Encrypted Data Bags – Chef

September 15, 2016 Leave a comment
Data Bags are a way to store information on the chef-server which all the cookbooks can access.
Few more additional advantages are that we can encrypt the data-bags as well, this will help in keeping any sensitive information like user/password.
What we are doing now is to store user information in a data-bag and use them to create users on the servers.
We will be using users cookbook to create the users.

users cookbook details.

Steps.

  1. Create a secret file.
  2. Create json user files.
  3. Create data-bag on the chef-server.
  4. Add the local user.json file to data-bag with the secret file created.

Creating secret file.

We will be using the openssl to create a random file.
user secret.
openssl rand -base64 512 > ~/work/chef-repo/cookbooks/init-setup/secret-files/user_data_bags_encrypted_secret
Here is how the file would look like.
┌─[ahmed][zubair-HP-ProBook][~]
└─▪ openssl rand -base64 512
whPbpd9VtLSYsasvnqdiSpWKsSB3hp8S3dwyNpEOBFFCjYQjvxe2DNJp2v4Ow2qM
4Y3TUSrXqSkiR7BqzdnTAi2wrUOaqjxCpf4yUdbkCaeEAFJpegkJ9gCYQvVXMH72
36YQZO+xbZUvSHMaWGnkh2H0KNqeKgk+ytCKotWX2FQkcCGtzbn8RMCWx60lswpc
ZGUN6kzV+jwDkyDyFPmKkheOM0wowcKrDMogyccsGpPE2v/j/nLp7YngxyxQboxh
eE+xXhKiyB4C4s3IkowUy03ucFNWanU2BWOkVqzJKDW6w5YZXFBuEe9awLgryj+8
FtROy1fttfsjR5zmnim3iU5XgdvQB2F3oof4cz83XVLJh+/HRhZc0FybKC0fO0dV
DVxJqIYIafrDTEEZPXXbDBSpPZoKNHQOUWT1y5av9tOMTFYofTSGlKqhy1bvGXiQ
Md7ra04m0abJ0xTarT++MfwkeKStlaM9LtTWE165FYmOtG91SEvp0iEnnN2+USIN
AVxuep4D3rE4hSazHKG3SDUy7GbQe69d57fLUSoHZc/RUYasVUQ8Glh+MmN6WqW6
YYdxktu2iWslYc3C+dNgy+6t5i9NnCon82xdXA25dC0JM7IYcEBn4FTqOx2pnN4m
hQx/5xJgZ3uI3BUMyTjCJotbwb1ut3GntHpkNb1ZHmg=

Creating user.json files in data_bags directory.

We can create the json files anywhere we want, but will be using the default location for data_bags.
Creating directory for our data bag.
mkdir data_bags/user_data_bag
mkdir data_bags/root_data_bag

Adding json files to our directory.

┌─[ahmed][zubair-HP-ProBook][±][master U:1 ✗][~/work/chef-repo/cookbooks/init-setup/data_bags]
└─▪ tree
.
|____user_data_bag
| |____sysadmin.json
|____root_data_bag
  |____root.json

We will be creating a user called sysadmin.

we are setting the password as sysadmin@123. We can generate our own using the below command.
┌─[ahmed][zubair-HP-ProBook][~]
└─▪ openssl passwd -1 'root@007'
$1$JbS7rQs0$dRIRoWJ7HIRIAftFoD/iF/
┌─[ahmed][zubair-HP-ProBook][~]
└─▪ openssl passwd -1 'sysadmin@123'
$1$Uat6dd6b$0FYr2a7NUpX8AnHQtaDwY/
┌─[ahmed][zubair-HP-ProBook][~]
└─▪
json file for sysadmin
{
     "id": "sysadmin",
     "password": "$1$Uat6dd6b$0FYr2a7NUpX8AnHQtaDwY/",
     "groups": [
       "sysadmin"
     ],
     "uid": 9000,
     "shell": "/bin/bash"
}

Update root password.

Here the json for root.
{
     "id": "root",
     "password": "$1$JbS7rQs0$dRIRoWJ7HIRIAftFoD/iF/",
     "uid": 0,
     "home" : "/root",
     "groups": ["root"],
     "action": "modify"
}

Next we create the data-bag on the chef-server.

First we create the data-bag called root_data_bag and store the root-user information.
This is to make sure we separate the root user from the rest of the common users.
knife data bag create 
knife data bag from file   --secret-file 
Here is the command to create root_data_bag
knife data bag create root_data_bag
knife data bag from file root_data_bag data_bags/root_data_bag/root.json --secret-file secret-file/user_data_bags_encrypted_secret
Here is the command to create user_data_bag
knife data bag create user_data_bag
knife data bag from file user_data_bag data_bags/user_data_bag/sysadmin.json --secret-file secret-file/user_data_bags_encrypted_secret

[TESTING] Setting up test environment, .kitchen.yml file.

Above is to run using the chef-server, if we want to test the setup using kitchen.
  1. Get the encrypted file from the chef-server.
  2. Create a new directory to store the encrypted data bags.
  3. Update .kitchen.yml file.

First we can get the data from the server using the --secret-file to verify the contents.

Command to get the Information.
knife data bag show --secret-file   
Here is the output.
┌─[ahmed][zubair-HP-ProBook][±][master U:1 ?:4 ✗][~/work/chef-repo/cookbooks/init-setup]
└─▪ knife data bag show --secret-file secret-file/user_data_bags_encrypted_secret user_data_bag sysadmin
Encrypted data bag detected, decrypting with provided secret.
groups:   sysadmin
id:       sysadmin
password: $1$crcL.lu/$uIR/GRpX7aMnI2wUTT31S0
shell:    /bin/bash
uid:      9000

Next we get the encrypted data from the chef-server.

Use the command below.
knife data bag show user_data_bag sysadmin -Fj
Here is the output of the file.
┌─[ahmed][zubair-HP-ProBook][±][master U:1 ?:4 ✗][~/work/chef-repo/cookbooks/init-setup]
└─▪ knife data bag show user_data_bag sysadmin -Fj
WARNING: Encrypted data bag detected, but no secret provided for decoding. Displaying encrypted data.
{
  "id": "sysadmin",
  "password": {
    "encrypted_data": "QEQV2MBkDh6FOlO29vJgdgoM1kNH6xNkfBrB2K8E9WcfHOYdkHzZUuu0lMJU\nbqSW5TaWiW60gP3Xcgn/jOxVnw==\n",
    "iv": "Oro4TJcXRwbXAb8tG+3eJQ==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "groups": {
    "encrypted_data": "qEws3EZsvgzYJmRpzFTEQQJAZcYHLkbzYpwzZyGZbT0=\n",
    "iv": "usca8tkD0/tatXxX17KAKQ==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "uid": {
    "encrypted_data": "leILI+0wFS258IXf5UuNMBh+ZhKW+hJiQ0mtsW2a9gg=\n",
    "iv": "AiWB2YnkGHIkZzgivkmfjA==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "shell": {
    "encrypted_data": "61OW+eH8dynbXuL/HxWWuYHIJzd8ODB0H/MXA9tM69A=\n",
    "iv": "5SJcvDoBZdto5p2HKerUkg==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  }
}
  • Lets create a directory to store our encrypted data bag. mkdir ${COOKBOOK_HOME}/testing_encrypted_data_bags/data_bags/user_data_bag
  • Now copy this above contents (which is encrypted) into a directory created above.
vim ${COOKBOOK_HOME}/testing_encrypted_data_bags/data_bags/user_data_bag/sysadmin.json

Adding below lines to your .kitchen.yml file.

data_bags_path: '/home/ahmed/work/chef-repo/cookbooks/init-setup/testing_encrypted_data_bags/data_bags'
encrypted_data_bag_secret_key_path: "/home/ahmed/work/chef-repo/cookbooks/init-setup/secret-file/user_data_bags_encrypted_secret"
Here is the complete yml file.
---
driver:
  name: vagrant

provisioner:
  name: chef_zero

# Uncomment the following verifier to leverage Inspec instead of Busser (the
# default verifier)
# verifier:
#   name: inspec

platforms:
  - name: ubuntu/trusty64

suites:
  - name: default
    data_bags_path: '/home/ahmed/work/chef-repo/cookbooks/init-setup/testing_encrypted_data_bags/data_bags'
    encrypted_data_bag_secret_key_path: "/home/ahmed/work/chef-repo/cookbooks/init-setup/secret-file/user_data_bags_encrypted_secret"
    run_list:
    - recipe[init-setup::default]
    attributes:

Commands to test using kitchen.

