[chef] Automatic Node Configuration - "Failed to authenticate"


Chronological Thread 
  • From: Douglas Garstang < >
  • To:
  • Subject: [chef] Automatic Node Configuration - "Failed to authenticate"
  • Date: Mon, 24 Nov 2014 12:45:33 -0800

I'm trying to automate the addition of chef nodes to the chef server. Cloud-init is running a script that downloads an admin user's pem file from an S3 bucket, generates a new node's json file and adds the node with the knife command, ie:

knife node from file /tmp/somenewnode.json -c /tmp/knife.rb

That works fine. I can see the new node on the chef server. After that, another script downloaded from S3 is creating /etc/chef/client.rb file for the new node, like so:

ssl_verify_mode         :verify_peer
log_level               :info
log_location            STDOUT
chef_server_url         'https://chef01.prod.slicetest.com:443'
validation_client_name  'chef-validator'
validation_key          '/etc/chef/validation_keys/validator-chef01.prod.slicetest.com.pem'

When I run the chef-client I get a message:

Authentication Error:
---------------------
Failed to authenticate to the chef server (http 401).

Server Response:
----------------
Invalid signature for user or client 'chef-validator'

What am I missing here? I've confirmed the validator key is correct. I'm making sure to remove both the node and the client from the chef server before running (as I know that having an existing client cert on the server will break it). Is this something to do with the trusted_certs thing? How is that supposed to work?

Doug.





Archive powered by MHonArc 2.6.16.

§