[chef] Re: Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours.


Chronological Thread 
  • From: "Jason J. W. Williams" < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Re: Re: Re: Re: validation.pem seems to stop working after 24-48 hours.
  • Date: Tue, 24 May 2011 12:46:26 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=KPUW7FAnBH6HXDaIfpVqrY2FezcUG1QNFm0GzBBi5FffZd0VNEwxYL+Lv9Ts5cwqZ2 MhBzX/vfTnYGtxZQqobaFzZ8QuK51UzU8SE2T+zsHowiDsuCuQN2GK71IdWkJbfqApmt cwkM3TMl5Sd59YJaBHbk7PJrg4kPAcXxyKLnQ=

So the last time I regenerated the validation key, I saved a copy of
the public key as seen from the chef UI. Now if I compare that saved
copy of the public key against what is now reported from the WebUI
(now that the validation.pem is not working again) they're different.
I'm the only one using the Chef server at the moment and I haven't
regenerated the validation key. So my question else could cause the
public key on the chef server to change?

-J

On Mon, May 16, 2011 at 7:24 PM, Daniel DeLeo 
< >
 wrote:
> On Monday, May 16, 2011 at 3:18 PM, Jason J. W. Williams wrote:
>
> Actually use this gist for the client: https://gist.github.com/975507
>
>
>
> On Mon, May 16, 2011 at 4:04 PM, Jason J. W. Williams
> < >
>  wrote:
>
> Hi AJ,
>
> Sorry about the NTP dig. Can you post -l debug output from both client
> and server showing the full authentication failure backtrace(s)?
>
> No worries. Here's the client side debug: https://gist.github.com/975464
>
> Server side debug: https://gist.github.com/975480
>
> What's interesting is that in the server side debug it says the
> expected hash matches the requested hash.
>
> The signature is incorrect, though, so the private key used to sign the
> request doesn't match the public being used to verify the signature.
> Are you deleting /etc/chef/validation.pem on the server for any reason? Is
> there anything else on the server side that correlates with the
> validation.pem going bad, such as restarts for logrotation?
>
> --
> Dan DeLeo
>
>
> -J
>
>



Archive powered by MHonArc 2.6.16.

§