[chef] Re: How to authenticate knife with a fresh Chef 0.9.12 server

[Daniel DeLeo < >]

On Tuesday, April 5, 2011 at 6:37 PM, Hedge Hog wrote:

Hi,
Starting with a fresh chef server (0.9.12) is it possible to
use/authenticate knife to query the server?
That is I only have the clients chef-validator and chef-webui, and the
keys on the server (via a mount)
With this knife file:
current__dir = File.dirname(__FILE__)
log_level :debug
log_location $stdout
node_name "chef-validator"
client_key "#{File.dirname(current_dir)}/etc/client.pem"
validation_key "#{File.dirname(current_dir)}/etc/validation.pem"
chef_server_url "http://localhost:4000"
cache_type 'Memory'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path
["#{current_dir}/../cookbooks","#{current_dir}/../site-cookbooks"]

I'm getting this error:

$ knife client list -c /tmp/chef/.chef/knife.rb
DEBUG: Using configuration from /tmp/chef/.chef/knife.rb
DEBUG: Signing the request as chef-validator
DEBUG: Sending HTTP Request via GET to localhost:4000/clients
WARN: HTTP Request Returned 401 Unauthorized: Failed to authenticate.
Ensure that your client key is valid.
/home/hedge/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/net/http.rb:2295:in
`error!': 401 "Unauthorized" (Net::HTTPServerException)


Appreciate any hints or tips.

The chef-webui user is the only admin that is created when the server first starts, so you want to authenticate as that user. For example, knife COMMAND -u chef-webui -k /etc/chef/webui.pem should work correctly. This is what the `knife configure --initial` does internally to create a new administrator for you.

-- 
Dan DeLeo

 

--
πόλλ' οἶδ ἀλώπηξ, ἀλλ' ἐχῖνος ἓν μέγα
[The fox knows many things, but the hedgehog knows one big thing.]
  Archilochus, Greek poet (c. 680 BC – c. 645 BC)
http://wiki.hedgehogshiatus.com