[chef] Re: Re: Re: Re: Re: Re: bootstraping a new client authorization error

[Kelly Goedert < >]

On Mon, Jan 16, 2012 at 1:49 PM, Jesse Campbell 
<
 >
 wrote:
> It should be generating a new client key on its own.
And it is. After the bootstrapping command I can see a file client.pem
in /etc/chef and there is a key in there.

> Take a look at the management console in the clients list (this is
> distinct from the nodes list), make sure it does not list your client,
> and also make sure it *does* list chef-validator.

This is my client list from the server

chef-server     
chef-server.local.lan   
chef-validator  
chef-webui      
kelly (this is the machine I am running knife bootstrap from)


> Next, delete the client.pem file from the node you're testing with,
> then restart the chef-client daemon, and watch the client log.

Maybe the problem is in this step. I am using ubuntu on the machine I
am trying to bootstrap the client. I dont see a chef-client on
/etc/init.d. How do I restart the client then?

> If you still get the unauthorized right away, verify that the
> validation.pem that you're sending with the bootstrap is the same as
> the one in /etc/chef on the chef server, or regenerate the
> validation.pem.

It is. I have checked.
>
> -Jesse
>
> On Mon, Jan 16, 2012 at 10:03, Kelly Goedert 
> <
 >
>  wrote:
>> Well, I am pretty sure I dont have another client with this same name,
>> and I even tried to give a different node name on the bootstrap
>> command, and the result was the same. You mention have chef generate a
>> new client key. How do I do that?
>>
>> On Mon, Jan 16, 2012 at 11:17 AM, andi abes 
>> <
 >
>>  wrote:
>>> Any chance you already registered kelly15 on another machine? Or
>>> registered this client with another name?
>>>
>>> Try to delete client.pem, and have chef generate a new client key.
>>> Double check there's no kelly15 client on the server. If there is,
>>> either delete it or use a different name
>>>
>>> On Jan 16, 2012, at 4:57, Kelly Goedert 
>>> <
 >
>>>  wrote:
>>>
>>>> Hi,
>>>>
>>>> sorry for taking so long to answer, I was out of the office and didnt
>>>> have access to the machines. I installed my own chef server, the open
>>>> source version.
>>>>
>>>> Inside the /etc/chef in the client machine I have
>>>>
>>>> client.pem
>>>> client.rb
>>>> first-boot.json
>>>> validation.pem
>>>>
>>>> In /var/chef/cache/chef-stacktrace.out I have this:
>>>>
>>>> Generated at Mon Jan 16 07:49:22 -0200 2012
>>>> Net::HTTPServerException: 401 "Unauthorized"
>>>> /usr/lib/ruby/1.8/net/http.rb:2105:in `error!'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:245:in
>>>> `api_request'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:296:in
>>>> `retriable_rest_request'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:226:in
>>>> `api_request'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:114:in
>>>> `get_rest'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/node.rb:603:in 
>>>> `load'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/node.rb:587:in
>>>> `find_or_create'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:234:in
>>>> `build_node'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:151:in 
>>>> `run'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/client.rb:239:in
>>>> `run_application'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/client.rb:229:in
>>>> `loop'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/client.rb:229:in
>>>> `run_application'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/client.rb:229:in
>>>> `loop'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/client.rb:229:in
>>>> `run_application'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application.rb:67:in
>>>> `run'
>>>> /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/chef-client:26
>>>>
>>>> Any other suggestions?
>>>>
>>>> On Fri, Jan 13, 2012 at 11:32 AM, Jesse Campbell 
>>>> <
 >
>>>>  wrote:
>>>>> You shouldn't need to create the client first, it should use the
>>>>> validator.pem key to create the client.
>>>>> Are you connecting to hosted chef or open source chef?
>>>>> Can you look on the client machine in /etc/chef and see what is in 
>>>>> there?
>>>>> -Jesse
>>>>>
>>>>>
>>>>> On Fri, Jan 13, 2012 at 07:50, Kelly Goedert 
>>>>> <
 >
>>>>> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm trying to bootstrap a new chef client on a newly installed
>>>>>> machine. I'm using the following command:
>>>>>>
>>>>>>     knife bootstrap -x kelly -P changeme -d ubuntu10.04-gems -N
>>>>>> kelly15 --sudo -r 'role[developer]' 10.1.1.15
>>>>>>
>>>>>> The installation seem to go ok, but this message appears
>>>>>>
>>>>>> [Fri, 13 Jan 2012 10:42:53 -0200] INFO: *** Chef 0.10.8 ***
>>>>>> 10.1.1.15
>>>>>> 10.1.1.15 [Fri, 13 Jan 2012 10:42:54 -0200] INFO: HTTP Request
>>>>>> Returned 401 Unauthorized: Failed to authenticate. Ensure that your
>>>>>> client key is valid.
>>>>>> 10.1.1.15
>>>>>> 10.1.1.15 [Fri, 13 Jan 2012 10:42:54 -0200] FATAL: Stacktrace dumped
>>>>>> to /var/chef/cache/chef-stacktrace.out
>>>>>> 10.1.1.15
>>>>>> 10.1.1.15 [Fri, 13 Jan 2012 10:42:54 -0200] FATAL:
>>>>>> Net::HTTPServerException: 401 "Unauthorized"
>>>>>>
>>>>>> Do I have to create the client on chef server first?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Kelly
>>>>>
>>>>>