chef - [chef] RE: knife setup problem

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] RE: knife setup problem

From: Eric Hankins < >
To: " " < >
Subject: [chef] RE: knife setup problem
Date: Wed, 3 Mar 2010 08:50:57 -0600
Accept-language: en-US
Acceptlanguage: en-US

Hi Gilles,

I think the problem is that the -f flag for that command specifies where to
put the key file belonging to the client that you just created when it's
done. So your configuration says "use ~/.chef/gilles.pem to authenticate" but
the file doesn't exist yet. For an initial user creation you need to use the
validation key, but it doesn't do that by default. When I create a new knife
user, here is the command I use:

knife client create billybob -f path/to/save/billybob.pem -u chef-validator
-k path/to/validation.pem

So the -u says "run this command as this user" and the -k says "and use this
key to sign the request". It looks like you have the validation.pem already
so I think if you pass that in, you should be set. One thing to remember is
that you probably want to set your knife user to be an admin. You can do this
by editing the JSON that pops up, or by specifying --admin as an option to
the command. You could even pass --no-editor to create an admin user without
popping up EDITOR.

Hope that fixes things for you!

-- Eric

> -----Original Message-----
> From: Gilles Devaux
> [mailto:
> Sent: Tuesday, March 02, 2010 5:24 PM
> To:
>
> Subject: [chef] knife setup problem
>
> Hi,
>
> I'm trying to setup knife but I run in a 'cannot read .pem file'
>
> The first thing I'm trying to do is to get a API Key for knife:
>
> gilles:.chef gilles$ knife client create gilles -f ~/.chef/gilles.pem -l
> debug
> ERROR: Failed to read the private key /Users/gilles/.chef/gilles.pem:
> #<Errno::ENOENT: No such file or directory -
> /Users/gilles/.chef/gilles.pem>,
> /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:in
> `read'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:in
> `load_signing_key'/Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/lib/chef/rest.rb:49:in
> `initialize'/Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/lib/chef/api_client.rb:231:in
> `new'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/api_client.rb:231:in
> `save'/Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/lib/chef/knife/client_create.rb:47:in
> `run'/Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/lib/chef/application/knife.rb:110:in
> `run'/Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/bin/knife:26/usr/bin/knife:19:in
> `load'/usr/bin/knife:19
> /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:63:in
> `load_signing_key': I cannot read /Users/gilles/.chef/gilles.pem, which you
> told me to use to sign requests!
> (Chef::Exceptions::PrivateKeyMissing)
>        from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:49:in
> `initialize'
>        from /Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/lib/chef/api_client.rb:231:in
> `new'
>        from /Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/lib/chef/api_client.rb:231:in
> `save'
>        from /Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/lib/chef/knife/client_create.rb:47:in
> `run'
>        from /Library/Ruby/Gems/1.8/gems/chef-
> 0.8.4/lib/chef/application/knife.rb:110:in
> `run'
>        from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/bin/knife:26
>        from /usr/bin/knife:19:in `load'
>        from /usr/bin/knife:19
>
> The command is prompting me with
> {
>  "public_key": null,
>  "name": "gilles",
>  "json_class": "Chef::ApiClient",
>  "admin": false,
>  "chef_type": "client"
> }
>
> -> I don't really know what to set here, I tried different input for
> public_key with the same result.
>
> This is my knife.rb file
>  log_level                :info
> log_location             STDOUT
> node_name                'gilles'
> client_key               '/Users/gilles/.chef/gilles.pem'
> validation_client_name   'chef-validator'
> validation_key           '/Users/gilles/.chef/validation.pem'
> chef_server_url          'http://chefserver:4000'
> cache_type               'BasicFile'
> cache_options( :path => '/Users/gilles/.chef/checksums' ) cookbook_path [
> '/Users/gilles/Sites/chef/cookbooks',
> '/Users/gilles/Sites/chef/site-cookbooks' ]
>
> the validation key is the one created during chef-server install and I can
> register chef-clients without problems.
>
> chef rubygem is 0.8.4
>
> Do I need to setup the dev box as a chef-client for knife to work?
>
> Any other idea?
>
> Thanks
>
> --Gilles

This e-mail message and any attachments may contain confidential, proprietary
or non-public information.  This information is intended solely for the
designated recipient(s).  If an addressing or transmission error has
misdirected this e-mail, please notify the sender immediately and destroy
this e-mail.  Any review, dissemination, use or reliance upon this
information by unintended recipients is prohibited.  Any opinions expressed
in this e-mail are those of the author personally.

[chef] knife setup problem, Gilles Devaux, 03/02/2010
- [chef] RE: knife setup problem, Eric Hankins, 03/03/2010
  - [chef] Re: RE: knife setup problem, Gilles Devaux, 03/03/2010