Creating the VM.
┌─[ahmed][zubair-HP-ProBook][±][master U:3 ?:1 ✗][~/work/chef-repo/cookbooks/init-setup]
└─▪ kitchen list
Instance                 Driver   Provisioner  Verifier  Transport  Last Action
default-ubuntu-trusty64  Vagrant  ChefZero     Busser    Ssh        
┌─[ahmed][zubair-HP-ProBook][±][master U:3 ?:1 ✗][~/work/chef-repo/cookbooks/init-setup]
└─▪ kitchen create
-----> Starting Kitchen (v1.8.0)
-----> Creating ...
       Bringing machine 'default' up with 'virtualbox' provider...
       ==> default: Checking if box 'ubuntu/trusty64' is up to date...
       ==> default: A newer version of the box 'ubuntu/trusty64' is available! You currently
       ==> default: have version '20160824.1.0'. The latest is version '20160830.0.0'. Run
       ==> default: `vagrant box update` to update.
       ==> default: VirtualBox VM is already running.
       [SSH] Established
       Vagrant instance  created.
       Finished creating  (0m15.68s).
-----> Kitchen is finished. (0m16.03s)
┌─[ahmed][zubair-HP-ProBook][±][master U:3 ?:1 ✗][~/work/chef-repo/cookbooks/init-setup]
└─▪ kitchen list
Instance                 Driver   Provisioner  Verifier  Transport  Last Action
default-ubuntu-trusty64  Vagrant  ChefZero     Busser    Ssh        Created
Converging VM.
┌─[ahmed][zubair-HP-ProBook][±][master U:3 ?:1 ✗][~/work/chef-repo/cookbooks/init-setup]
└─▪ kitchen converge
-----> Starting Kitchen (v1.8.0)
-----> Converging ...
       Preparing files for transfer
       Preparing dna.json
       Resolving cookbook dependencies with Berkshelf 4.3.3...
       Removing non-cookbook files before transfer
       Preparing data_bags
       Preparing secret
       Preparing validation.pem
       Preparing client.rb
-----> Chef Omnibus installation detected (install only if missing)
       Transferring files to 
       Starting Chef Client, version 12.13.37
       Creating a new client identity for default-ubuntu-trusty64 using the validator key.
       resolving cookbooks for run list: ["init-setup::default"]
       Synchronizing Cookbooks:
         - init-setup (0.1.3)
         - chef-client (5.0.0)
         - users (3.0.0)
         - ntp (2.0.2)
         - apt-upgrade-once (0.2.1)
         - openssh (2.0.0)
         - sudo (2.11.0)
         - openssl-source (1.0.4)
         - nrpe (1.6.2)
         - cron (1.7.6)
         - logrotate (2.1.0)
         - iptables (2.2.0)
         - build-essential (6.0.4)
         - windows (1.44.3)
         - yum-epel (0.7.1)
         - compat_resource (12.14.0)
         - seven_zip (2.0.2)
         - chef_handler (1.4.0)
         - mingw (1.2.4)
         - yum (3.12.0)
       Installing Cookbook Gems:
       Compiling Cookbooks...
       /tmp/kitchen/cache/cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/run_context.rb:643: warning: already initialized constant Chef::RunContext::ChildRunContext::CHILD_STATE
       /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.13.37/lib/chef/run_context.rb:634: warning: previous definition of CHILD_STATE was here
       /tmp/kitchen/cache/cookbooks/compat_resource/libraries/chef_upstream_version.rb:2: warning: already initialized constant ChefCompat::CHEF_UPSTREAM_VERSION
       /tmp/kitchen/cache/cookbooks/compat_resource/libraries/chef_upstream_version.rb:2: warning: previous definition of CHEF_UPSTREAM_VERSION was here
       Converging 58 resources
       Recipe: init-setup::default
         * log[Welcome to Chef, Team!] action write

         * log[=============================] action write

         * log[Welcome to Server : default-ubuntu-trusty64] action write

         * log[=============================] action write

         * log[Server Hostname : default-ubuntu-trusty64 ] action write

         * log[Server Platform : ubuntu ] action write

         * log[Server IP Address : 10.0.2.15 ] action write

         * log[Server MAC Address : 08:00:27:1A:E9:1A ] action write

         * log[Server Recipes : ["init-setup::default"] ] action write

         * log[Server Roles : [] ] action write

         * log[Server OHAI Time : 1473215635.1009629 ] action write

         * users_manage[sysadmin] action create
           * group[sysadmin] action create (skipped due to only_if)
           * user[sysadmin] action create (up to date)
           * directory[/home/sysadmin/.ssh] action create (skipped due to only_if)
           * template[/home/sysadmin/.ssh/authorized_keys] action create (skipped due to only_if)
           * group[sysadmin] action create (up to date)
            (up to date)
         * users_manage[root] action create
           * group[root] action create (skipped due to only_if)
           * user[root] action modify (up to date)
           * directory[/root/.ssh] action create (skipped due to only_if)
           * template[/root/.ssh/authorized_keys] action create (skipped due to only_if)
           * group[root] action create (up to date)
            (up to date)
       Recipe: sudo::default
         * apt_package[sudo] action install (skipped due to not_if)
         * template[/etc/sudoers] action create (up to date)
       Recipe: apt-upgrade-once::default
         * execute[apt-update] action nothing (skipped due to action :nothing)
         * execute[apt-upgrade] action nothing (skipped due to action :nothing)
         * file[/etc/.apt-upgrade-run] action create (up to date)
       Recipe: openssh::default
         * apt_package[openssh-client] action install (up to date)
         * apt_package[openssh-server] action install (up to date)
         * template[/etc/ssh/ssh_config] action create (up to date)
         * template[/etc/ssh/sshd_config] action create (up to date)
         * execute[sshd-config-check] action nothing (skipped due to action :nothing)
         * service[ssh] action enable (up to date)
         * service[ssh] action start (up to date)
       Recipe: ntp::default
         * apt_package[ntp] action install (up to date)
         * apt_package[ntpdate] action install (up to date)
         * directory[/var/lib/ntp] action create (up to date)
         * directory[/var/log/ntpstats/] action create (up to date)
         * cookbook_file[/etc/ntp.leapseconds] action create (up to date)
       Recipe: ntp::apparmor
         * service[apparmor] action nothing (skipped due to action :nothing)
         * cookbook_file[/etc/apparmor.d/usr.sbin.ntpd] action create (up to date)
       Recipe: ntp::default
         * template[/etc/ntp.conf] action create (up to date)
         * execute[Force sync hardware clock with system clock] action run (skipped due to only_if)
         * service[ntp] action enable (up to date)
         * service[ntp] action start (up to date)
       Recipe: init-setup::default
         * apt_package[make] action install (up to date)
         * apt_package[gcc] action install (up to date)
         * apt_package[open-vm-tools] action install (up to date)
       Recipe: openssl-source::default
         * remote_file[/tmp/kitchen/cache/openssl-1.0.2f.tar.gz] action create (skipped due to not_if)
         * execute[unarchive_openssl] action nothing (skipped due to action :nothing)
         * execute[compile_openssl_source] action nothing (skipped due to action :nothing)
         * ruby_block[sync certificates] action nothing (skipped due to action :nothing)
         * execute[hash certificates with SHA1] action nothing (skipped due to action :nothing)
       Recipe: nrpe::_package_install
         * apt_package[nagios-nrpe-server] action install (up to date)
         * apt_package[nagios-plugins] action install (up to date)
         * apt_package[nagios-plugins-basic] action install (up to date)
         * apt_package[nagios-plugins-standard] action install (up to date)
       Recipe: nrpe::configure
         * directory[/etc/nagios/nrpe.d] action create (up to date)
         * template[/etc/nagios/nrpe.cfg] action create (up to date)
         * execute[nrpe-reload-systemd] action nothing (skipped due to action :nothing)
         * template[/lib/systemd/system/nrpe.service] action create (skipped due to only_if)
         * service[nagios-nrpe-server] action start (up to date)
         * service[nagios-nrpe-server] action enable (up to date)
         * ruby_block[updating of the list of checks] action run
           - execute the ruby block updating of the list of checks
       Recipe: init-setup::default
         * nrpe_check[check_users] action add
           * file[/etc/nagios/nrpe.d/check_users.cfg] action create (up to date)
            (up to date)
         * nrpe_check[check_load] action add
           * file[/etc/nagios/nrpe.d/check_load.cfg] action create (up to date)
            (up to date)
         * nrpe_check[check_hda1] action add
           * file[/etc/nagios/nrpe.d/check_hda1.cfg] action create (up to date)
            (up to date)
         * nrpe_check[check_zombie_procs] action add
           * file[/etc/nagios/nrpe.d/check_zombie_procs.cfg] action create (up to date)
            (up to date)
         * nrpe_check[check_total_procs] action add
           * file[/etc/nagios/nrpe.d/check_total_procs.cfg] action create (up to date)
            (up to date)
         * nrpe_check[check_root] action add
           * file[/etc/nagios/nrpe.d/check_root.cfg] action create (up to date)
            (up to date)

