Pages

error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Permission denied)

While bootstrapping a redhat node which is on AWS EC2, which supports only the SSH identity file for authentication, I was getting the below error after this command 

knife bootstrap 52.0.13.12 --ssh-user ec2-user --identity-file ~/.ssh/xyz.pem --node-name first1 --run-list 'recipe[some_thing]'


Error

52.0.13.132 Installing Chef Client...
52.0.13.132   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
52.0.13.132                                  Dload  Upload   Total   Spent    Left  Speed
100 18285  100 18285    0     0  48457      0 --:--:-- --:--:-- --:--:-- 48630
52.0.13.132 Downloading Chef 11 for el...
52.0.13.132 downloading https://www.opscode.com/chef/metadata?v=11&prerelease=false&nightlies=false&p=el&pv=7&m=x86_64
52.0.13.132   to file /tmp/install.sh.940/metadata.txt
52.0.13.132 trying curl...
52.0.13.132 url https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.18.6-1.el6.x86_64.rpm
52.0.13.132 md5 b4ccffea24007b83ffdd99b16aea9661
52.0.13.132 sha256 f531541c6786f274bd62fb46bc1ea8f2d70c083e10777b2544c6503c0f90c598
52.0.13.132 yolo true
52.0.13.132 downloaded metadata file looks valid...
52.0.13.132 downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.18.6-1.el6.x86_64.rpm
52.0.13.132   to file /tmp/install.sh.940/chef-11.18.6-1.el6.x86_64.rpm
52.0.13.132 trying curl...
52.0.13.132 Comparing checksum with sha256sum...
52.0.13.132
52.0.13.132 WARNING: Chef-Client has not been regression tested on this O/S Distribution
52.0.13.132 WARNING: Do not use this configuration for Production Applications.  Use at your own risk.
52.0.13.132
52.0.13.132 Installing Chef 11
52.0.13.132 installing with rpm...
52.0.13.132 warning: /tmp/install.sh.940/chef-11.18.6-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Permission denied)
52.0.13.132 Installation failed
52.0.13.132 Version: 11
52.0.13.132
52.0.13.132 Please file a Bug Report at https://github.com/opscode/opscode-omnitruck/issues/new
52.0.13.132 Alternatively, feel free to open a Support Ticket at https://www.getchef.com/support/tickets
52.0.13.132 More Chef support resources can be found at https://www.getchef.com/support
52.0.13.132
52.0.13.132 Please include as many details about the problem as possible i.e., how to reproduce
52.0.13.132 the problem (if possible), type of the Operating System and its version, etc.,
52.0.13.132 and any other relevant details that might help us with troubleshooting.
52.0.13.132
52.0.13.132 mkdir: cannot create directory ‘/etc/chef’: Permission denied
52.0.13.132 bash: line 36: /etc/chef/validation.pem: No such file or directory
52.0.13.132 chmod: cannot access ‘/etc/chef/validation.pem’: No such file or directory
52.0.13.132 bash: line 69: /etc/chef/client.rb: No such file or directory
52.0.13.132 bash: line 77: /etc/chef/first-boot.json: No such file or directory
52.0.13.132 Starting first Chef Client run...
52.0.13.132 bash: line 83: chef-client: command not found

Solution

Using the option "--sudo" does the trick



knife bootstrap 52.0.13.132 --ssh-user ec2-user --identity-file ~/.ssh/xyz.pem --sudo --node-name first1 --run-list 'recipe[some_thing]'

