expecting it in this context.

I have used the 'Reset Validation key' function in the chef.io site. It indicates that key is for lmb-validator node, which doesn't exist. Should it be there? How do I create one?

Chef docs have instructions on creating a new validation key, which I
suggest you do, and give it the same client name as the one you give to the
chef client provisioner in packer.
On 1 Apr 2016 08:32, "Liora Milbaum" [email protected] wrote:

I have used the 'Reset Validation key' function in the chef.io site. It
indicates that key is for lmb-validator node, which doesn't exist. Should
it be there? How do I create one?

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
https://github.com/mitchellh/packer/issues/3402#issuecomment-204290605

Are we talking about validation key or validation node?
Validation key was generated and saved as lmb-validation.pem file

Validation node doesn't exist.

To clarify, go to chef.io, Policy->Clients->Create

Specify the client name, and check the 'validation client' checkbox. Save
the validation key, that's what you're using for validation_key_path, the
client name is what you're using for validation_client_name.

The node doesn't need to exist. It will register on the provisioning step
automatically, and a client.pem will automatically be downloaded from the
chef server for subsequent chef client calls in the future.

On 1 April 2016 at 09:06, Liora Milbaum [email protected] wrote:

Are we talking about validation key or validation node?
Validation key was generated and saved as lmb-validation.pem file

Validation node doesn't exist.

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
https://github.com/mitchellh/packer/issues/3402#issuecomment-204301070

OK. So, I do have a client named 'lmb-validator'. Reseted its key. Saved the private key in lmb-validator.pem file.

Here is my provisioner code:

"provisioners": [
    {
        "type": "shell",
        "inline": [
            "sudo mkdir -p /tmp/packer-chef-client",
            "sudo chmod 777 /tmp/packer-chef-client"
        ]
    },
    {
        "type": "file",
        "source": "{{user `galaxy_home`}}/.chef/lmb-validator.pem",
        "destination": "/tmp/packer-chef-client/lmb-validator.pem"
    },
    {
        "type": "shell",
        "inline": [
            "sudo chmod 400 /tmp/packer-chef-client/lmb-validator.pem"
        ]
    },
    {
        "type": "chef-client",
        "server_url": "https://api.opscode.com/organizations/lmb",
        "config_template": "{{user `galaxy_home`}}/templates/client.rb.template",
        "validation_client_name": "lmb-validator",
        "validation_key_path": "{{user `galaxy_home`}}/.chef/lmb-validator.pem",
        "skip_clean_node": true,
        "skip_clean_client": true,
        "run_list": [
            "role[clm-server]"
        ],
        "chef_environment": "{{user `chef_env`}}"
    }
]

Here is the result:

