Problem scenario: You are trying to set up a Chef Client on a VM to be configured to communicate with your Chef Server (version 12). The OS of both servers (the Chef server and the server that will be the Chef client) is RHEL 7.3.
You run this command from a server that you want to be a Chef client:
knife client list
You get this:
ERROR: Connection refused connecting to https://chef-server.name/organizations/myorg/clients, retry 1/5 ...
You need to keep SELinux enabled. There is no firewalld or iptables running on either server. What do you do?
Solution There is an intermediate firewall that is blocking port 443. Between the two servers, port 443 is filtered. Assuming both servers are AWS instances, here is a solution.
First find the IP addresses via the "ifconfig" command on two servers -- the Chef master server and the Chef client server. In the AWS Security Group, create a Custom TCP rule. Use these settings:
-For the "Type" have it be HTTPS.
-For the "Source" use "Custom."
-The field next to custom should have the IP address of the Chef Server obtained above with a "/32" at the end. It will look like this: 172.31.21.5/32
Create a second inbound rule. It should use these settings:
-For the "Type" have it be HTTPS.
-For the "Source" use "Custom."
-The field next to custom should have the IP address of the Chef Client obtained above with a "/32" at the end. It will look like this: 172.31.21.6/32