chef - [chef] Re: RE: knife setup problem

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: RE: knife setup problem

From: Gilles Devaux < >
To:
Subject: [chef] Re: RE: knife setup problem
Date: Wed, 3 Mar 2010 09:06:26 -0800
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; b=JgdDuUmbJdUO/SjRHGZWLc7MJi85phoL+1eXXt9wXBrb011jkRp+PyoXTthg/ondFP b1wWi2LGrnH9pItu0D02/Ek0VlgEXOEc0ARVZbszy0SwkjbiWuBtZZDYD81fdcPcc5Y8 oM0wHxiZh/2iiU52szvr8FNmHcvoLLhcJarfM=

Ahhhhhh "-u chef-validator -k path/to/validation.pem"

I thought knife would use the same flow as chef-client, if personal .pem is
not there then send the validation.pem but you actually have to do it.

Works now.

Thanks a lot

--Gilles

On Mar 3, 2010, at 6:50 AM, Eric Hankins wrote:

> Hi Gilles,
>
> I think the problem is that the -f flag for that command specifies where to
> put the key file belonging to the client that you just created when it's
> done. So your configuration says "use ~/.chef/gilles.pem to authenticate"
> but the file doesn't exist yet. For an initial user creation you need to
> use the validation key, but it doesn't do that by default. When I create a
> new knife user, here is the command I use:
>
> knife client create billybob -f path/to/save/billybob.pem -u chef-validator
> -k path/to/validation.pem
>
> So the -u says "run this command as this user" and the -k says "and use
> this key to sign the request". It looks like you have the validation.pem
> already so I think if you pass that in, you should be set. One thing to
> remember is that you probably want to set your knife user to be an admin.
> You can do this by editing the JSON that pops up, or by specifying --admin
> as an option to the command. You could even pass --no-editor to create an
> admin user without popping up EDITOR.
>
> Hope that fixes things for you!
>
> -- Eric
>
>
>
>> -----Original Message-----
>> From: Gilles Devaux
>> [mailto:
>> Sent: Tuesday, March 02, 2010 5:24 PM
>> To:
>>
>> Subject: [chef] knife setup problem
>>
>> Hi,
>>
>> I'm trying to setup knife but I run in a 'cannot read .pem file'
>>
>> The first thing I'm trying to do is to get a API Key for knife:
>>
>> gilles:.chef gilles$ knife client create gilles -f ~/.chef/gilles.pem -l
>> debug
>> ERROR: Failed to read the private key /Users/gilles/.chef/gilles.pem:
>> #<Errno::ENOENT: No such file or directory -
>> /Users/gilles/.chef/gilles.pem>,
>> /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:in
>> `read'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:in
>> `load_signing_key'/Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/lib/chef/rest.rb:49:in
>> `initialize'/Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/lib/chef/api_client.rb:231:in
>> `new'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/api_client.rb:231:in
>> `save'/Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/lib/chef/knife/client_create.rb:47:in
>> `run'/Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/lib/chef/application/knife.rb:110:in
>> `run'/Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/bin/knife:26/usr/bin/knife:19:in
>> `load'/usr/bin/knife:19
>> /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:63:in
>> `load_signing_key': I cannot read /Users/gilles/.chef/gilles.pem, which you
>> told me to use to sign requests!
>> (Chef::Exceptions::PrivateKeyMissing)
>>       from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:49:in
>> `initialize'
>>       from /Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/lib/chef/api_client.rb:231:in
>> `new'
>>       from /Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/lib/chef/api_client.rb:231:in
>> `save'
>>       from /Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/lib/chef/knife/client_create.rb:47:in
>> `run'
>>       from /Library/Ruby/Gems/1.8/gems/chef-
>> 0.8.4/lib/chef/application/knife.rb:110:in
>> `run'
>>       from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/bin/knife:26
>>       from /usr/bin/knife:19:in `load'
>>       from /usr/bin/knife:19
>>
>> The command is prompting me with
>> {
>> "public_key": null,
>> "name": "gilles",
>> "json_class": "Chef::ApiClient",
>> "admin": false,
>> "chef_type": "client"
>> }
>>
>> -> I don't really know what to set here, I tried different input for
>> public_key with the same result.
>>
>> This is my knife.rb file
>> log_level                :info
>> log_location             STDOUT
>> node_name                'gilles'
>> client_key               '/Users/gilles/.chef/gilles.pem'
>> validation_client_name   'chef-validator'
>> validation_key           '/Users/gilles/.chef/validation.pem'
>> chef_server_url          'http://chefserver:4000'
>> cache_type               'BasicFile'
>> cache_options( :path => '/Users/gilles/.chef/checksums' ) cookbook_path [
>> '/Users/gilles/Sites/chef/cookbooks',
>> '/Users/gilles/Sites/chef/site-cookbooks' ]
>>
>> the validation key is the one created during chef-server install and I can
>> register chef-clients without problems.
>>
>> chef rubygem is 0.8.4
>>
>> Do I need to setup the dev box as a chef-client for knife to work?
>>
>> Any other idea?
>>
>> Thanks
>>
>> --Gilles
>
> This e-mail message and any attachments may contain confidential,
> proprietary or non-public information.  This information is intended solely
> for the designated recipient(s).  If an addressing or transmission error
> has misdirected this e-mail, please notify the sender immediately and
> destroy this e-mail.  Any review, dissemination, use or reliance upon this
> information by unintended recipients is prohibited.  Any opinions expressed
> in this e-mail are those of the author personally.

[chef] knife setup problem, Gilles Devaux, 03/02/2010
- [chef] RE: knife setup problem, Eric Hankins, 03/03/2010
  - [chef] Re: RE: knife setup problem, Gilles Devaux, 03/03/2010