 [exec] amazon-ebs output will be in this color.
 [exec] ==> amazon-ebs: Prevalidating AMI Name...
 [exec] ==> amazon-ebs: Inspecting the source AMI...
 [exec] ==> amazon-ebs: Creating temporary keypair: packer 56fe3417-2297-29ea-4700-3d280d974e6a
 [exec] ==> amazon-ebs: Launching a source AWS instance...
 [exec]     amazon-ebs: Instance ID: i-098c92c6ae86a1e8c
 [exec] ==> amazon-ebs: Waiting for instance (i-098c92c6ae86a1e8c) to become ready...
 [exec] ==> amazon-ebs: Waiting for SSH to become available...
 [exec] ==> amazon-ebs: Connected to SSH!
 [exec] ==> amazon-ebs: Provisioning with shell script: /var/folders/jc/9j09z7nj3zj0f0qtlf0r1klm0000gn/T/packer-shell136729878
 [exec] ==> amazon-ebs: Uploading /Users/liora/git/Galaxy/.chef/lmb-validator.pem => /tmp/packer-chef-client/lmb-validator.pem
 [exec] ==> amazon-ebs: Provisioning with shell script: /var/folders/jc/9j09z7nj3zj0f0qtlf0r1klm0000gn/T/packer-shell313537861
 [exec]     amazon-ebs: Installing Chef...
 [exec]     amazon-ebs: curl -L https://www.chef.io/chef/install.sh | sudo bash
 [exec]     amazon-ebs: % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
 [exec]     amazon-ebs: Dload  Upload   Total   Spent    Left  Speed
 [exec]     amazon-ebs: ubuntu 12.04 x86_64
 [exec]     amazon-ebs: Getting information for chef stable  for ubuntu...
 [exec]     amazon-ebs: 100 19559  100 19559    0     0  94358      0 --:--:-- --:--:-- --:--:--  105k
 [exec]     amazon-ebs: downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=&p=ubuntu&pv=12.04&m=x86_64
 [exec]     amazon-ebs: to file /tmp/install.sh.1088/metadata.txt
 [exec]     amazon-ebs: trying wget...
 [exec]     amazon-ebs: sha1 d202d57512b6a2d795d0fb6df566ca906745c7d8
 [exec]     amazon-ebs: sha256   92b7f3eba0a62b20eced2eae03ec2a5e382da4b044c38c20d2902393683c77f7
 [exec]     amazon-ebs: url  https://packages.chef.io/stable/ubuntu/12.04/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: version  12.8.1
 [exec]     amazon-ebs: downloaded metadata file looks valid...
 [exec]     amazon-ebs: downloading https://packages.chef.io/stable/ubuntu/12.04/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: to file /tmp/install.sh.1088/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: trying wget...
 [exec]     amazon-ebs: trying curl...
 [exec]     amazon-ebs: Comparing checksum with sha256sum...
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: You are installing an omnibus package without a version pin.  If you are installing
 [exec]     amazon-ebs: on production servers via an automated process this is DANGEROUS and you will
 [exec]     amazon-ebs: be upgraded without warning on new releases, even to new major releases.
 [exec]     amazon-ebs: Letting the version float is only appropriate in desktop, test, development or
 [exec]     amazon-ebs: CI/CD environments.
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: Installing chef
 [exec]     amazon-ebs: installing with dpkg...
 [exec]     amazon-ebs: Selecting previously unselected package chef.
 [exec]     amazon-ebs: (Reading database ... 47562 files and directories currently installed.)
 [exec]     amazon-ebs: Unpacking chef (from .../chef_12.8.1-1_amd64.deb) ...
 [exec]     amazon-ebs: Setting up chef (12.8.1-1) ...
 [exec]     amazon-ebs: Thank you for installing Chef!
 [exec]     amazon-ebs: Processing triggers for initramfs-tools ...
 [exec]     amazon-ebs: update-initramfs: Generating /boot/initrd.img-3.2.0-89-virtual
 [exec]     amazon-ebs: Creating directory: /tmp/packer-chef-client
 [exec]     amazon-ebs: Creating configuration file 'client.rb'
 [exec]     amazon-ebs: Uploading /Users/liora/git/Galaxy/.chef/lmb-validator.pem...
 [exec]     amazon-ebs: Creating JSON attribute file
 [exec]     amazon-ebs: Executing Chef: sudo chef-client --no-color -c /tmp/packer-chef-client/client.rb -j /tmp/packer-chef-client/first-boot.json
 [exec]     amazon-ebs: [2016-04-01T08:45:11+00:00] INFO: Forking chef instance to converge...
 [exec]     amazon-ebs: [2016-04-01T08:45:11+00:00] INFO: *** Chef 12.8.1 ***
 [exec]     amazon-ebs: [2016-04-01T08:45:11+00:00] INFO: Chef-client pid: 3194
 [exec]     amazon-ebs: [2016-04-01T08:45:13+00:00] INFO: Client key /etc/chef/client.pem is not present - registering
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: ================================================================================
 [exec]     amazon-ebs: Chef encountered an error attempting to create the client "ip-10-0-0-132.eu-west-1.compute.internal"
 [exec]     amazon-ebs: ================================================================================
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: [2016-04-01T08:45:13+00:00] ERROR: Running exception handlers
 [exec]     amazon-ebs: [2016-04-01T08:45:13+00:00] ERROR: Exception handlers complete
 [exec]     amazon-ebs: [2016-04-01T08:45:13+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
 [exec]     amazon-ebs: [2016-04-01T08:45:13+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
 [exec]     amazon-ebs: [2016-04-01T08:45:13+00:00] ERROR: I can't write your private key to /etc/chef/client.pem - check permissions?
 [exec]     amazon-ebs: [2016-04-01T08:45:13+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
 [exec]     amazon-ebs: Creating configuration file 'knife.rb'
 [exec] ==> amazon-ebs: Terminating the source AWS instance...
 [exec] ==> amazon-ebs: No AMIs to cleanup
 [exec] ==> amazon-ebs: Deleting temporary keypair...
 [exec] Build 'amazon-ebs' errored: Error executing Chef: Non-zero exit status: 1
 [exec] ==> Some builds didn't complete successfully and had errors:
 [exec] --> amazon-ebs: Error executing Chef: Non-zero exit status: 1
 [exec] ==> Builds finished but no artifacts were created.

