[chef] Re: Re: Re: opscode nagios quick start

[Tim Dunphy < >]

hey guys.. yes as Jesse pointed out I was using an outdated validation.pem at /etc/chef/validation.pem as referenced by my knife.rb. I actually realized this when I noticed in a test run I did this morning was referencing that file and failing to apply the roles I had specified on the command line.

So I tried doing a 'diff' on /etc/chef/validation.pem and /Users/dunphy/.chef/validation.pem and noticed that I recognized the cert in /etc/chef as the one that i saw in /etc/chef/validation.pem on the ec2 instance that I created last night and failed. So, similar to what Jesse suggested I copied the cert I had at .chef/validation.pem to /etc/chef/validation.pem and *voila*! SUCCESS! I tried this before I saw Jesse' reply but I certainly appreciate both your input. I would certainly have pulled what remains of my hair out trying to figure this out had I not stumbled onto the answer myself or been advised of the right one.

Thanks again guys!
Tim

On Mon, Dec 31, 2012 at 10:09 AM, Jesse Campbell < " target="_blank"> > wrote:

you say you are putting validation.pem into ~/nagios-quick-start/.chef

but then in your knife.rb validation_key is set to '/etc/chef/validation.pem'

change your knife.rb to point to '/Users/dunphy/nagios-quick-start/.chef/validation.pem' and perhaps that should cover it? I'm guessing you have an old validation.pem on your workstation in /etc/chef.

On Mon, Dec 31, 2012 at 1:34 AM, Gourav Shah < " target="_blank"> > wrote:

Tim, 

I believe the following part is what is overwriting your validating key with something else. 

 I followed all the steps of the tutorial including cloning the git repo and especially these particular steps:

mkdir ~/nagios-quick-start/.chef

cp ~/chef-repo/.chef/knife.rb ~/nagios-quick-start/.chef

cp ~/chef-repo/.chef/USERNAME.pem ~/nagios-quick-start/.chef

cp ~/chef-repo/.chef/validation.pem ~/nagios-quick-start/.chef

As per the link that you are following (http://wiki.opscode.com/display/chef/Nagios+Quick+Start) this  part is valid only if you are using opscode chef server and not the community chef server.  If you have your own chef server, it may not be required to do this step. 

When you run knife ec2 server create, it will

1.  launch a new ec2 instance  

2.  install chef on this instance

3.  bootstrap it. it will automatically copy the correct validation.pem key while this happens. 

Can you remove the validation.pem from ~/nagios-quick-start/.chef and try. Alternately, you could copy /etc/chef/validation.pem there.  

Also, can you make sure that if you are using a AMI to launch instnace, it does not have stale /etc/chef/validation.pem on it. 

Thanks

Gourav Shah

Founder and Principal Consultant

Initcron | www.initcron.com

-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B