- From: Bryan McLellan <
>
- To:
- Subject: [chef] Re: chef-validator authentication fails after Chef server upgrade. How to fix this?
- Date: Thu, 30 Aug 2012 10:04:53 -0400
On Thu, Aug 30, 2012 at 8:25 AM, Ringo De Smet
<
>
wrote:
>
After a few such failures, I regenerated the key pair of chef-validator and
>
saved the private key part in validation.pem. Doesn't resolve the problem.
Can you set log_level to debug on the API server and look for a
relevant message there?
>
Then I noticed the chef-validator client was not an admin user, so I edited
>
the user and made it admin. Still no luck.
This doesn't matter, and generally the validation client should not be
an admin because then if someone got a hold of the validation key
which is commonly left around on nodes, they could cause a lot of
havoc.
The validation client gets special permissions that are hardcoded. See here:
https://github.com/opscode/chef/blob/master/chef-server-api/app/controllers/application.rb#L72
Bryan
Archive powered by MHonArc 2.6.16.