Can you query the contents of your client.rb file to see what configuration
is being passed to chef?

You might try chmodding the /etc/chef/ directory to see if it's an issue
with that. I've seen other bug reports complaining about that and I'm not
sure which are still current.

On 1 April 2016 at 09:49, Liora Milbaum [email protected] wrote:

OK. So, I do have a client named 'lmb-validator'. Reseted its key. Saved
the private key in lmb-validator.pem file.

Here is my provisioner code:

"provisioners": [
{
"type": "shell",
"inline": [
"sudo mkdir -p /tmp/packer-chef-client",
"sudo chmod 777 /tmp/packer-chef-client"
]
},
{
"type": "file",
"source": "{{user galaxy_home}}/.chef/lmb-validator.pem",
"destination": "/tmp/packer-chef-client/lmb-validator.pem"
},
{
"type": "shell",
"inline": [
"sudo chmod 400 /tmp/packer-chef-client/lmb-validator.pem"
]
},
{
"type": "chef-client",
"server_url": "https://api.opscode.com/organizations/lmb",
"config_template": "{{user galaxy_home}}/templates/client.rb.template",
"validation_client_name": "lmb-validator",
"validation_key_path": "{{user galaxy_home}}/.chef/lmb-validator.pem",
"skip_clean_node": true,
"skip_clean_client": true,
"run_list": [
"role[clm-server]"
],
"chef_environment": "{{user chef_env}}"
}
]

Here is the result:

