[chef] Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: knife on windows

[Daniel DeLeo < >]

On Thursday, September 29, 2011 at 7:44 AM, Maven User wrote:
> It's finding the /etc/var/client.pem file, just not the client.rb it seems. 
> All the various chef directories scattered around for logging/pid/etc are 
> all owned by chef/chef.
> 
> Also, the documentation says to run chef-client without sudo. If I do it 
> without sudo, I get the "cannot find config file" message. If I do with 
> sudo, I get the unauthorized message: 
Stick with sudo. Most of the things chef needs to do, such as installing 
packages and managing config files, require root.

> 
> Generated at Thu Sep 29 10:42:54 -0400 2011
> Net::HTTPServerException: 401 "Unauthorized"
> /usr/lib/ruby/1.8/net/http.rb:2105:in `error!'
> /usr/lib/ruby/vendor_ruby/chef/rest.rb:237:in `api_request'
> /usr/lib/ruby/vendor_ruby/chef/rest.rb:288:in `retriable_rest_request'
> /usr/lib/ruby/vendor_ruby/chef/rest.rb:218:in `api_request'
> /usr/lib/ruby/vendor_ruby/chef/rest.rb:114:in `get_rest'
> /usr/lib/ruby/vendor_ruby/chef/node.rb:603:in `load'
> /usr/lib/ruby/vendor_ruby/chef/node.rb:587:in `find_or_create'
> /usr/lib/ruby/vendor_ruby/chef/client.rb:234:in `build_node'
>  /usr/lib/ruby/vendor_ruby/chef/client.rb:151:in `run'
> /usr/lib/ruby/vendor_ruby/chef/application/client.rb:239:in 
> `run_application'
> /usr/lib/ruby/vendor_ruby/chef/application/client.rb:229:in `loop'
> /usr/lib/ruby/vendor_ruby/chef/application/client.rb:229:in 
> `run_application'
> /usr/lib/ruby/vendor_ruby/chef/application.rb:67:in `run'
> /usr/bin/chef-client:25
> 
> The validation.pem and client.pem files are freshly generated (the 
> validation.pem file was copied back from the chef-server). From the 
> chef-server webui, I regenerated the client.pem file and copied the 
> contents into the client.pem file.
The validation.pem file is used only when first registering a new node. If 
you're creating a client in the webui and copying the key over, the 
validation.pem will be irrelevant.

When you get a 401 error, the cause can be 1 of 3 things:
1. The key is incorrect
2. The node name is incorrect
3. There is a clock difference greater than 15 minutes between the server and 
client hosts. We can rule this out in your case.

You can think of the node name and client.pem being analagous to a 
username/password combination. They both have to be correct. If you're 
certain the key is correct, check the node name setting in your client.rb. If 
you haven't set one explicitly, the FQDN of the host running chef-client will 
be used.

When debugging server communication, it's usually helpful to run the server 
with -l debug also.

> 
> Any more clues?
> 


-- 
Dan DeLeo