Reputation: 8096
Knife command failing to authenticate
I have created a setup as below, and for all this I am using Amazon EC2:
An ubuntu server 12.04 ion which I have a Chef server installed and knife configured. This is working perfectly fine, I am able to run the knife commands and it is giving me expected results.
Another similar ubuntu server I am trying to use it as a chef client. Installed chef and configured the client. Also, installed knife on the client. I know this is installed properly because after installation I ran the command
knife --version
I got the output
Chef: 10.16.2
Now I have configured the knife.rb file. The contents are as follows: log_level :info log_location STDOUT node_name 'knife' cache_type 'BasicFile' cache_options( :path => "~/.chef/checksums" ) client_key '~/.chef/clientkey.pem'
cookbook_path [ "~/mychefrepo/cookbooks" ]
cookbook_copyright "example org"
cookbook_email "[email protected]"
cookbook_license "apachev2"
chef_server_url "http://ip-11-213-23-99:4000"
validation_key "~/.chef/validation.pem"
After the configuration If I run the knife command
knife client list
I get the following error:
ERROR: Failed to authenticate to http://ip-11-213-23-99:4000 as client1 with key /etc/chef/clientkeys.pem
I would request you to please clear my following doubts:
- Is it mandatory to keep the clientkey.pem on the chef server too? If yes then at what location?
- Is there any specific location where I need to keep the pem file on chef client?
- What am I doing wrong?
Upvotes: 2
Views: 7739
Answers (2)
Reputation: 334
When you bootstrap the client from server it creates client.pem there. or even when you run chef-client on client itself it creates client.pem. This file you need to copy on server node. Again you have to provide the path into knife.rb which available in /chef-repo/.chef
- Yes it is neccassary to copy it.
- Anywhere on server node but oly thing is that you have to provide that location in knife.rb
Upvotes: 0
Reputation: 550
Your client exists on the chef-server appropriately? I believe it will be called 'knife' as this is your node_name.
http://ip-11-213-23-99:4040/clients
The client pem key does get registered with the server as you can see via the server-webui by going to the clients tab on the server. The key is stored in CouchDB. This value gets here when you perform a chef-client run with the server.
The value of the supplied pem key has to match the stored pem shown in the client view for the 'node_name' you supplied. Is that the case?
The client key itself can be stored anywhere.
Upvotes: 1
Related Questions
- knife client list failed to authenticate to {server_url} as chef-user with key {key}
- Knife bootstrap error - Successful authentication but not authorized for this action
- Why am I getting an authentification ERROR message after "knife cookbook list" in the chef "upload a cookbook tutorial?"
- Chef node configuration issue with knife bootstrap- can't authenticate with server
- Chef knife issue with ssh command
- Unable to run 'chef-client' from 'workstation' by knife ssh
- Chef knife create failing to create an API user
- Running Knife with --node-name tries to authenticate with that node_name
- knife configure -i fails
- Error when configure knife with open source chef server