- From: Douglas Garstang <
>
- To:
- Subject: [chef] Automatic Node Configuration - "Failed to authenticate"
- Date: Mon, 24 Nov 2014 12:45:33 -0800
I'm trying to automate the addition of chef nodes to the chef server. Cloud-init is running a script that downloads an admin user's pem file from an S3 bucket, generates a new node's json file and adds the node with the knife command, ie:
knife node from file /tmp/somenewnode.json -c /tmp/knife.rb
That works fine. I can see the new node on the chef server. After that, another script downloaded from S3 is creating /etc/chef/client.rb file for the new node, like so:
ssl_verify_mode :verify_peer
log_level :info
log_location STDOUT
chef_server_url 'https://chef01.prod.slicetest.com:443'
validation_client_name 'chef-validator'
validation_key '/etc/chef/validation_keys/validator-chef01.prod.slicetest.com.pem'
When I run the chef-client I get a message:
Authentication Error:
---------------------
Failed to authenticate to the chef server (http 401).
Server Response:
----------------
Invalid signature for user or client 'chef-validator'
What am I missing here? I've confirmed the validator key is correct. I'm making sure to remove both the node and the client from the chef server before running (as I know that having an existing client cert on the server will break it). Is this something to do with the trusted_certs thing? How is that supposed to work?
Doug.
- [chef] Automatic Node Configuration - "Failed to authenticate", Douglas Garstang, 11/24/2014
Archive powered by MHonArc 2.6.16.