       Running handlers:
       Running handlers complete
       Chef Client finished, 12/77 resources updated in 14 seconds
       Finished converging  (0m41.27s).
-----> Kitchen is finished. (0m41.63s)

Finally the recipe.

This is how the recipe would look like.
# Here we are creating the group called `sysadmin`
# User and Password details will come from the `data_bags`,
#   check `data_bags` directory for more details.
default['users_setup']['groups'] = { 'sysadmin' => 2300 }

# Creating basic users for the setup.
#
# Creating a admin user/group for clouderamanager
# http://ift.tt/292cPVZ
# http://ift.tt/28TZodR

node['users_setup']['groups'].each do | group_name,  group_id |
  users_manage group_name do
    group_id group_id
    action [:create]
    data_bag 'user_data_bag'
  end
end

# Update root password
users_manage 'root' do
    data_bag 'root_data_bag'
end

from Blogger http://ift.tt/2cpkMUN
via IFTTT

Categories: Others Tags: ,

Bootstrap Windows – knife-windows – Chef

September 1, 2016 Leave a comment
knife-windows plugin adds additional functionality to the Chef Knife CLI tool for configuring / interacting with nodes running Microsoft Windows.
  • Bootstrap of nodes via the Windows Remote Management (WinRM).aspx) or SSH protocols
  • Remote command execution using the WinRM protocol
  • Utilities to configure WinRM SSL endpoints on managed nodes
Few Good Helpful Links.

Installing gems

Installing necessary gem for the windows deployments.
chef gem install winrm
chef gem install knife-windows

Setting up

  • Run Enable-PSRemoting (Use a Administrator PowerShell)
  • Open the firewall with: netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow [On a Test Machine Disable Firewall till you test chef bootstrap]
Run these commands:
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
NOTE : Above settings are for Testing only.NOT FOR PRODUCTION.

Test Connectivity From Chef-Workstation

use command below
telnet 172.22.2.222 5985
Output would be similar to this.
We are able to reach 5985 port from our workstation.
┌─[ahmed][zubair-HP-ProBook][±][master ✓][~/work/hepsiburada/chef-repo]
└─▪ telnet 172.22.2.222 5985
Trying 172.22.2.222...
Connected to 172.22.2.222.
Escape character is '^]'.
^CConnection closed by foreign host..
Also test the command below.
┌─[ahmed][zubair-HP-ProBook][±][master ✓][~/work/mychefserver/chef-repo]
└─▪ knife wsman test 172.22.2.222 -m
Connected successfully to 172.22.2.222 at http://ift.tt/2bFifVb.

Try 1. [Failed]

Using Administrator account.
┌─[ahmed][zubair-HP-ProBook][±][master ✓][~/work/mychefserver/chef-repo/cookbooks/init-setup]
└─▪ knife bootstrap windows winrm 172.16.2.35 --winrm-user Administrator --winrm-password 'Zz_12345@123' --node-name nagios_test_windows_client --run-list 'recipe[chef-client]'
Node nagios_test_windows_client exists, overwrite it? (Y/N) Y
Client nagios_test_windows_client exists, overwrite it? (Y/N) Y
Creating new client for nagios_test_windows_client
Creating new node for nagios_test_windows_client

Waiting for remote response before bootstrap.ERROR: Failed to authenticate to 172.16.2.35 as Administrator
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer

Try 2. [Failed]

Using CHEF-WINDOWS-01\chef Account with -winrm-ssl-verify-mode verify_none option.
┌─[ahmed][zubair-HP-ProBook][±][master ✓][~/work/mychefserver/chef-repo]
└─▪ knife bootstrap windows winrm 172.22.2.222 --winrm-user 'CHEF-WINDOWS-01\chef' --winrm-password 'Nagios2234' --node-name nagiosxi_test_windows_client --winrm-ssl-verify-mode verify_none -y --run-list 'recipe[chef-client]'
Creating new client for nagiosxi_test_windows_client
Creating new node for nagiosxi_test_windows_client

Waiting for remote response before bootstrap.ERROR: Failed to authenticate to 172.22.2.222 as CHEF-WINDOWS-01\chef
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer

Try 3. [Failed]

Using CHEF-WINDOWS-01\chef using --winrm-authentication-protocol basic option.
┌─[ahmed][zubair-HP-ProBook][±][master ✓][~/work/mychefserver/chef-repo]
└─▪ knife bootstrap windows winrm 172.22.2.222 --winrm-user 'CHEF-WINDOWS-01\chef' --winrm-password 'Nagios2234' --node-name nagiosxi_test_windows_client --winrm-authentication-protocol basic -VV -y --run-list 'recipe[chef-client]'
INFO: Using configuration from /home/ahmed/work/mychefserver/chef-repo/.chef/knife.rb
DEBUG: Looking for key winrm_authentication_protocol and found value basic
DEBUG: Looking for key winrm_transport and found value plaintext
ERROR: Validatorless bootstrap over unsecure winrm channels could expose your key to network sniffing

Try 4. [Failed]

Using Administrator after changing password on the windows machine.
┌─[ahmed][zubair-HP-ProBook][±][master ✓][~/work/mychefserver/chef-repo]
└─▪ knife bootstrap windows winrm 172.16.2.35 --winrm-user Administrator --winrm-password 'Nagios2234' --node-name nagios_test_windows_client --run-list 'recipe[chef-client]' -V -y
INFO: Using configuration from /home/ahmed/work/mychefserver/chef-repo/.chef/knife.rb
INFO: HTTP Request Returned 404 Object Not Found: error
INFO: HTTP Request Returned 404 Object Not Found: error
Creating new client for nagios_test_windows_client
Creating new node for nagios_test_windows_client
INFO: HTTP Request Returned 404 Object Not Found: error

Waiting for remote response before bootstrap.ERROR: Failed to authenticate to 172.16.2.35 as Administrator
Response: WinRM::WinRMAuthorizationError
Hint: Make sure to prefix domain usernames with the correct domain name.
Hint: Local user names should be prefixed with computer name or IP address.
EXAMPLE: my_domain\user_namer

Try 5. [SUCCESS]

Adding --winrm-ssl-verify-mode verify_none option.
Little more Verbose so that we get to know what is happing under the hood.

