chef - [chef] Re: Re: 403 errors when bootstrapping

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: 403 errors when bootstrapping

From: Adam Leff < >
To:
Subject: [chef] Re: Re: 403 errors when bootstrapping
Date: Thu, 7 Feb 2013 12:40:34 -0500

I wish it was that easy, but thank you for the response. :)

I narrowed this down to nginx ssl. When I hacked up the nginx.conf to not listen on 443, not rewrite :80 traffic and simply pass it directly to erchef without any SSL, happiness ensued shortly thereafter. This also include any knife operations of creating environments (knife reported successful creation, but "knife environment list" did not agree), uploading cookbooks returned "method not supported" (or something similar), etc.

I'll hopefully get some time on a long flight tomorrow to dig into why.

~Adam

On Thu, Feb 7, 2013 at 3:28 AM, Josiah Kiehl < " target="_blank"> > wrote:

Are you trying to bootstrap to an environment that doesn't exist? I'm less familiar with Chef 11, but I know you will get a puzzling 403 if the environment does not exist on Chef 10.

On Wed, Feb 6, 2013 at 1:22 PM, Adam Leff < " target="_blank"> > wrote:

Ohai, Chefs!

On a fresh open-source Chef 11 server install on CentOS 5.8, I'm receiving 403 errors when bootstrapping a new client, at the step when the bootstrap process attempts to create the client. The issue appears to be when the client makes a "GET /clients" call.

I have attempted to create a new validator client/key/cert, and an admin client/key/cert (to be used as a validator) with no luck. The bootstrapping does indeed install the proper validator certificate and a valid client.rb.

Server logs:

==> /var/log/chef-server/nginx/access.log <==
192.168.100.3 - - [06/Feb/2013:18:34:59 +0000] "GET /clients HTTP/1.1" 403 "0.010" 54 "-" "Chef Client/11.0.0 (ruby-1.9.3-p286; ohai-6.16.0; x86_64-linux; +http://opscode.com)" "127.0.0.1:8000" "403" "0.006" "11.0.0" "algorithm=sha1;version=1.0;" "chef-validator" "2013-02-06T18:34:56Z" "2jmj7l5rSw0yVb/vlWAYkK/YBwk=" 931

==> /var/log/chef-server/erchef/erchef.log.1 <==
2013-02-06T18:34:59Z " target="_blank"> INFO req_id=Uz6MB8/WWFUMIPUdWD3TqQ==; status=403; method=GET; path=/clients; user=chef-validator; msg={forbidden}; req_time=3; rdbms_time=0; rdbms_count=1

Client logs:

192.168.100.3 Authorization Error:
192.168.100.3 --------------------
192.168.100.3 Your validation client is not authorized to create the client for this node (HTTP 403).

192.168.100.3
192.168.100.3 Possible Causes:
192.168.100.3 ----------------
192.168.100.3 * There may already be a client named "chef-client-11"
192.168.100.3 * Your validation client (chef-validator) may have misconfigured authorization permissions.

192.168.100.3 [2013-02-06T18:34:56+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
192.168.100.3 [2013-02-06T18:34:56+00:00] FATAL: Net::HTTPServerException: 403 "Forbidden"

I have confirmed that no client named "chef-client-11" exists, but I'm stuck on the authorization permissions that may need to be addressed.

Any help would be GREATLY appreciated - many thanks. :)

~Adam

[chef] 403 errors when bootstrapping, Adam Leff, 02/06/2013
- [chef] Re: 403 errors when bootstrapping, Josiah Kiehl, 02/07/2013
  - [chef] Re: Re: 403 errors when bootstrapping, Adam Leff, 02/07/2013
    - [chef] Re: Re: Re: 403 errors when bootstrapping, stolfi, 02/20/2013
      - [chef] Re: Re: Re: Re: 403 errors when bootstrapping, mandi walls, 02/20/2013
    - Message not available
      - [chef] Re: Re: Re: 403 errors when bootstrapping, Adam Leff, 02/20/2013