On Thursday, September 29, 2011 at 7:44 AM, Maven User wrote:Stick with sudo. Most of the things chef needs to do, such as installing packages and managing config files, require root.
> It's finding the /etc/var/client.pem file, just not the client.rb it seems. All the various chef directories scattered around for logging/pid/etc are all owned by chef/chef.
> Also, the documentation says to run chef-client without sudo. If I do it without sudo, I get the "cannot find config file" message. If I do with sudo, I get the unauthorized message:
The validation.pem file is used only when first registering a new node. If you're creating a client in the webui and copying the key over, the validation.pem will be irrelevant.
> Generated at Thu Sep 29 10:42:54 -0400 2011
> Net::HTTPServerException: 401 "Unauthorized"
> /usr/lib/ruby/1.8/net/http.rb:2105:in `error!'
> /usr/lib/ruby/vendor_ruby/chef/rest.rb:237:in `api_request'
> /usr/lib/ruby/vendor_ruby/chef/rest.rb:288:in `retriable_rest_request'
> /usr/lib/ruby/vendor_ruby/chef/rest.rb:218:in `api_request'
> /usr/lib/ruby/vendor_ruby/chef/rest.rb:114:in `get_rest'
> /usr/lib/ruby/vendor_ruby/chef/node.rb:603:in `load'
> /usr/lib/ruby/vendor_ruby/chef/node.rb:587:in `find_or_create'
> /usr/lib/ruby/vendor_ruby/chef/client.rb:234:in `build_node'
> /usr/lib/ruby/vendor_ruby/chef/client.rb:151:in `run'
> /usr/lib/ruby/vendor_ruby/chef/application/client.rb:239:in `run_application'
> /usr/lib/ruby/vendor_ruby/chef/application/client.rb:229:in `loop'
> /usr/lib/ruby/vendor_ruby/chef/application/client.rb:229:in `run_application'
> /usr/lib/ruby/vendor_ruby/chef/application.rb:67:in `run'
> The validation.pem and client.pem files are freshly generated (the validation.pem file was copied back from the chef-server). From the chef-server webui, I regenerated the client.pem file and copied the contents into the client.pem file.
When you get a 401 error, the cause can be 1 of 3 things:
1. The key is incorrect
2. The node name is incorrect
3. There is a clock difference greater than 15 minutes between the server and client hosts. We can rule this out in your case.
You can think of the node name and client.pem being analagous to a username/password combination. They both have to be correct. If you're certain the key is correct, check the node name setting in your client.rb. If you haven't set one explicitly, the FQDN of the host running chef-client will be used.
When debugging server communication, it's usually helpful to run the server with -l debug also.
> Any more clues?
Archive powered by MHonArc 2.6.16.