┌─[ahmed][zubair-HP-ProBook][±][master ✓][~/work/mychefserver/chef-repo]
└─▪ knife bootstrap windows winrm 172.22.2.222 --winrm-user 'Administrator' --winrm-password 'Nagios2234' --node-name nagiosxi_test_windows_client --winrm-ssl-verify-mode verify_none -V -y --run-list 'recipe[chef-client]'
INFO: Using configuration from /home/ahmed/work/mychefserver/chef-repo/.chef/knife.rb
INFO: HTTP Request Returned 404 Object Not Found: error
INFO: HTTP Request Returned 404 Object Not Found: error
Creating new client for nagiosxi_test_windows_client
Creating new node for nagiosxi_test_windows_client
INFO: HTTP Request Returned 404 Object Not Found: error

Waiting for remote response before bootstrap.172.22.2.222 .
172.22.2.222 Response received.
Remote node responded after 0.01 minutes.
172.22.2.222 AMD64
Bootstrapping Chef on 172.22.2.222
172.22.2.222 Rendering "C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap-18039-1472729874.bat" chunk 1
172.22.2.222 Rendering "C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap-18039-1472729874.bat" chunk 2
172.22.2.222 Rendering "C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap-18039-1472729874.bat" chunk 3
172.22.2.222 Rendering "C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap-18039-1472729874.bat" chunk 4
172.22.2.222 Rendering "C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap-18039-1472729874.bat" chunk 5
172.22.2.222 Rendering "C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap-18039-1472729874.bat" chunk 6
172.22.2.222 Rendering "C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap-18039-1472729874.bat" chunk 7
172.22.2.222 Rendering "C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap-18039-1472729874.bat" chunk 8
172.22.2.222 Checking for existing directory "C:\chef"...
172.22.2.222 Existing directory not found, creating.
172.22.2.222
172.22.2.222 C:\Users\Administrator>(
172.22.2.222 echo.url = WScript.Arguments.Named("url")
172.22.2.222  echo.path = WScript.Arguments.Named("path")
172.22.2.222  echo.proxy = null
172.22.2.222  echo.'* Vaguely attempt to handle file:// scheme urls by url unescaping and switching all
172.22.2.222  echo.'* / into .  Also assume that file:/// is a local absolute path and that file://
172.22.2.222  echo.'* is possibly a network file path.
172.22.2.222  echo.If InStr(url, "file://") = 1 Then
172.22.2.222  echo.url = Unescape(url)
172.22.2.222  echo.If InStr(url, "file:///") = 1 Then
172.22.2.222  echo.sourcePath = Mid(url, Len("file:///") + 1)
172.22.2.222  echo.Else
172.22.2.222  echo.sourcePath = Mid(url, Len("file:") + 1)
172.22.2.222  echo.End If
172.22.2.222  echo.sourcePath = Replace(sourcePath, "/", "\")
172.22.2.222  echo.
172.22.2.222  echo.Set objFSO = CreateObject("Scripting.FileSystemObject")
172.22.2.222  echo.If objFSO.Fileexists(path) Then objFSO.DeleteFile path
172.22.2.222  echo.objFSO.CopyFile sourcePath, path, true
172.22.2.222  echo.Set objFSO = Nothing
172.22.2.222  echo.
172.22.2.222  echo.Else
172.22.2.222  echo.Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
172.22.2.222  echo.Set wshShell = CreateObject( "WScript.Shell" )
172.22.2.222  echo.Set objUserVariables = wshShell.Environment("USER")
172.22.2.222  echo.
172.22.2.222  echo.rem http proxy is optional
172.22.2.222  echo.rem attempt to read from HTTP_PROXY env var first
172.22.2.222  echo.On Error Resume Next
172.22.2.222  echo.
172.22.2.222  echo.If NOT (objUserVariables("HTTP_PROXY") = "") Then
172.22.2.222  echo.proxy = objUserVariables("HTTP_PROXY")
172.22.2.222  echo.
172.22.2.222  echo.rem fall back to named arg
172.22.2.222  echo.ElseIf NOT (WScript.Arguments.Named("proxy") = "") Then
172.22.2.222  echo.proxy = WScript.Arguments.Named("proxy")
172.22.2.222  echo.End If
172.22.2.222  echo.
172.22.2.222  echo.If NOT isNull(proxy) Then
172.22.2.222  echo.rem setProxy method is only available on ServerXMLHTTP 6.0+
172.22.2.222  echo.Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
172.22.2.222  echo.objXMLHTTP.setProxy 2, proxy
172.22.2.222  echo.End If
172.22.2.222  echo.
172.22.2.222  echo.On Error Goto 0
172.22.2.222  echo.
172.22.2.222  echo.objXMLHTTP.open "GET", url, false
172.22.2.222  echo.objXMLHTTP.send()
172.22.2.222  echo.If objXMLHTTP.Status = 200 Then
172.22.2.222  echo.Set objADOStream = CreateObject("ADODB.Stream")
172.22.2.222  echo.objADOStream.Open
172.22.2.222  echo.objADOStream.Type = 1
172.22.2.222  echo.objADOStream.Write objXMLHTTP.ResponseBody
172.22.2.222  echo.objADOStream.Position = 0
172.22.2.222  echo.Set objFSO = Createobject("Scripting.FileSystemObject")
172.22.2.222  echo.If objFSO.Fileexists(path) Then objFSO.DeleteFile path
172.22.2.222  echo.Set objFSO = Nothing
172.22.2.222  echo.objADOStream.SaveToFile path
172.22.2.222  echo.objADOStream.Close
172.22.2.222  echo.Set objADOStream = Nothing
172.22.2.222  echo.End If
172.22.2.222  echo.Set objXMLHTTP = Nothing
172.22.2.222  echo.End If
172.22.2.222 ) 1>C:\chef\wget.vbs
172.22.2.222
172.22.2.222 C:\Users\Administrator>(
172.22.2.222 echo.param(
172.22.2.222  echo.   [String] $remoteUrl,
172.22.2.222  echo.   [String] $localPath
172.22.2.222  echo.)
172.22.2.222  echo.
172.22.2.222  echo.$ProxyUrl = $env:http_proxy;
172.22.2.222  echo.$webClient = new-object System.Net.WebClient;
172.22.2.222  echo.
172.22.2.222  echo.if ($ProxyUrl -ne '') {
172.22.2.222  echo.  $WebProxy = New-Object System.Net.WebProxy($ProxyUrl,$true)
172.22.2.222  echo.  $WebClient.Proxy = $WebProxy
172.22.2.222  echo.}
172.22.2.222  echo.
172.22.2.222  echo.$webClient.DownloadFile($remoteUrl, $localPath);
172.22.2.222 ) 1>C:\chef\wget.ps1
172.22.2.222
172.22.2.222 C:\Users\Administrator>(
172.22.2.222
172.22.2.222
172.22.2.222
172.22.2.222 )
172.22.2.222 Detected Windows Version 6.3 Build 9600
172.22.2.222
172.22.2.222 C:\Users\Administrator>goto Version6.3
172.22.2.222
172.22.2.222 C:\Users\Administrator>goto Version6.2
172.22.2.222
172.22.2.222 C:\Users\Administrator>goto architecture_select
172.22.2.222
172.22.2.222 C:\Users\Administrator>goto install
172.22.2.222 Checking for existing downloaded package at "C:\Users\ADMINI~1\AppData\Local\Temp\chef-client-latest.msi"
172.22.2.222 No existing downloaded packages to delete.
172.22.2.222 Attempting to download client package using PowerShell if available...
172.22.2.222 powershell.exe -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -File  C:\chef\wget.ps1 "http://ift.tt/2bFbW92" "C:\Users\ADMINI~1\AppData\Local\Temp\chef-client-latest.msi"
172.22.2.222 Exception calling "DownloadFile" with "2" argument(s): "The underlying
172.22.2.222 connection was closed: An unexpected error occurred on a send."
172.22.2.222 At C:\chef\wget.ps1:14 char:1
172.22.2.222 + $webClient.DownloadFile($remoteUrl, $localPath);
172.22.2.222 + 
172.22.2.222     + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
172.22.2.222     + FullyQualifiedErrorId : WebException
172.22.2.222
172.22.2.222 Failed download: download completed, but downloaded file not found
172.22.2.222 Warning: Failed to download "http://ift.tt/2bFbW92" to "C:\Users\ADMINI~1\AppData\Local\Temp\chef-client-latest.msi"
172.22.2.222 Warning: Retrying download with cscript ...
172.22.2.222 Download via cscript succeeded.
172.22.2.222 Installing downloaded client package...
172.22.2.222
172.22.2.222 C:\Users\Administrator>msiexec /qn /log "C:\Users\ADMINI~1\AppData\Local\Temp\chef-client-msi22296.log" /i "C:\Users\ADMINI~1\AppData\Local\Temp\chef-client-latest.msi"
172.22.2.222 Successfully installed Chef Client package.
172.22.2.222 Installation completed successfully
172.22.2.222 Writing validation key...
172.22.2.222 Validation key written.
172.22.2.222
172.22.2.222 C:\Users\Administrator>mkdir C:\chef\trusted_certs
172.22.2.222
172.22.2.222 C:\Users\Administrator>(
172.22.2.222 echo.-----BEGIN CERTIFICATE-----
172.22.2.222  echo.MIID7jCCAtagAwIBAgIBADANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEQ
172.22.2.222  echo.MA4GA1UECgwHWW91Q29ycDETMBEGA1UECwwKT3BlcmF0aW9uczEmMCQGA1UEAwwd
172.22.2.222  echo.Y2hlZm1ncnNlcnZlci5oZXBzaWJ1cmFkYS5jb20wHhcNMTYwODE5MDc0NjQyWhcN
172.22.2.222  echo.MjYwODE3MDc0NjQyWjBcMQswCQYDVQQGEwJVUzEQMA4GA1UECgwHWW91Q29ycDET
172.22.2.222  echo.MBEGA1UECwwKT3BlcmF0aW9uczEmMCQGA1UEAwwdY2hlZm1ncnNlcnZlci5oZXBz
172.22.2.222  echo.aWJ1cmFkYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnyCBM
172.22.2.222  echo.nJ5xigDpZGLcOERJ2h3W9DVd4vW1c/xnlWKwe1RuIJxjgN4Wd+uUDrfotarPLOFw
172.22.2.222  echo.I9lAQRlBmNCILLxeAZfUUU8JFB2iiLeKky521qi1eIKLUAefhZMNt5OjjgdWegOP
172.22.2.222  echo.lJ0l+ugb14eXXvIhaeA4wcOF4FjWwwCqY9/wzifBSTVEVTHirAxmIyT4OaBXwpZD
172.22.2.222  echo.r35YuQoOvI+0NsDLKf3i/OKn7IzgC+bOfbN+tb6ZcLLz59tE3/tys/EFOcWaGlsq
172.22.2.222  echo.DSoPr4R7VZicllbOUawx3V2cn3Utbji6583h0IuDQRaymtw4DdpscwCwPpBCLEpr
172.22.2.222  echo.1PRChMFTKCE52TJvAgMBAAGjgbowgbcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
172.22.2.222  echo.FgQUokp/XZ9IsbTX0dKgdYyF5sT08aQwgYQGA1UdIwR9MHuAFKJKf12fSLG019HS
172.22.2.222  echo.oHWMhebE9PGkoWCkXjBcMQswCQYDVQQGEwJVUzEQMA4GA1UECgwHWW91Q29ycDET
172.22.2.222  echo.MBEGA1UECwwKT3BlcmF0aW9uczEmMCQGA1UEAwwdY2hlZm1ncnNlcnZlci5oZXBz
172.22.2.222  echo.aWJ1cmFkYS5jb22CAQAwDQYJKoZIhvcNAQELBQADggEBAFN5NAYwHKaxPpFprrfe
172.22.2.222  echo.yGYgZCZY+Pq6hl+Qi/JhRZuiNwXNZ+vB1MJFQOaJnA3XFBDjrrlEEGEePMBC+Oup
172.22.2.222  echo.qhrxp3hRC+NbxsiouZTqnX5Sew0ZOmTSh9AD02iBPC61r0Sbkm1RTtpyIh48KyA+
172.22.2.222  echo.7ZzxvwKsGoZ2aOcJBsaWgdDC4dpxcg8pL7Z4M0bz5vk8unlosLSnoG0EEkv6yr5m
172.22.2.222  echo.r2s7hJPB+D3TqGzXiNhpW27L1eplv9in5P1ezDtjddYWYXUX7KGCuefMoWt/4LV3
172.22.2.222  echo.PFDSr3dBVhHBrQCBTaFA4catTtKd26M7jiU5QkuAg1XAYdYqBfvwEsdHCZabAYHe
172.22.2.222  echo.Xr8=
172.22.2.222  echo.-----END CERTIFICATE-----
172.22.2.222 ) 1>C:\chef/trusted_certs/chefmgrserver_mychefserver_com.crt
172.22.2.222
172.22.2.222 C:\Users\Administrator>(
172.22.2.222 echo.log_level        :info
172.22.2.222  echo.log_location     STDOUT
172.22.2.222  echo.
172.22.2.222  echo.chef_server_url  "http://ift.tt/2bFiQpU"
172.22.2.222  echo.validation_client_name "chef-validator"
172.22.2.222  echo.
172.22.2.222  echo.file_cache_path   "c:/chef/cache"
172.22.2.222  echo.file_backup_path  "c:/chef/backup"
172.22.2.222  echo.cache_options     ({:path => "c:/chef/cache/checksums", :skip_expires => true})
172.22.2.222  echo.
172.22.2.222  echo.node_name "nagiosxi_test_windows_client"
172.22.2.222  echo.trusted_certs_dir "c:/chef/trusted_certs"
172.22.2.222 ) 1>C:\chef\client.rb
172.22.2.222
172.22.2.222 C:\Users\Administrator>(echo.{"run_list":["recipe[chef-client]"]}) 1>C:\chef\first-boot.json
172.22.2.222 Starting chef to bootstrap the node...
172.22.2.222
172.22.2.222 C:\Users\Administrator>SET "PATH=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ruby\bin;C:\opscode\chef\bin;C:\opscode\chef\embedded\bin"
172.22.2.222
172.22.2.222 C:\Users\Administrator>chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json
172.22.2.222 [2016-09-01T14:40:22+03:00] INFO: *** Chef 12.13.37 ***
172.22.2.222 [2016-09-01T14:40:22+03:00] INFO: Platform: x64-mingw32
172.22.2.222 [2016-09-01T14:40:22+03:00] INFO: Chef-client pid: 1100
172.22.2.222 [2016-09-01T14:40:54+03:00] INFO: Setting the run_list to ["recipe[chef-client]"] from CLI options
172.22.2.222 [2016-09-01T14:40:54+03:00] INFO: Run List is 