[exec] �[1;32mamazon-ebs output will be in this color.�[0m
[exec] �[1;32m==> amazon-ebs: Prevalidating AMI Name...�[0m
[exec] �[1;32m==> amazon-ebs: Inspecting the source AMI...�[0m
[exec] �[1;32m==> amazon-ebs: Creating temporary keypair: packer 56fe3417-2297-29ea-4700-3d280d974e6a�[0m
[exec] �[1;32m==> amazon-ebs: Launching a source AWS instance...�[0m
[exec] �[0;32m amazon-ebs: Instance ID: i-098c92c6ae86a1e8c�[0m
[exec] �[1;32m==> amazon-ebs: Waiting for instance (i-098c92c6ae86a1e8c) to become ready...�[0m
[exec] �[1;32m==> amazon-ebs: Waiting for SSH to become available...�[0m
[exec] �[1;32m==> amazon-ebs: Connected to SSH!�[0m
[exec] �[1;32m==> amazon-ebs: Provisioning with shell script: /var/folders/jc/9j09z7nj3zj0f0qtlf0r1klm0000gn/T/packer-shell136729878�[0m
[exec] �[1;32m==> amazon-ebs: Uploading /Users/liora/git/Galaxy/.chef/lmb-validator.pem => /tmp/packer-chef-client/lmb-validator.pem�[0m
[exec] �[1;32m==> amazon-ebs: Provisioning with shell script: /var/folders/jc/9j09z7nj3zj0f0qtlf0r1klm0000gn/T/packer-shell313537861�[0m
[exec] �[0;32m amazon-ebs: Installing Chef...�[0m
[exec] �[0;32m amazon-ebs: curl -L https://www.chef.io/chef/install.sh | sudo bash�[0m
[exec] �[0;32m amazon-ebs: % Total % Received % Xferd Average Speed Time Time Time Current�[0m
[exec] �[0;32m amazon-ebs: Dload Upload Total Spent Left Speed�[0m
[exec] �[0;32m amazon-ebs: ubuntu 12.04 x86_64�[0m
[exec] �[0;32m amazon-ebs: Getting information for chef stable for ubuntu...�[0m
[exec] �[0;32m amazon-ebs: 100 19559 100 19559 0 0 94358 0 --:--:-- --:--:-- --:--:-- 105k�[0m
[exec] �[0;32m amazon-ebs: downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=&p=ubuntu&pv=12.04&m=x86_64�[0m
[exec] �[0;32m amazon-ebs: to file /tmp/install.sh.1088/metadata.txt�[0m
[exec] �[0;32m amazon-ebs: trying wget...�[0m
[exec] �[0;32m amazon-ebs: sha1 d202d57512b6a2d795d0fb6df566ca906745c7d8�[0m
[exec] �[0;32m amazon-ebs: sha256 92b7f3eba0a62b20eced2eae03ec2a5e382da4b044c38c20d2902393683c77f7�[0m
[exec] �[0;32m amazon-ebs: url https://packages.chef.io/stable/ubuntu/12.04/chef_12.8.1-1_amd64.deb�[0m
[exec] �[0;32m amazon-ebs: version 12.8.1�[0m
[exec] �[0;32m amazon-ebs: downloaded metadata file looks valid...�[0m
[exec] �[0;32m amazon-ebs: downloading https://packages.chef.io/stable/ubuntu/12.04/chef_12.8.1-1_amd64.deb�[0m
[exec] �[0;32m amazon-ebs: to file /tmp/install.sh.1088/chef_12.8.1-1_amd64.deb�[0m
[exec] �[0;32m amazon-ebs: trying wget...�[0m
[exec] �[0;32m amazon-ebs: trying curl...�[0m
[exec] �[0;32m amazon-ebs: Comparing checksum with sha256sum...�[0m
[exec] �[0;32m amazon-ebs:�[0m
[exec] �[0;32m amazon-ebs: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING�[0m
[exec] �[0;32m amazon-ebs:�[0m
[exec] �[0;32m amazon-ebs: You are installing an omnibus package without a version pin. If you are installing�[0m
[exec] �[0;32m amazon-ebs: on production servers via an automated process this is DANGEROUS and you will�[0m
[exec] �[0;32m amazon-ebs: be upgraded without warning on new releases, even to new major releases.�[0m
[exec] �[0;32m amazon-ebs: Letting the version float is only appropriate in desktop, test, development or�[0m
[exec] �[0;32m amazon-ebs: CI/CD environments.�[0m
[exec] �[0;32m amazon-ebs:�[0m
[exec] �[0;32m amazon-ebs: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING�[0m
[exec] �[0;32m amazon-ebs:�[0m
[exec] �[0;32m amazon-ebs: Installing chef�[0m
[exec] �[0;32m amazon-ebs: installing with dpkg...�[0m
[exec] �[0;32m amazon-ebs: Selecting previously unselected package chef.�[0m
[exec] �[0;32m amazon-ebs: (Reading database ... 47562 files and directories currently installed.)�[0m
[exec] �[0;32m amazon-ebs: Unpacking chef (from .../chef_12.8.1-1_amd64.deb) ...�[0m
[exec] �[0;32m amazon-ebs: Setting up chef (12.8.1-1) ...�[0m
[exec] �[0;32m amazon-ebs: Thank you for installing Chef!�[0m
[exec] �[0;32m amazon-ebs: Processing triggers for initramfs-tools ...�[0m
[exec] �[0;32m amazon-ebs: update-initramfs: Generating /boot/initrd.img-3.2.0-89-virtual�[0m
[exec] �[0;32m amazon-ebs: Creating directory: /tmp/packer-chef-client�[0m
[exec] �[0;32m amazon-ebs: Creating configuration file 'client.rb'�[0m
[exec] �[0;32m amazon-ebs: Uploading /Users/liora/git/Galaxy/.chef/lmb-validator.pem...�[0m
[exec] �[0;32m amazon-ebs: Creating JSON attribute file�[0m
[exec] �[0;32m amazon-ebs: Executing Chef: sudo chef-client --no-color -c /tmp/packer-chef-client/client.rb -j /tmp/packer-chef-client/first-boot.json�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:11+00:00] INFO: Forking chef instance to converge...�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:11+00:00] INFO: * Chef 12.8.1 *�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:11+00:00] INFO: Chef-client pid: 3194�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:13+00:00] INFO: Client key /etc/chef/client.pem is not present - registering�[0m
[exec] �[0;32m amazon-ebs:�[0m
[exec] �[0;32m amazon-ebs: ================================================================================�[0m
[exec] �[0;32m amazon-ebs: Chef encountered an error attempting to create the client "ip-10-0-0-132.eu-west-1.compute.internal"�[0m
[exec] �[0;32m amazon-ebs: ================================================================================�[0m
[exec] �[0;32m amazon-ebs:�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:13+00:00] ERROR: Running exception handlers�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:13+00:00] ERROR: Exception handlers complete�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:13+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:13+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:13+00:00] ERROR: I can't write your private key to /etc/chef/client.pem - check permissions?�[0m
[exec] �[0;32m amazon-ebs: [2016-04-01T08:45:13+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)�[0m
[exec] �[0;32m amazon-ebs: Creating configuration file 'knife.rb'�[0m
[exec] �[1;32m==> amazon-ebs: Terminating the source AWS instance...�[0m
[exec] �[1;32m==> amazon-ebs: No AMIs to cleanup�[0m
[exec] �[1;32m==> amazon-ebs: Deleting temporary keypair...�[0m
[exec] �[1;31mBuild 'amazon-ebs' errored: Error executing Chef: Non-zero exit status: 1�[0m
[exec] ==> Some builds didn't complete successfully and had errors:
[exec] --> amazon-ebs: Error executing Chef: Non-zero exit status: 1
[exec] ==> Builds finished but no artifacts were created.

