[chef] Re: Re: node chef first run unauthorized..


Chronological Thread 
  • From: Elias Abacioglu < >
  • To:
  • Subject: [chef] Re: Re: node chef first run unauthorized..
  • Date: Wed, 16 Sep 2015 14:42:42 +0200

It worked, thanks for the suggestion.
It is kind of strange that the documented method below didn't work when setting up the chef server:
# chef-server-ctl org-create short_name "full_organization_name" --association_user user_name --filename ORGANIZATION-validator.pem



I'll write it off as a glitch in the matrix.


2015-09-16 12:28 GMT+02:00 vishnu < " target="_blank"> >:

Hi,

Did you already tried reset the validator key ? If not could you please do that copy the new key to the location mentioned in the knife.rb ?

Vishnu.

On Sep 16, 2015 3:56 PM, "Elias Abacioglu" < " target="_blank"> > wrote:
Hi,
I have installed chef-server v12.2.0.
When I run chef-client for the first time on a new node to bootstrap it I get following output:

Creating a new client identity for node01.something using the validator key.
[2015-09-16T12:01:15+02:00] INFO: Client key /etc/chef/client.pem is not present - registering
[2015-09-16T12:01:15+02:00] INFO: HTTP Request Returned 401 Unauthorized: error

================================================================================
Chef encountered an error attempting to create the client "node01.something"
================================================================================

Authentication Error:
---------------------
Failed to authenticate to the chef server (http 401).

Server Response:
----------------
Invalid signature for user or client 'ORG-validator'

Relevant Config Settings:
-------------------------
chef_server_url         "https://chef.something/organizations/ORG"
validation_client_name  "ORG-validator"
validation_key          "/etc/chef/validation.pem"

If these settings are correct, your validation_key may be invalid.




validation client name is the name I got from when I created organization ORG.
validation key is the from ORG-validator.

the client.rb looks like this:
log_level          :info
log_location       STDOUT
ssl_verify_mode    :verify_none
chef_server_url    "https://chef.something/organizations/ORG"
validation_client_name "ORG-validator"
file_backup_path   "/var/lib/chef/backup"
file_cache_path    "/var/cache/chef"
pid_file           "/var/run/chef/client.pid"

Mixlib::Log::Formatter.show_time = true




So how do I verify that my validator key is correct or incorrect?
How do I know if something else is broken?

openssl rsa -in ORG-validator.pem -pubout
does not match:
knife client key show ORG-validator default





Archive powered by MHonArc 2.6.16.

§