- From: "Jason J. W. Williams" <
>
- To:
- Subject: [chef] Re: Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours.
- Date: Tue, 17 May 2011 10:09:39 -0600
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=GUYJ7EKt9IREJ/cKlIsWfUiCtqh7cDBAouy1I0g2AWJUxNCE1sjoFrjF2efbGlEMWd m38SQEgtzufm9orKBMgHXrFHnpJmBH/7F+NMOA30QNPNKztvt9ivqnrgOaPPYLkJTeau h+p7+D1ILFrMODB0oyufFiXL1OPOVdEhSSDlg=
Hi Dan,
>
The signature is incorrect, though, so the private key used to sign the
>
request doesn't match the public being used to verify the signature.
>
Are you deleting /etc/chef/validation.pem on the server for any reason? Is
>
there anything else on the server side that correlates with the
>
validation.pem going bad, such as restarts for logrotation?
>
By "on the server" I assume you mean on the server being provisioned
via chef-client? validation.pem on servers being provisioned is loaded
via "knife bootstrap" from my workstation, and it's not changing on my
workstation. If I run "openssl rsa -noout -modulus -in validation.pem
| openssl md5" I get:
9b2a64dd6acd1e5337b5804886841208
However, if I run "openssl rsa -noout -modulus -pubin -in | openssl
md5" on the public key as shown in the Chef console I get errors:
unable to load Public Key
48166:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/asn1/tasn_dec.c:1316:
48166:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1
error:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/asn1/tasn_dec.c:380:Type=X509_ALGOR
48166:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/asn1/tasn_dec.c:748:Field=algor,
Type=X509_PUBKEY
48166:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
lib:/SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/pem/pem_oth.c:83:
It's almost as if the public key in Chef has become corrupted, which
would seem to explain the "padding error" message on the server side
logs.
-J
- [chef] validation.pem seems to stop working after 24-48 hours., Jason J. W. Williams, 05/16/2011
- [chef] Re: validation.pem seems to stop working after 24-48 hours., AJ Christensen, 05/16/2011
- [chef] Re: Re: validation.pem seems to stop working after 24-48 hours., Jason J. W. Williams, 05/16/2011
- [chef] Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Charles Sullivan, 05/16/2011
- [chef] Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Jason J. W. Williams, 05/16/2011
- [chef] Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., AJ Christensen, 05/16/2011
- [chef] Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Jason J. W. Williams, 05/16/2011
- [chef] Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Jason J. W. Williams, 05/16/2011
- [chef] Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Daniel DeLeo, 05/16/2011
- [chef] Re: Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Jason J. W. Williams, 05/17/2011
- [chef] Re: Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Jason J. W. Williams, 05/24/2011
- [chef] Re: Re: Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Daniel DeLeo, 05/26/2011
- [chef] Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Jason J. W. Williams, 05/26/2011
- [chef] Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours., Mason Turner, 05/28/2011
[chef] Re: validation.pem seems to stop working after 24-48 hours., Adam Jacob, 05/16/2011
Archive powered by MHonArc 2.6.16.