Hi Maven,We recommend running chef-client with sudo, so it will have access to all of the files needed. As long as it's ran with sudo, it shouldn't really matter who owns the files but normally they are owned by root/root.It sounds like you are running your own chef server, and the validation key needs to be regenerated on the server. You can do this by removing the validation key on the server, which is typically stored on the filesystem at /etc/chef/validation.pem and restarting the chef-server with these commands:$ sudo rm /etc/chef/validation.pem
$ sudo /etc/init.d/chef-server restart
This will create a new key pair on both the disk and in the database, you can then copy it over to any clients that need to authenticate. Feel free to update this thread with some further updates if you continue to get errors afterwards.Thanks,JessicaOn Wed, Sep 28, 2011 at 2:53 PM, Maven User < " target="_blank"> > wrote:When I try w/o sudo, I get this:
WARN: *****************************************
WARN: Can not find config file: /etc/chef/client.rb, using defaults.WARN: Permission denied - /etc/chef/client.rbWARN: *****************************************
When I try with sudo, I get this:
INFO: *** Chef 0.10.4 ***INFO: HTTP Request Returned 401 Unauthorized: Failed to authenticate. Ensure that your client key is valid.
FATAL: Stacktrace dumped to /var/cache/chef/chef-stacktrace.outFATAL: Net::HTTPServerException: 401 "Unauthorized"I just regenerated the client.pem file, but it didn't help (it seems).
Any other suggestions?On Thu, Sep 22, 2011 at 11:28 AM, Aaron Abramson < " target="_blank"> > wrote:
knife ssh "role:<my role>" "sudo chef-client" -P <mypass>C:\chef>knife ssh "role:<role I want to do something with>" "sudo chef-client" -P <password>
<chefclient> knife sudo password:
Enter your password:
<chefclient>
<chefclient> [Thu, 22 Sep 2011 10:23:14 -0400] INFO: *** Chef 0.10.4 ***
<chefclient> [Thu, 22 Sep 2011 10:23:15 -0400] INFO: HTTP Request Returned 401 Unauthorized: Failed to authenticate. Ensure that your client key is valid.
<chefclient> [Thu, 22 Sep 2011 10:23:15 -0400] FATAL: Stacktrace dumped to /var/cache/chef/chef-stacktrace.out
<chefclient> [Thu, 22 Sep 2011 10:23:15 -0400] FATAL: Net::HTTPServerException: 401 "Unauthorized"As Denis said, you're successfully connecting to the server with your users password. And you can see that it executed "sudo chef-client", and then was waiting for input for the "sudo password".Update your sudoers file to grant passwordless sudo access for your user.But, since you're not defining a username for knife ssh (ie -x ubuntu, or -x admin), knife is SSH'ing as root. So your command really should be:knife ssh "role:<my role>" "chef-client" -P <mypass>Since you're already the root user on the remote machine, and have no need to "sudo" to gain superuser privileges again.On Sep 22, 2011, at 10:02 AM, Denis Barishev wrote:
Hello Maven,
On 09/22/2011 06:26 PM, Maven User wrote:Jessica - thank you so much!
The learning curve has felt very steep, these types of exchanges have helped me out a ton.
The final thread/step in this process is getting around having to specify my password when running knife.
So when I do something like:
C:\chef>knife ssh "role:<role I want to do something with>" "sudo chef-client"
WARNING: Failed to connect to node[<chefclient>] -- Net::SSH::AuthenticationFailed: <username>@<chefclient>
But when I do this:
C:\chef>knife ssh "role:<role I want to do something with>" "sudo chef-client" -P <password>
<chefclient> knife sudo password:
Enter your password:
<chefclient>
<chefclient> [Thu, 22 Sep 2011 10:23:14 -0400] INFO: *** Chef 0.10.4 ***
<chefclient> [Thu, 22 Sep 2011 10:23:15 -0400] INFO: HTTP Request Returned 401 Unauthorized: Failed to authenticate. Ensure that your client key is valid.
<chefclient> [Thu, 22 Sep 2011 10:23:15 -0400] FATAL: Stacktrace dumped to /var/cache/chef/chef-stacktrace.out
<chefclient> [Thu, 22 Sep 2011 10:23:15 -0400] FATAL: Net::HTTPServerException: 401 "Unauthorized"
Isn't the authorization handled via the pem files or do I need to set up ssh keys as well?
As I can see you have successfully run a knife ssh command by suppling the right password. You mus provide knife ssh with either a password or pem key path (-i option). Here you can see that knife ssh has sshed into the node and tried to run chef-client there but it failed. The reason is probably that you haven't configured chef-client there. Make sure you have the right chef configuration directory with client.rb and validation/client key on the remote machine.