52.0.13.132 Installing Chef Client...
52.0.13.132   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
52.0.13.132                                  Dload  Upload   Total   Spent    Left  Speed
100 18285  100 18285    0     0  49365      0 --:--:-- --:--:-- --:--:-- 49552
52.0.13.132 Downloading Chef 11 for el...
52.0.13.132 downloading https://www.opscode.com/chef/metadata?v=11&prerelease=false&nightlies=false&p=el&pv=7&m=x86_64
52.0.13.132   to file /tmp/install.sh.1005/metadata.txt
52.0.13.132 trying curl...
52.0.13.132 url https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.18.6-1.el6.x86_64.rpm
52.0.13.132 md5 b4ccffea24007b83ffdd99b16aea9661
52.0.13.132 sha256 f531541c6786f274bd62fb46bc1ea8f2d70c083e10777b2544c6503c0f90c598
52.0.13.132 yolo true
52.0.13.132 downloaded metadata file looks valid...
52.0.13.132 downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.18.6-1.el6.x86_64.rpm
52.0.13.132   to file /tmp/install.sh.1005/chef-11.18.6-1.el6.x86_64.rpm
52.0.13.132 trying curl...
52.0.13.132 Comparing checksum with sha256sum...
52.0.13.132
52.0.13.132 WARNING: Chef-Client has not been regression tested on this O/S Distribution
52.0.13.132 WARNING: Do not use this configuration for Production Applications.  Use at your own risk.
52.0.13.132
52.0.13.132 Installing Chef 11
52.0.13.132 installing with rpm...
52.0.13.132 warning: /tmp/install.sh.1005/chef-11.18.6-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
52.0.13.132 Preparing...                          ################################# [100%]
52.0.13.132 Updating / installing...
52.0.13.132    1:chef-11.18.6-1.el6               ################################# [100%]
52.0.13.132 Thank you for installing Chef!
52.0.13.132 Starting first Chef Client run...
52.0.13.132 [2015-02-06T07:25:37-05:00] WARN:
52.0.13.132 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
52.0.13.132 SSL validation of HTTPS requests is disabled. HTTPS connections are still
52.0.13.132 encrypted, but chef is not able to detect forged replies or man in the middle
52.0.13.132 attacks.
52.0.13.132
52.0.13.132 To fix this issue add an entry like this to your configuration file:
52.0.13.132
52.0.13.132 ```
52.0.13.132   # Verify all HTTPS connections (recommended)
52.0.13.132   ssl_verify_mode :verify_peer
52.0.13.132
52.0.13.132   # OR, Verify only connections to chef-server
52.0.13.132   verify_api_cert true
52.0.13.132 ```
52.0.13.132
52.0.13.132 To check your SSL configuration, or troubleshoot errors, you can use the
52.0.13.132 `knife ssl check` command like so:
52.0.13.132
52.0.13.132 ```
52.0.13.132   knife ssl check -c /etc/chef/client.rb
52.0.13.132 ```
52.0.13.132
52.0.13.132 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
52.0.13.132
52.0.13.132 Starting Chef Client, version 11.18.6
52.0.13.132 Creating a new client identity for first1 using the validator key.
52.0.13.132 resolving cookbooks for run list: ["learn_chef_httpd"]
52.0.13.132 Synchronizing Cookbooks:
52.0.13.132   - learn_chef_httpd
52.0.13.132 Compiling Cookbooks...
52.0.13.132 Converging 4 resources
52.0.13.132 Recipe: learn_chef_httpd::default
52.0.13.132   * package[httpd] action install
52.0.13.132     - install version 2.4.6-19.el7_0 of package httpd
52.0.13.132   * service[httpd] action start
52.0.13.132     - start service service[httpd]
52.0.13.132   * service[httpd] action enable
52.0.13.132     - enable service service[httpd]
52.0.13.132   * template[/var/www/html/index.html] action create
52.0.13.132     - create new file /var/www/html/index.html
52.0.13.132     - update content in file /var/www/html/index.html from none to ef4ffd
52.0.13.132     --- /var/www/html/index.html 2015-02-06 07:25:47.501523711 -0500
52.0.13.132     +++ /tmp/chef-rendered-template20150206-1075-lczwdi 2015-02-06 07:25:47.502523687 -0500
52.0.13.132     @@ -1 +1,6 @@
52.0.13.132     +<html>
52.0.13.132     +  <body>
52.0.13.132     +    <h1>hello world</h1>
52.0.13.132     +  </body>
52.0.13.132     +</html>
52.0.13.132     - restore selinux security context
52.0.13.132   * service[iptables] action stop (up to date)
52.0.13.132
52.0.13.132 Running handlers:
52.0.13.132 Running handlers complete
52.0.13.132 Chef Client finished, 4/5 resources updated in 10.298957604 seconds