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
https://github.com/mitchellh/packer/issues/3402#issuecomment-204311769

I will try to troubleshoot the client.rb file. Meanwhile, here is my progress:
Where did the validation.pem file come from?

"provisioners": [
    {
        "type": "shell",
        "inline": [
            "echo 'creating chef/packer directories'",
            "sudo mkdir -p /tmp/packer-chef-client",
            "sudo chmod 777 /tmp/packer-chef-client",
            "sudo mkdir -p /etc/chef",
            "sudo chmod 777 /etc/chef",
            "echo 'done'"
        ]
    },
    {
        "type": "file",
        "source": "{{user `galaxy_home`}}/.chef/lmb-validator.pem",
        "destination": "/tmp/packer-chef-client/lmb-validator.pem"
    },
    {
        "type": "shell",
        "inline": [
            "sudo chmod 400 /tmp/packer-chef-client/lmb-validator.pem"
        ]
    },
    {
        "type": "chef-client",
        "server_url": "https://api.opscode.com/organizations/lmb",
        "config_template": "{{user `galaxy_home`}}/templates/client.rb.template",
        "validation_client_name": "lmb-validator",
        "validation_key_path": "{{user `galaxy_home`}}/.chef/lmb-validator.pem",
        "skip_clean_node": true,
        "skip_clean_client": true,
        "staging_directory": "/tmp/packer-chef-client",
        "run_list": [
            "role[clm-server]"
        ],
        "chef_environment": "{{user `chef_env`}}"
    }
]