] 172.22.2.222 [2016-09-01T14:40:54+03:00] INFO: Run List expands to [chef-client] 172.22.2.222 [2016-09-01T14:40:54+03:00] INFO: Starting Chef Run for nagiosxi_test_windows_client 172.22.2.222 [2016-09-01T14:40:54+03:00] INFO: Running start handlers 172.22.2.222 [2016-09-01T14:40:54+03:00] INFO: Start handlers complete. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: HTTP Request Returned 404 Not Found: 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Loading cookbooks [chef-client@5.0.0, cron@1.7.6, logrotate@2.1.0, compat_resource@12.13.37, windows@1.44.3, chef_handler@1.4.0] 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/windows_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/runit_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/_unit_test_cloning_resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/task.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/smf_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/init_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/systemd_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/launchd_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/config.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/src_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/attributes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/upstart_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/cron.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/templates/windows/client.service.rb.erb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/delete_validation.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/libraries/helpers.rb in the cache. 172.22.2.222 [2016-09-01T14:40:55+03:00] INFO: Storing updated cookbooks/chef-client/recipes/bsd_service.rb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/arch/chef/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/freebsd/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/freebsd/chef.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/solaris/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/solaris/manifest.xml.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/systemd/chef-client.service.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/sv-chef-client-log-run.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/client.rb.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/debian/default/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/solaris/manifest-5.11.xml.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/debian/init/chef-client.conf.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/fedora/sysconfig/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/debian/init.d/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/redhat/init.d/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/redhat/sysconfig/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/suse/init.d/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/com.chef.chef-client.plist.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/suse/sysconfig/chef-client.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/MAINTAINERS.md in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/templates/default/sv-chef-client-run.erb in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/metadata.json in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/CHANGELOG.md in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/.foodcritic in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/chef-client/README.md in the cache. 172.22.2.222 [2016-09-01T14:40:56+03:00] INFO: Storing updated cookbooks/cron/resources/d.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] ERROR: SSL Validation failure connecting to host: chefmgrserver.mychefserver.com - SSL_read: cert already in hash table 172.22.2.222 [2016-09-01T14:40:57+03:00] ERROR: SSL Error connecting to http://ift.tt/2bFcSKO, retry 1/5 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/providers/d.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/libraries/matchers.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] ERROR: SSL Validation failure connecting to host: chefmgrserver.mychefserver.com - SSL_read: cert already in hash table 172.22.2.222 [2016-09-01T14:40:57+03:00] ERROR: SSL Error connecting to http://ift.tt/2bFiAY1, retry 1/5 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/attributes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/templates/default/cron_manage.erb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/templates/default/cron.d.erb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] ERROR: SSL Validation failure connecting to host: chefmgrserver.mychefserver.com - SSL_read: cert already in hash table 172.22.2.222 [2016-09-01T14:40:57+03:00] ERROR: SSL Error connecting to http://ift.tt/2bFenby, retry 1/5 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/MAINTAINERS.md in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/CHANGELOG.md in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/.foodcritic in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/metadata.json in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/CONTRIBUTING.md in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/cron/README.md in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/resources/app.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/recipes/global.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/attributes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/libraries/matchers.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/libraries/logrotate_config.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/templates/default/logrotate.erb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/templates/default/logrotate-global.erb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/LICENSE in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/Berksfile.lock in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/metadata.rb in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/.travis.yml in the cache. 172.22.2.222 [2016-09-01T14:40:57+03:00] INFO: Storing updated cookbooks/logrotate/CHANGELOG.md in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/.kitchen.yml in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/metadata.json in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/Makefile in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/README.md in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/Berksfile in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/Gemfile in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/CONTRIBUTING.md in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/.rubocop.yml in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/logrotate/Gemfile.lock in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/libraries/autoload.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/before/metadata.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/cloning/providers/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/before/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/cloning/metadata.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/hybrid/libraries/normal_hwrp.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/cloning/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/cloning/resources/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/hybrid/providers/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/hybrid/resources/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/hybrid/metadata.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/normal/providers/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/normal/libraries/normal_hwrp.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/normal/resources/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/normal/metadata.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/normal/recipes/declare_resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:58+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/notifications/metadata.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/notifications/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/test/metadata.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/notifications/resources/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/test/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/test/recipes/test.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/future/libraries/future_custom_resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/future/libraries/super_properties.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/config.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/future/metadata.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/future/resources/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/future/resources/super_resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/cookbooks/future/recipes/declare_resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/Gemfile in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/nodes/ettores-mbp.lan.json in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/data/Gemfile.lock in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/cookbook_spec.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/spec/spec_helper.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/mixin/properties.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/compat_resource/version.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/compat_resource/gemspec.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/provider/noop.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/compat_resource.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/provider/apt_repository.rb in the cache. 172.22.2.222 [2016-09-01T14:40:59+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/mixin/notifying_block.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/provider/apt_update.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/constants.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/mixin/params_validate.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/mixin/powershell_out.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/mixin/lazy_module_include.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/mixin/properties.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/run_context.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/provider.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/delayed_evaluator.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/property.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/resource_builder.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/runner.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/recipe.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/resource/apt_repository.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/dsl/declare_resource.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/resource/apt_update.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/dsl/core.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/resource/action_class.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/dsl/platform_introspection.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/dsl/universal.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/mixin/params_validate.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef/chef/dsl/recipe.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/run_context.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/property.rb in the cache. 172.22.2.222 [2016-09-01T14:41:00+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/log.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/provider.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/resource_builder.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/recipe.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/resource_collection.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/runner.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/resource_collection/resource_set.