Are you trying to bootstrap to an environment that doesn't exist? I'm less familiar with Chef 11, but I know you will get a puzzling 403 if the environment does not exist on Chef 10.
On Wed, Feb 6, 2013 at 1:22 PM, Adam Leff < "> > wrote:
Ohai, Chefs!
On a fresh open-source Chef 11 server install on CentOS 5.8, I'm receiving 403 errors when bootstrapping a new client, at the step when the bootstrap process attempts to create the client. The issue appears to be when the client makes a "GET /clients" call.
I have attempted to create a new validator client/key/cert, and an admin client/key/cert (to be used as a validator) with no luck. The bootstrapping does indeed install the proper validator certificate and a valid client.rb.
Server logs:
==> /var/log/chef-server/nginx/access.log <==192.168.100.3 - - [06/Feb/2013:18:34:59 +0000] "GET /clients HTTP/1.1" 403 "0.010" 54 "-" "Chef Client/11.0.0 (ruby-1.9.3-p286; ohai-6.16.0; x86_64-linux; +http://opscode.com)" "127.0.0.1:8000" "403" "0.006" "11.0.0" "algorithm=sha1;version=1.0;" "chef-validator" "2013-02-06T18:34:56Z" "2jmj7l5rSw0yVb/vlWAYkK/YBwk=" 931
==> /var/log/chef-server/erchef/erchef.log.1 <==2013-02-06T18:34:59Z "> INFO req_id=Uz6MB8/WWFUMIPUdWD3TqQ==; status=403; method=GET; path=/clients; user=chef-validator; msg={forbidden}; req_time=3; rdbms_time=0; rdbms_count=1
Client logs:
192.168.100.3 Authorization Error:192.168.100.3 --------------------
192.168.100.3 Your validation client is not authorized to create the client for this node (HTTP 403).
192.168.100.3
192.168.100.3 Possible Causes:192.168.100.3 ----------------
192.168.100.3 * There may already be a client named "chef-client-11"
192.168.100.3 * Your validation client (chef-validator) may have misconfigured authorization permissions.
192.168.100.3 [2013-02-06T18:34:56+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
192.168.100.3 [2013-02-06T18:34:56+00:00] FATAL: Net::HTTPServerException: 403 "Forbidden"
I have confirmed that no client named "chef-client-11" exists, but I'm stuck on the authorization permissions that may need to be addressed.
Any help would be GREATLY appreciated - many thanks. :)
~Adam
Archive powered by MHonArc 2.6.16.