- From: John Hanks <
>
- To:
- Subject: [chef] Re: Re: Registering client when old client exists.
- Date: Wed, 7 Jul 2010 10:50:03 -0400
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=nxTGB4lSHjuIBtGfEoRBuS5zrdsnYfDqfOHF54jLIAKlRqaPtZVWL8ao7lN5uRNmQI AcdmzYPMrvaPUlKJRLJ7xPSe4EQe11M5d+tbWj2FtdFhatP7CVZqJ8kOLrrJGj/jy0Uh 7k0wfwfusId5fc+PsukGfwF2A93mFhl52E088=
On Mon, Jun 28, 2010 at 7:35 AM, John Hanks
<
>
wrote:
>
On Sun, Jun 27, 2010 at 10:21 PM, Daniel DeLeo
>
<
>
>
wrote:
>
> You're getting a 403 forbidden error when the client attempts to
>
> re-register, yes? This happens because the validation client is no
>
> longer an admin, but a much lesser privileged entity. You could
>
> probably get the old behavior back by creating an admin client (via
>
> `knife client create`) and using that instead of the stock validation
>
> client. If you do that, though, your entire infrastructure is at risk
>
> should the alt-validator's private key be compromised.
>
>
I believe the error is a 409 but am not connected well enough to
>
verify that at the moment. I'm not as concerned about security because
>
the entire infrastructure is in a secured area so I'll try the admin
>
client approach and let you know if that fixes it.
Just to follow-up, I made chef-validator an admin and got the behavior
I needed with re-registrations overwriting old registrations.
jbh
- [chef] Re: Re: Registering client when old client exists., John Hanks, 07/07/2010
Archive powered by MHonArc 2.6.16.