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] ERROR: SSL Validation failure connecting to host: chefmgrserver.mychefserver.com - SSL_read: cert already in hash table 172.22.2.222 [2016-09-01T14:41:01+03:00] ERROR: SSL Error connecting to http://ift.tt/2bFj1Sm, retry 1/5 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/recipe_hook.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/resource_collection/resource_list.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] ERROR: SSL Validation failure connecting to host: chefmgrserver.mychefserver.com - SSL_read: cert already in hash table 172.22.2.222 [2016-09-01T14:41:01+03:00] ERROR: SSL Error connecting to http://ift.tt/2bFdboS, retry 1/5 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/resource.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/property.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/copied_from_chef.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/resource/lwrp_base.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/recipe.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/CHANGELOG.md in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/metadata.json in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/windows/resources/auto_run.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/README.md in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/compat_resource/CONTRIBUTING.md in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/windows/resources/registry.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/windows/resources/shortcut.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/windows/resources/feature.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/windows/resources/printer.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/windows/resources/certificate_binding.rb in the cache. 172.22.2.222 [2016-09-01T14:41:01+03:00] INFO: Storing updated cookbooks/windows/resources/task.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/path.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/certificate.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/font.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/chef-client/CONTRIBUTING.md in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/pagefile.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/zipfile.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/http_acl.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/cron/definitions/manage.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/printer_port.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/reboot.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/resources/batch.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/auto_run.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/cron/templates/default/crontab.erb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/certificate_binding.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/printer.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/shortcut.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/registry.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/task.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/path.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/certificate.rb in the cache. 172.22.2.222 [2016-09-01T14:41:02+03:00] INFO: Storing updated cookbooks/windows/providers/font.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/pagefile.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/http_acl.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/zipfile.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/printer_port.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/feature_powershell.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/feature_servermanagercmd.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/feature_dism.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/reboot.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/providers/batch.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/recipes/reboot_handler.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/windows_architecture_helper.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/matchers.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/version.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/powershell_helper.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/windows_helper.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/windows_package.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/powershell_out.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/wmi_helper.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/feature_base.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/registry_helper.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/libraries/windows_privileged.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/attributes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/files/default/handlers/windows_reboot_handler.rb in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/MAINTAINERS.md in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/CHANGELOG.md in the cache. 172.22.2.222 [2016-09-01T14:41:03+03:00] INFO: Storing updated cookbooks/windows/metadata.json in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/windows/.foodcritic in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] ERROR: SSL Validation failure connecting to host: chefmgrserver.mychefserver.com - SSL_read: cert already in hash table 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/windows/CONTRIBUTING.md in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] ERROR: SSL Error connecting to http://ift.tt/2bFiu2H, retry 1/5 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/resources/default.rb in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/providers/default.rb in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/recipes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/recipes/json_file.rb in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/libraries/helpers.rb in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/attributes/default.rb in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/files/default/handlers/README in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/MAINTAINERS.md in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/libraries/matchers.rb in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/CHANGELOG.md in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/metadata.json in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/README.md in the cache. 172.22.2.222 [2016-09-01T14:41:04+03:00] INFO: Storing updated cookbooks/chef_handler/CONTRIBUTING.md in the cache. 172.22.2.222 [2016-09-01T14:41:06+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/resource/lwrp_base.rb in the cache. 172.22.2.222 [2016-09-01T14:41:06+03:00] INFO: Storing updated cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/exceptions.rb in the cache. 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: Storing updated cookbooks/windows/README.md in the cache. 172.22.2.222 C:/opscode/chef/embedded/lib/ruby/2.1.0/x64-mingw32/dl.so: warning: already initialized constant DL::RUBY_FREE 172.22.2.222 172.22.2.222 C:/opscode/chef/embedded/lib/ruby/gems/2.1.0/gems/net-ssh-3.2.0/lib/net/ssh/authentication/pageant.rb:16: warning: previous definition of RUBY_FREE was here 172.22.2.222 DL is deprecated, please use Fiddle 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: Processing directory[C:/chef/run] action create (chef-client::windows_service line 52) 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/run] created directory C:/chef/run 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/run] owner changed to S-1-5-21-3038300891-2412044433-3823315598-500 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/run] group changed to S-1-5-32-544 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: Processing directory[C:/chef/cache] action create (chef-client::windows_service line 52) 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/cache] owner changed to S-1-5-21-3038300891-2412044433-3823315598-500 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/cache] group changed to S-1-5-32-544 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: Processing directory[C:/chef/backup] action create (chef-client::windows_service line 52) 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/backup] created directory C:/chef/backup 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/backup] owner changed to S-1-5-21-3038300891-2412044433-3823315598-500 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/backup] group changed to S-1-5-32-544 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: Processing directory[C:/chef/log] action create (chef-client::windows_service line 52) 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/log] created directory C:/chef/log 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/log] owner changed to S-1-5-21-3038300891-2412044433-3823315598-500 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/log] group changed to S-1-5-32-544 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef/log] permissions changed to [CHEF-WINDOWS-01\Administrator/flags:0/mask:e0010000, BUILTIN\Administrators/flags:0/mask:a0000000, Everyone/flags:0/mask:a0000000] 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: Processing directory[C:/chef] action create (chef-client::windows_service line 52) 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef] owner changed to S-1-5-21-3038300891-2412044433-3823315598-500 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: directory[C:/chef] group changed to S-1-5-32-544 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: Processing template[C:/chef/client.service.rb] action create (chef-client::windows_service line 38) 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: template[C:/chef/client.service.rb] created file C:/chef/client.service.rb 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: template[C:/chef/client.service.rb] updated file contents C:/chef/client.service.rb 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: template[C:/chef/client.service.rb] owner changed to S-1-5-21-3038300891-2412044433-3823315598-500 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: template[C:/chef/client.service.rb] group changed to S-1-5-32-544 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: template[C:/chef/client.service.rb] permissions changed to [CHEF-WINDOWS-01\Administrator/flags:0/mask:c0010000, BUILTIN\Administrators/flags:0/mask:80000000, Everyone/flags:0/mask:80000000] 172.22.2.222 [2016-09-01T14:41:09+03:00] INFO: Processing execute[register-chef-service] action run (chef-client::windows_service line 45) 172.22.2.222 [2016-09-01T14:41:14+03:00] INFO: execute[register-chef-service] ran successfully 172.22.2.222 [2016-09-01T14:41:14+03:00] INFO: Processing windows_service[chef-client] action enable (chef-client::windows_service line 50) 172.22.2.222 [2016-09-01T14:41:14+03:00] INFO: Processing windows_service[chef-client] action start (chef-client::windows_service line 50) 172.22.2.222 [2016-09-01T14:41:14+03:00] INFO: windows_service[chef-client] configured with {:service_name=>"chef-client"} 172.22.2.222 [2016-09-01T14:41:22+03:00] INFO: windows_service[chef-client] started 172.22.2.222 [2016-09-01T14:41:22+03:00] INFO: Chef Run complete in 27.546223 seconds 172.22.2.222 [2016-09-01T14:41:22+03:00] INFO: Running report handlers 172.22.2.222 [2016-09-01T14:41:22+03:00] INFO: Report handlers complete
Now are ready to play with windows cookbooks.