 [exec] amazon-ebs output will be in this color.
 [exec] ==> amazon-ebs: Prevalidating AMI Name...
 [exec] ==> amazon-ebs: Inspecting the source AMI...
 [exec] ==> amazon-ebs: Creating temporary keypair: packer 56fe41e4-ac93-9755-db44-bfc6afe3c9c7
 [exec] ==> amazon-ebs: Launching a source AWS instance...
 [exec]     amazon-ebs: Instance ID: i-05b7560a8bd60555d
 [exec] ==> amazon-ebs: Waiting for instance (i-05b7560a8bd60555d) to become ready...
 [exec] ==> amazon-ebs: Waiting for SSH to become available...
 [exec] ==> amazon-ebs: Connected to SSH!
 [exec] ==> amazon-ebs: Provisioning with shell script: /var/folders/jc/9j09z7nj3zj0f0qtlf0r1klm0000gn/T/packer-shell835364931
 [exec]     amazon-ebs: creating chef/packer directories
 [exec]     amazon-ebs: done
 [exec] ==> amazon-ebs: Uploading /Users/liora/git/Galaxy/.chef/lmb-validator.pem => /tmp/packer-chef-client/lmb-validator.pem
 [exec] ==> amazon-ebs: Provisioning with shell script: /var/folders/jc/9j09z7nj3zj0f0qtlf0r1klm0000gn/T/packer-shell670221672
 [exec]     amazon-ebs: Installing Chef...
 [exec]     amazon-ebs: curl -L https://www.chef.io/chef/install.sh | sudo bash
 [exec]     amazon-ebs: % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
 [exec]     amazon-ebs: Dload  Upload   Total   Spent    Left  Speed
 [exec]     amazon-ebs: 100 19559  100 19559    0     0  88797      0 --:--:-- --:--:-- --:--:--  106k
 [exec]     amazon-ebs: ubuntu 12.04 x86_64
 [exec]     amazon-ebs: Getting information for chef stable  for ubuntu...
 [exec]     amazon-ebs: downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=&p=ubuntu&pv=12.04&m=x86_64
 [exec]     amazon-ebs: to file /tmp/install.sh.1065/metadata.txt
 [exec]     amazon-ebs: trying wget...
 [exec]     amazon-ebs: sha1 d202d57512b6a2d795d0fb6df566ca906745c7d8
 [exec]     amazon-ebs: sha256   92b7f3eba0a62b20eced2eae03ec2a5e382da4b044c38c20d2902393683c77f7
 [exec]     amazon-ebs: url  https://packages.chef.io/stable/ubuntu/12.04/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: version  12.8.1
 [exec]     amazon-ebs: downloaded metadata file looks valid...
 [exec]     amazon-ebs: downloading https://packages.chef.io/stable/ubuntu/12.04/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: to file /tmp/install.sh.1065/chef_12.8.1-1_amd64.deb
 [exec]     amazon-ebs: trying wget...
 [exec]     amazon-ebs: trying curl...
 [exec]     amazon-ebs: Comparing checksum with sha256sum...
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: You are installing an omnibus package without a version pin.  If you are installing
 [exec]     amazon-ebs: on production servers via an automated process this is DANGEROUS and you will
 [exec]     amazon-ebs: be upgraded without warning on new releases, even to new major releases.
 [exec]     amazon-ebs: Letting the version float is only appropriate in desktop, test, development or
 [exec]     amazon-ebs: CI/CD environments.
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: Installing chef
 [exec]     amazon-ebs: installing with dpkg...
 [exec]     amazon-ebs: Selecting previously unselected package chef.
 [exec]     amazon-ebs: (Reading database ... 47562 files and directories currently installed.)
 [exec]     amazon-ebs: Unpacking chef (from .../chef_12.8.1-1_amd64.deb) ...
 [exec]     amazon-ebs: Setting up chef (12.8.1-1) ...
 [exec]     amazon-ebs: Thank you for installing Chef!
 [exec]     amazon-ebs: Processing triggers for initramfs-tools ...
 [exec]     amazon-ebs: update-initramfs: Generating /boot/initrd.img-3.2.0-89-virtual
 [exec]     amazon-ebs: Creating directory: /tmp/packer-chef-client
 [exec]     amazon-ebs: Creating configuration file 'client.rb'
 [exec]     amazon-ebs: Uploading /Users/liora/git/Galaxy/.chef/lmb-validator.pem...
 [exec]     amazon-ebs: Creating JSON attribute file
 [exec]     amazon-ebs: Executing Chef: sudo chef-client --no-color -c /tmp/packer-chef-client/client.rb -j /tmp/packer-chef-client/first-boot.json
 [exec]     amazon-ebs: [2016-04-01T09:44:23+00:00] INFO: Forking chef instance to converge...
 [exec]     amazon-ebs: [2016-04-01T09:44:23+00:00] INFO: *** Chef 12.8.1 ***
 [exec]     amazon-ebs: [2016-04-01T09:44:23+00:00] INFO: Chef-client pid: 3183
 [exec]     amazon-ebs: [2016-04-01T09:44:25+00:00] INFO: Client key /etc/chef/client.pem is not present - registering
 [exec]     amazon-ebs: [2016-04-01T09:44:25+00:00] WARN: Failed to read the private key /etc/chef/validation.pem: #<Errno::ENOENT: No such file or directory @ rb_sysopen - /etc/chef/validation.pem>
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: ================================================================================
 [exec]     amazon-ebs: Chef encountered an error attempting to create the client "ip-10-0-0-229.eu-west-1.compute.internal"
 [exec]     amazon-ebs: ================================================================================
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: Private Key Not Found:
 [exec]     amazon-ebs: ----------------------
 [exec]     amazon-ebs: Your private key could not be loaded. If the key file exists, ensure that it is
 [exec]     amazon-ebs: readable by chef-client.
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: Relevant Config Settings:
 [exec]     amazon-ebs: -------------------------
 [exec]     amazon-ebs: validation_key "/etc/chef/validation.pem"
 [exec]     amazon-ebs:
 [exec]     amazon-ebs: [2016-04-01T09:44:25+00:00] ERROR: Running exception handlers
 [exec]     amazon-ebs: [2016-04-01T09:44:25+00:00] ERROR: Exception handlers complete
 [exec]     amazon-ebs: [2016-04-01T09:44:25+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
 [exec]     amazon-ebs: [2016-04-01T09:44:25+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
 [exec]     amazon-ebs: [2016-04-01T09:44:25+00:00] ERROR: I cannot read /etc/chef/validation.pem, which you told me to use to sign requests!
 [exec]     amazon-ebs: [2016-04-01T09:44:25+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
 [exec]     amazon-ebs: Creating configuration file 'knife.rb'
 [exec] ==> amazon-ebs: Terminating the source AWS instance...
 [exec] ==> amazon-ebs: No AMIs to cleanup
 [exec] ==> amazon-ebs: Deleting temporary keypair...
 [exec] Build 'amazon-ebs' errored: Error executing Chef: Non-zero exit status: 1
 [exec] ==> Some builds didn't complete successfully and had errors:
 [exec] --> amazon-ebs: Error executing Chef: Non-zero exit status: 1
 [exec] ==> Builds finished but no artifacts were created.

