CODEWITHSUNDEEP
chef-infraknife
DirtyMikeAndTheBoys
DirtyMikeAndTheBoys

Reputation: 1077

Chef PEM file invalid or mis-named?

My sytem username is myuser but I'm trying to bootstrap machines with a chef-validator.pem and then a blah.pem file, and getting the following error message:

ERROR: Failed to authenticate to https://mychef01 as blah with key
/etc/chef/blah.pem.
Response: Invalid signature for user or client 'blah'

Does this mean that the blah.pem file is invalid, or does it mean that it needs to match my system username (so, myuser.pem)? Either way, what is the root problem and what is the fix?

Upvotes: 7

Views: 14227

Answers (7)

Kurt
Kurt

Reputation: 1394

I had the same error Response: Invalid signature for user or client 'blah' after kicking off a kitchen test but had a different solution.

I had made a mistake, my Policyfile.rb contained a default_source section that pointed at a different CHEF server org than was set to currently active.

default_source :chef_server, 'https://chef.awesome.com/organizations/bacon' do |s|
  s.preferred_for 'chef-client', 'cron', 'apt'
end

And my currently active knife profile required a different pem file than the org that contained my preferred source for some of the resources.

Upvotes: 0

Lakshmikandan
Lakshmikandan

Reputation: 4619

Make sure the pem files copy from Chef Server to Workstation machine,

chef-server-ctl user-create USERNAME FIRSTNAME LASTNAME [email protected] 'password' --filename ~/.chef/user-chef.pem

chef-server-ctl org-create ORG_NAME "orgname" --association_user USERNAME --filename ~/.chef/org-chef.pem

Once copied those *.pem files to the workstation, configure in ruby file config.rb

node_name                'node_name'
client_key               "user-chef.pem"

The value for node_name should be the USERNAME that was created on the Chef server.

Change user-chef.pem under client_key to reflect your .pem file for your user.

Upvotes: 0

Neeraj Kumar
Neeraj Kumar

Reputation: 7501

You will need to select the Users tab from left sidebar and it will show you the your username over there.

Then you need to click on Gear icon from right section and click on Reset Key. It will generate a private key for you which you need to keep in your .chef directory with the name <username>.pem. Keep the same config in your knife.rb file too. For example

client_key               "#{current_dir}/<username>.pem"

Upvotes: -1

Erikson Bahr
Erikson Bahr

Reputation: 36

I've gotten the same issue. In my case I was generating the key from the left sidebar and getting the same issue. But when I clicked in the user line "Gear"(action column), and then clicked in reset key to download it again (and place it poperly in the .chef directory), then it worked fine.

Other thing that may happened is that your .pem file is not correctly referenced in the knife.rb file

Hope that helps

Upvotes: 0

ICas
ICas

Reputation: 197

From the Administration tab in chef name-validator.pem is generated from Organization level, while name.pem is generated from the User level. You may not have generated the user level pem yet.

Upvotes: 5

user1321759
user1321759

Reputation: 1744

Go in https://api.chef.io/organizations

Administration tab. Go to Users menu. Generate a new key. Then go to Organitations menu item and generate a new knie and new key validator. Run it again.

Upvotes: -2

Lokesh Jangir
Lokesh Jangir

Reputation: 169

This is the issue with client key. I also faced this issue. I regenerated the key for user and added to {user}.pem file and it worked for me.

Upvotes: 3

Related Questions