from Blogger http://ift.tt/2bFd1h1
via IFTTT

Categories: Others Tags: ,

knife Quick Reference

September 1, 2016 Leave a comment
This is a quick reference for few of the commands which I use often.

Inital setup

knife ssl fetch
knife node list
knife bootstrap 172.2.2.34 --node-name nagiosxi-test-linux --ssh-port 22 --ssh-user root --ssh-password nagiosxi@123 --sudo
knife bootstrap windows winrm 172.22.2.222 --winrm-user 'Administrator' --winrm-password 'Nagios2234' --node-name nagiosxi_test_windows_client --winrm-ssl-verify-mode verify_none -V -y --run-list 'recipe[chef-client]'

Creating data bags

knife data bag create starter-databag cmadmin
knife data bag edit starter-databag cmadmin

Auto generate cookbook

chef generate cookbook 
chef generate cookbook  --copyright "Zubair AHMED" --email "zubayr@g.com" --license "mit"
chef generate attribute  --copyright "Zubair AHMED" --email "zubayr@g.com" --license "mit"
chef generate recipe  --copyright "Zubair AHMED" --email "zubayr@g.com" --license "mit"

Upload and Download cookbooks

knife cookbook upload 
knife cookbook upload --all
knife cookbook site install 
knife cookbook site search apache*
knife cookbook site show haproxy

Testing

kitchen create
kitchen converge
kitchen verify
kitchen destroy

Here is the complete reference.

Quick Reference

from Blogger http://ift.tt/2bFbJm9
via IFTTT

Categories: Others Tags: ,

Moving RRD file from 32bit to 64bit Architecture

August 23, 2016 Leave a comment
When we were working on a nagios monitoring system we were migrating from a 32bit nagios to a 64bit Architecture.
Most of the graphs are not working as the RRD was from an older 32bit architecture.
Location of perfdata on nagios server.
[root@nagios-server perfdata]# pwd 
/usr/local/nagios/share/perfdata
Error when we load the graph.
ERROR: This RRD was created on another architecture
This can re solved by converting the exsisting 32bit RRD to XML and then restoring into the new 64bit Architecture.

Creating a xml dump for rrd file.

rrdtool dump cpu_load.rrd > cpu_load.xml
Move the XML file to the new server (64bit)

Restore the XML file back.

rrdtool restore -f cpu_load.xml cpu_load.rrd
Testing if the RRD file is create fine, use below command.
rrdtool info cpu_load.rrd
Now you should be able to see all the graphs on the server.

from Blogger http://ift.tt/2bi1Ibz
via IFTTT

Categories: Others Tags: ,

Remove Old Files using find Command

August 23, 2016 Leave a comment
GNU find searches the directory tree rooted at each given file name by evaluating the given expression from left to right, according to the rules of precedence, until the outcome is known (the left hand side is false for and operations, true for or), at which point find moves on to the next file name.
Remove old files which are older than a specific time using find Command

Command

find /path/to/files* -mtime +5 -exec rm {} \;
Note that there are spaces between rm, {}, and \;

Command Explanation.

-mtime n 
    File's data was last modified n*24 hours ago. See the comments for -atime to  
    understand how rounding affects the interpretation of file modification times.  

-exec command {} + 
    This variant of the -exec action runs the specified command on the selected  
    files,     but the command line is built by appending each selected file name at  
    the end; the total number of invocations of the command will be much less than  
    the number of matched files.  

    The command line is built in much the same way that xargs builds its command lines.  
    Only one instance of '{}' is allowed within the command.  
    The command is executed in the starting directory.
Thats it.

from Blogger http://ift.tt/2bi1xNJ
via IFTTT

Categories: Others Tags: ,

Migrating Nagios XI to a New Server on Centos6.6

August 20, 2016 Leave a comment
Migrating an old Nagios backup to a new nagiosxi server. Migration is simple in Nagios XI, you a backup and restore it.
Once that is done we need to update/add the clients with IP of the new server, so that both Nagios get alerts. After a while once we are comfortable with the new server we can decommission the old one.
For example we will use two servers.
  • old_nagios (nagiosximon)
  • new_nagios (nagioserver)

Backup from Old Server.