Denis
On Wed, Sep 21, 2011 at 4:41 PM, Jessica Bourne < " target="_blank"> > wrote:
Hi Maven,
I completely agree, we've been working on separating instructions based on OS as well as type of install (client vs workstation). This should make it clearer what is needed to run both. Client has chef-client configured so they can run recipes, and workstations have knife configured so they can manage the nodes. It isn't necessary to run both on a node unless you want to run recipes on it and manage other nodes from it. The directions currently explain how to set the node up with both, but it may not be needed depending on what you want to do with your install.
The instructions on the Installation on Windows page will guide you through almost everything you need for a workstation, except for SSH and bootstrapping new nodes from it. I'd recommend installing the gems on the knife page, you will definitely need at least the net-ssh packages to use SSH. Afterwards you can confirm you can SSH, and then follow the knife windows bootstrap guide to bootstrap new nodes with knife if needed. The gems really should be included on the Installation on Windows page to make this clearer.
The knife windows bootstrap page is separate because not everyone who installs Windows will need to bootstrap new Windows nodes. This page can be used on Mac or Linux as well, to bootstrap new Windows nodes from that workstation instead. If you do decide to bootstrap new nodes from this machine you will need 1.9.X, but otherwise you can use Ruby 1.8.7 without issues. It really just depends on how you'd like to have your nodes managed.
If you have a Mac or Linux machine available, you could always just try setting it up as the workstation instead and then using the knife-windows bootstrap plugin to bootstrap new nodes as clients from it as there is a bit more documentation on those OSes right now. If you did it this way no configuration should be needed on the Windows machine except for SSH or WinRM access, and the bootstrap plugin would install ruby, gems, and chef-client. It would not configure knife though, so you'd need to manage the nodes from the Linux/Mac workstation in this type of setup.
If you're still getting errors after installing those gems on Windows, feel free to update this thread with some more information on the errors you are getting.
Thanks,Jessica
On Wed, Sep 21, 2011 at 10:15 AM, Maven User < " target="_blank"> > wrote:
By the way - this page:
http://wiki.opscode.com/display/chef/Installation+on+Windows
Suggests ruby 1.8.7, but then this one: Requires 1.9.X+
:-/
On Wed, Sep 21, 2011 at 9:44 AM, Maven User < " target="_blank"> > wrote:
Cool - I'd love to help out in any way to document this process (it's been pretty painful).
FWIW - it'd be HUGELY helpful if all instructions for each platform were organized by platform.
Right now, there are "how to setup chef on windows", a "knife-windows" and then finally a generalized "knife" pages. All of which have little bits needed to get things working successfully on windows (something I _still_ haven't managed).
Just so I'm clear - I can jump right to the link below to set up knife on windows? Then I have to go to the generalized Knife page and also install those gems?
On Tue, Sep 20, 2011 at 6:35 PM, Jessica Bourne < " target="_blank"> > wrote:
Hi Maven,
We've actually been working on updating our installation instructions, including the documentation on Windows. They won't be completed for a few more weeks, but I'll be sure to review this thread once they are in draft so we can be sure your concerns are addressed.
The gems listed on the knife doc are necessary, some of them are what enable you to ssh from that node. If you're still getting errors after installing the gems on the knife page, feel free to respond to this thread with the command you are using and the error you are getting, as well as the Windows version. Without specific errors it can be difficult to figure out why knife ssh is failing on that node.
Knife-windows is used to bootstrap new windows nodes, more information on it can be found on this wiki page: http://wiki.opscode.com/display/chef/Knife+Windows+Bootstrap
Thanks,Jessica
On Tue, Sep 20, 2011 at 11:18 AM, Maven User < " target="_blank"> > wrote:
It gets even more confusing.
So it starts there but talks about knife-windows (is that absolutely necessary?) then if you click into the standard "knife" documentation, there's a big blue box that states "Knife requires some extra gems!" - are those required if you don't plan on doing any cloud work? I've noticed on windows, I can't do "knife ssh" without errors but I'm done flailing and don't want to just run off and start installing gems.
On Tue, Sep 20, 2011 at 1:19 PM, Maven User < " target="_blank"> > wrote:
http://wiki.opscode.com/display/chef/Installation+on+Windows
??
On Tue, Sep 20, 2011 at 12:28 PM, Daniel DeLeo < " target="_blank"> > wrote:
On Monday, September 19, 2011 at 10:37 AM, Maven User wrote:What documentation are you using?
> Thanks again for all the tips up until this point - the documentation for knife usage on windows is really confusing.
>
> It just skips from running the client install/setup to running knife commands - nothing about the "knife configure -i" step.
>
> I'm also not sure if this is expected behavior but the windows guide talks about C:\chef\.chef yet knife creates a lot of things in ~/.chef (in windows).
>
> Do things need to be replicated between these two areas or did I make a mistake?
>
--
Dan DeLeo
Archive powered by MHonArc 2.6.16.