[chef] node chef first run unauthorized..


Chronological Thread 
  • From: Elias Abacioglu < >
  • To:
  • Subject: [chef] node chef first run unauthorized..
  • Date: Wed, 16 Sep 2015 12:25:38 +0200

Hi,
I have installed chef-server v12.2.0.
When I run chef-client for the first time on a new node to bootstrap it I get following output:

Creating a new client identity for node01.something using the validator key.
[2015-09-16T12:01:15+02:00] INFO: Client key /etc/chef/client.pem is not present - registering
[2015-09-16T12:01:15+02:00] INFO: HTTP Request Returned 401 Unauthorized: error

================================================================================
Chef encountered an error attempting to create the client "node01.something"
================================================================================

Authentication Error:
---------------------
Failed to authenticate to the chef server (http 401).

Server Response:
----------------
Invalid signature for user or client 'ORG-validator'

Relevant Config Settings:
-------------------------
chef_server_url         "https://chef.something/organizations/ORG"
validation_client_name  "ORG-validator"
validation_key          "/etc/chef/validation.pem"

If these settings are correct, your validation_key may be invalid.




validation client name is the name I got from when I created organization ORG.
validation key is the from ORG-validator.

the client.rb looks like this:
log_level          :info
log_location       STDOUT
ssl_verify_mode    :verify_none
chef_server_url    "https://chef.something/organizations/ORG"
validation_client_name "ORG-validator"
file_backup_path   "/var/lib/chef/backup"
file_cache_path    "/var/cache/chef"
pid_file           "/var/run/chef/client.pid"

Mixlib::Log::Formatter.show_time = true




So how do I verify that my validator key is correct or incorrect?
How do I know if something else is broken?

openssl rsa -in ORG-validator.pem -pubout
does not match:
knife client key show ORG-validator default




Archive powered by MHonArc 2.6.16.

§