- From: Hedge Hog <
>
- To:
- Cc: Daniel DeLeo <
>
- Subject: [chef] Re: Re: How to authenticate knife with a fresh Chef 0.9.12 server
- Date: Wed, 6 Apr 2011 12:03:15 +1000
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=LYW5ixHcdW5mTtrI4nNHmvlXZYRqaOnzMh7x92Z+FZXJD2NgdrltnAKZs0a3GZpYrj tAOJAnFNGBrFpAS2jZ41bC/uBQvy5/juIsJBmeZXBJHd8vcnBopkT612SXR7iRZtmkod s2uKWvXAZrE2HGnSFEC1TcR+BRjaUjJsyc9W0=
On Wed, Apr 6, 2011 at 11:45 AM, Daniel DeLeo
<
>
wrote:
>
On Tuesday, April 5, 2011 at 6:37 PM, Hedge Hog wrote:
>
>
Hi,
>
Starting with a fresh chef server (0.9.12) is it possible to
>
use/authenticate knife to query the server?
>
That is I only have the clients chef-validator and chef-webui, and the
>
keys on the server (via a mount)
>
With this knife file:
>
current__dir = File.dirname(__FILE__)
>
log_level :debug
>
log_location $stdout
>
node_name "chef-validator"
>
client_key "#{File.dirname(current_dir)}/etc/client.pem"
>
validation_key "#{File.dirname(current_dir)}/etc/validation.pem"
>
chef_server_url "http://localhost:4000";
>
cache_type 'Memory'
>
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
>
cookbook_path
>
["#{current_dir}/../cookbooks","#{current_dir}/../site-cookbooks"]
>
>
I'm getting this error:
>
>
$ knife client list -c /tmp/chef/.chef/knife.rb
>
DEBUG: Using configuration from /tmp/chef/.chef/knife.rb
>
DEBUG: Signing the request as chef-validator
>
DEBUG: Sending HTTP Request via GET to localhost:4000/clients
>
WARN: HTTP Request Returned 401 Unauthorized: Failed to authenticate.
>
Ensure that your client key is valid.
>
/home/hedge/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/net/http.rb:2295:in
>
`error!': 401 "Unauthorized" (Net::HTTPServerException)
>
>
>
Appreciate any hints or tips.
>
>
>
The chef-webui user is the only admin that is created when the server first
>
starts, so you want to authenticate as that user. For example, knife COMMAND
>
-u chef-webui -k /etc/chef/webui.pem should work correctly. This is what the
>
`knife configure --initial` does internally to create a new administrator
>
for you.
>
Hmm, this works:
knife client list -c /tmp/chef/.chef/knife.rb
but this
knife client create monkey -f /tmp/chef/monkey.pem -c /tmp/chef/.chef/knife.rb
complains. I'm executing this using Aruba, as most are likely to if
the write feature files, so setting the Environment isn't possible.
This is a bug right?
I've only been able to find this[0], which doesn't seem related.
The work around seems to be:
1) Run this, using Aruba's interactive run:
bash -c 'EDITOR=vim knife client create monkey -f /tmp/chef/monkey.pem
-c /tmp/chef/.chef/knife.rb'
2) Using Aruba, type :q
Now you have created the client and saved the key.....
Any other suggestions I've missed?
[0]:
http://tickets.opscode.com/browse/CHEF-1340
>
--
>
Dan DeLeo
>
>
>
>
--
>
πόλλ' οἶδ ἀλώπηξ, ἀλλ' ἐχῖνος ἓν μέγα
>
[The fox knows many things, but the hedgehog knows one big thing.]
>
Archilochus, Greek poet (c. 680 BC – c. 645 BC)
>
http://wiki.hedgehogshiatus.com
>
>
--
πόλλ' οἶδ ἀλώπηξ, ἀλλ' ἐχῖνος ἓν μέγα
[The fox knows many things, but the hedgehog knows one big thing.]
Archilochus, Greek poet (c. 680 BC – c. 645 BC)
http://wiki.hedgehogshiatus.com
Archive powered by MHonArc 2.6.16.