[chef] Re: Re: [[chef-dev]] Chef 0.8.2

[Albert Llop < >]

Hi,
not sure if this can be somewhat related since I haven't been able to root the cause, but it was completely impossible for me to validate any newly updated nodes with the chef-validator client (and it's .pem). Even regenerating the certificate kept giving 401 Unauthorized errors. The only thing that worked was deleting the "chef-validator" client and creating it again (with admin status ofc). It also worked with a totally different admin client acting as validator, but never with the "original" chef-validator created originally.

Had no problems with the webui though.
Awesome work!
--
{ :name => "Albert Llop" }

On 2 March 2010 03:22, Joshua Timberman < "> > wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI Early adopters of 0.8.2, there was a pair of execute resources to create SSL certificates in the bootstrap::server recipe[0] that weren't working with the auto-detect/generate in the chef-server and chef-server-webui startup. I have removed these and pushed new bootstrap-latest.tar.gz and bootstrap-0.8.2.tar.gz archives out to the S3 bucket. This was resolved late last night (2/28), but has been reported by others today as well.

The symptom is that you cannot login to the webui with the admin user and the password specified in /etc/chef/server.rb. The first thing to try is simply restart the webui.

# sudo /etc/init.d/chef-server-webui restart

When it starts up, if you're getting this message in /etc/sv/chef-server-webui/log/main/current:

2010-03-01_06:19:16.17209 ~ Failed loading ChefServerWebui (401 "Unauthorized")

There's an issue with the user in CouchDB and doesn't match the certificate in /etc/chef/webui.pem. To fix this, you'll need to find the user "chef-webui" and "chef-validator" documents in the CouchDB, and remove them. The easiest way to do this[1]:

# Access CouchDB's Futon (http://localhost:5984/_utils, set up an SSH tunnel to get there from your local system if the Chef Server is remote).
# Select the 'chef' database.
# In the 'View' drop-down on the upper right, select "all_id" under Clients.
# Select 'chef-validator', delete document. Repeat for 'chef-webui'.

Next, remove the certificates in /etc/chef.

# sudo rm /etc/chef/{validation,webui}.{crt,key,pem}

And finally, restart chef-server and chef-server-webui.

# sudo /etc/init.d/chef-server restart
# sudo /etc/init.d/chef-server-webui restart

[0] These were used in the early stages of the 0.8 bootstrap development, when the server processes didn't automatically generate the certificates in the right place.
[1] Robert Berger (rberger) did a blog post with illustrations. Thanks for putting this together, Robert! http://blog.ibd.com/scalable-deployment/reseting-the-opscode-chef-server-validation-keypem/

On Feb 28, 2010, at 8:56 PM, Adam Jacob wrote:

The release just about everyone has been waiting for is here:

http://bit.ly/cVybsf

This release MVP is Scott Likens, Damm from IRC, who has spent so much
time getting everyone ready for Chef 0.8.  Thank you so much for all
your hard work, Scott.

Love,
Adam

--
Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E: " target="_blank">

- --
Opscode, Inc
Joshua Timberman, Senior Solutions Engineer
C: 720.334.RUBY E: " target="_blank">

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)

iEYEARECAAYFAkuMdloACgkQO97WSdVpzT2JUwCeKKZQSJY7Ie1yWB8o6pgr1FTc
55YAn3B7wjhQcWn/6P09RRkJ7klr98EH
=RGpo
-----END PGP SIGNATURE-----