Lets first take a backup from the old_nagios server.
[root@nagiosximon ~]# /usr/local/nagiosxi/scripts/backup_xi.sh 
Running configuration check...
Stopping nagios: done.
Starting nagios: done.
Backing up Core Config Manager (NagiosQL)...
tar: Removing leading `/' from member names
tar: Removing leading `/' from member names
Backing up Nagios Core...
tar: Removing leading `/' from member names
tar: /usr/local/nagios/var/rw/nagios.qh: socket ignored
tar: /usr/local/nagios/var/ndo.sock: socket ignored
Backing up Nagios XI...
tar: Removing leading `/' from member names
Backing up MRTG...
tar: Removing leading `/' from member names
Backing up NRDP...
tar: Removing leading `/' from member names
Backing up Nagvis...
tar: Removing leading `/' from member names
Backing up MySQL databases...
Backing up logrotate config files...
Backing up Apache config files...
Compressing backup...

===============
BACKUP COMPLETE
===============
Backup stored in /store/backups/nagiosxi/1471501361.tar.gz
[root@nagiosximon ~]# ls

Restoring backup to the new_nagios server.

IMPORTANT : But now most of the server will not be able to send notifications to the new server, so you will recieve notifications, better idea is to disable notifications till we are done with all the configuration.
[root@nagiosserver ahmed]# /usr/local/nagiosxi/scripts/restore_xi.sh /home/ahmed/Desktop/1471501361.tar.gz 
TS=1471501690
Extracting backup to /store/backups/nagiosxi/1471501690-restore...
In /store/backups/nagiosxi/1471501690-restore/1471501361...
Backup files look okay.  Preparing to restore...
Shutting down services...
Stopping nagios: done.
Stopping ndo2db: done.
NPCD Stopped.
Restoring directories to /...
Restoring Nagios Core...
Restoring Nagios XI...
Restoring NagiosQL...
Restoring NagiosQL backups...
Restoring NRDP backups...
Restoring MRTG...
Restoring Nagvis backups...
Restoring MySQL databases...
Restoring Nagios XI MySQL database...
Restarting database servers...
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
Restoring logrotate config files...
Restoring Apache config files...
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
NPCD started.
Starting ndo2db: done.
Starting nagios: done.

===============
RESTORE COMPLETE
===============

Linux Client Configuration [NRPE].

As the service is running on the server, and the inbound requests are handled by xinetd, so we need to add the new server information in the configuration.
  • Open file /etc/xinetd.d/nrpe
  • Added a new entry only_from += 172.3.2.0/24 after the only_from line. We have given a mask address, but this can be an IP as well. (This should be the IP Address or IP Range for new_nagios server)
  • Save, Close and Restart xinetd
Here is how the configuration file looks like.
root@nagiosxi-test-linux:~# cat /etc/xinetd.d/nrpe 
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
           flags           = REUSE
    socket_type     = stream    
    port        = 5666    
           wait            = no
    user            = nagios
    group        = nagios
           server          = /usr/local/nagios/bin/nrpe
    server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
           log_on_failure  += USERID
    disable         = no

    # Old server IP
    only_from    = 172.2.2.123

    # New Server IP
    only_from    += 172.3.2.123

    # Range of IPs using Masking.
    only_from     += 172.3.2.0/24        
}
Restart xinetd service.
root@nagiosxi-test-linux:~# service xinetd restart
xinetd stop/waiting
xinetd start/running, process 15883

Windows Client Configuration [NSClient++].

Here as well we have to update allowed hosts parameter in nsclient.ini
  • Open run -> services.msc
  • Stop the NSClient++ service.
  • Goto Location C:\Program Files\NSClient++
  • Now go to start -> notepad -> open notepad with Run as Administrator Option.
  • Now your notepad has admin permission.
  • Open the file nsclient.ini which is located in C:\Program Files\NSClient++
  • Added the new_nagios server IP in the allowed hosts list, its a comma separated values list.
Here is how part of the configuration looks like.
;Undocumented section
[/settings/default]

;Undocumented key
password = nagios123

;Undocumented key
allowed hosts = 127.0.0.1, 172.2.2.123, 172.3.2.123
  • Finally save, close and Start NSClient++ service.
We are done. Now you will start seeing updated service information on the new_nagios server.

from Blogger http://ift.tt/2b6SErs
via IFTTT

Categories: Others Tags: ,

Setting up ssl https On Nagios XI Server

August 19, 2016 Leave a comment
HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data. Intro Courtesy Wikipedia
Full SSL support requires Nagios XI version 2011R1.6 or later.

Before we start.

Check if the below packages are install, they should be if you are using latest Nagios XI, but check them anyways.
yum install mod_ssl openssl

Creating Key and Certificate

Lets generate the key for the server.
openssl genrsa -out ca.key 2048
Output for the command.
[ahmed@nagiosserver ~]$ openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................................................................................+++
.....................................+++
e is 65537 (0x10001)
Now we create the certificate.
openssl req -new -key ca.key -out ca.csr
Here is the output for the command.
[ahmed@nagiosserver ~]$ openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:TR
State or Province Name (full name) []:Istanbul
Locality Name (eg, city) [Default City]:Istanbul
Organization Name (eg, company) [Default Company Ltd]:Ahmed, Inc
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:nagiosserver.ahmed.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
We have not entered anything in the extra attributes, but this is fine.
Checking the certificate.
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Output.
[ahmed@nagiosserver ~]$ openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=TR/ST=Istanbul/L=Istanbul/O=Ahmed, Inc/CN=nagiosserver.ahmed.com
Getting Private key
[ahmed@nagiosserver ~]$

Copy Key/Certificate to Specific Location.

Now we need to copy the certificate files to the correct location and set permissions:
cp ca.crt /etc/pki/tls/certs
cp ca.key ca.csr /etc/pki/tls/private/
Setting permissions.
chmod go-rwx /etc/pki/tls/certs/ca.crt
chmod go-rwx /etc/pki/tls/private/ca.key

Update Apache Configuration

Open the /etc/httpd/conf.d/ssl.conf, find the following lines and update path, this is similar to what we copied earlier.
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Here is how the Configuration looks like.
ssl cert
In that same file add the below contents just before

tag:


RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]

Here is how a part of the config looks like.
IfModule

Update httpd.conf Configuration.

Update /etc/httpd/conf/httpd.conf, Add the following lines to the end of the file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Here how the file looks like.
httpd config

Next we restart httpd

sudo service httpd restart
Ouput.
[ahmed@nagiosserver ~]$ sudo service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for nagiosserver
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [  OK  ]
Now we can go to http://ift.tt/2b02wVs, you get a warning about self certified certificate, add it to exception and we are ready.

And we are done.

[Important] Now we update Nagios XI Configuration.

  • First update the config.inc.php file.
Here is the path to the file.
[ahmed@nagiosserver ~]# vim /usr/local/nagiosxi/html/config.inc.php
Update the below configuration in the file. (Currently $cfg['use_https'] = false;)
// force http/https
$cfg['use_https'] = true; // determines whether cron jobs and other scripts will force the use of HTTPS instead of HTTP
  • Next logon to Nagios XI server as nagiosadmin.
  • Go to Admin -> on the left pane System Config -> System Settings -> General.
  • Change the URL to https. Change http://172.2.2.23/nagiosxi/ to https://172.2.2.23/nagiosxi/
  • Next go to Configure on the top tab -> Core Config Manager -> On the left pane Config Manager Admin -> Core Manager Settings -> Change Server Protocol to HTTPS
Restart nagios, httpd.
NOTE : If you are using filewall make sure to add the entry to iptables
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
service iptables save
Now logon to the server. https://nagiosserver.ahmed.com/
Categories: Others Tags: ,