Ah OK. This is just a chef-client provisioner bug. It doesn't honour the name of the validation key you set, so it looks for validation.pem in the /etc/chef/ directory.

Change your pre-chef provisioning step to this:

{
        "type": "file",
        "source": "{{user `galaxy_home`}}/.chef/lmb-validator.pem",
        "destination": "/etc/chef/validation.pem"
    },

and you should be good :)

Finally. I am good to go.

Here is the provisioner code which works.

Pete, thanks for the dedication.

"provisioners": [
    {
        "type": "shell",
        "inline": [
            "echo 'creating chef/packer directories'",
            "sudo mkdir -p /tmp/packer-chef-client",
            "sudo chmod 777 /tmp/packer-chef-client",
            "sudo mkdir -p /etc/chef",
            "sudo chmod 777 /etc/chef",
            "echo 'done'"
        ]
    },
    {
        "type": "file",
        "source": "{{user `galaxy_home`}}/.chef/lmb-validator.pem",
        "destination": "/tmp/packer-chef-client/lmb-validator.pem"
    },
    {
        "type": "shell",
        "inline": [
            "sudo chmod 400 /tmp/packer-chef-client/lmb-validator.pem"
        ]
    },
    {
        "type": "file",
        "source": "{{user `galaxy_home`}}/.chef/lmb-validator.pem",
        "destination": "/etc/chef/validation.pem"
    },
    {
        "type": "shell",
        "inline": [
            "sudo chmod 400 /etc/chef/validation.pem"
        ]
    },
    {
        "type": "chef-client",
        "server_url": "https://api.opscode.com/organizations/lmb",
        "validation_client_name": "lmb-validator",
        "validation_key_path": "{{user `galaxy_home`}}/.chef/lmb-validator.pem",
        "run_list": [
            "role[clm-server]"
        ],
        "chef_environment": "{{user `chef_env`}}"
    }
]

No problem, I know how maddening it is when it doesn't work and you can't
work out why! In this case, it's just a bug that will hopefully be fixed
soon :)
On 1 Apr 2016 12:13, "Liora Milbaum" [email protected] wrote:

Finally. I am go to go.

Here is the provisioner code which works.

Pete, thanks for the dedication.

"provisioners": [
{
"type": "shell",
"inline": [
"echo 'creating chef/packer directories'",
"sudo mkdir -p /tmp/packer-chef-client",
"sudo chmod 777 /tmp/packer-chef-client",
"sudo mkdir -p /etc/chef",
"sudo chmod 777 /etc/chef",
"echo 'done'"
]
},
{
"type": "file",
"source": "{{user galaxy_home}}/.chef/lmb-validator.pem",
"destination": "/tmp/packer-chef-client/lmb-validator.pem"
},
{
"type": "shell",
"inline": [
"sudo chmod 400 /tmp/packer-chef-client/lmb-validator.pem"
]
},
{
"type": "file",
"source": "{{user galaxy_home}}/.chef/lmb-validator.pem",
"destination": "/etc/chef/validation.pem"
},
{
"type": "shell",
"inline": [
"sudo chmod 400 /etc/chef/validation.pem"
]
},
{
"type": "chef-client",
"server_url": "https://api.opscode.com/organizations/lmb",
"validation_client_name": "lmb-validator",
"validation_key_path": "{{user galaxy_home}}/.chef/lmb-validator.pem",
"run_list": [
"role[clm-server]"
],
"chef_environment": "{{user chef_env}}"
}
]

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
https://github.com/mitchellh/packer/issues/3402#issuecomment-204351071

@lioramilbaum This was super helpful. Thanks for following through and posting the solution!