Reputation: 165
Any way to generate and get validation key from chef server?
Currently I'm quite new to Chef. I have install Chef server. But I wish to knife bootstrap from my workstation to Chef Server. But it appear to have error that private key could not be loaded. I'm not too sure where to get the Private key and chef-validate.pem .
All using command line, so I quite lost now.
After I have state the 1st part to get the validation key,
chef-server-ctl user-create user_name first_name last_name email password
it shown ERROR: Your private key could not be loaded from /etc/opscode/pivotal.pem
Upvotes: 3
Views: 23346
Answers (6)
Reputation: 31
You have to be root to execute the chef-server-ctl user-create command. Have a look here: https://docs.chef.io/install_server.html#standalone
Upvotes: 2
Reputation: 35368
This worked for me in an 12.x Chef Server.
knife client delete --delete-validators org-validator
knife client create org-validator --validator -f file_roots/chef-client/files/chef-validator-linode.pem
Upvotes: 0
Reputation: 367
For /etc/opscode/pivotal.pem is missing error use following command.
cp /opt/opscode/embedded/service/omnibus-ctl/spec/fixtures/pivotal.pem /etc/opscode/
Upvotes: 1
Reputation: 1
I faced the same error few months back. The pivotal user pem key is stored at "/opt/opscode/embedded/service/omnibus-ctl/spec/fixtures/pivotal.pem" location. Just copy it to /etc/opscode.
It will work.
Upvotes: 0
Reputation: 695
you'll need to create an organization next you'll need to create a user and associate him to the org
then:
Log into the chef server
Create a user for yourself
Download starter kit (or regenerate it)
Use admin user to add yourself to the org.
Then bootstrap :)
Then you will be able to bootstrap nodes to the org using the validation key.
$ chef-server-ctl user-create user_name first_name last_name email password --filename FILE_NAME
$ chef-server-ctl org-create short_name "full_organization_name" --association_user user_name --filename ORGANIZATION-validator.pem
Upvotes: 0
Reputation: 15784
The validation key should be on your server under /etc/chef-server
You'll have to run a knife configure on your workstation with access to the validation key.
Once that done you'll be able to do a knife bootstrap of any other node which will install chef-client and make a client.rb with the informations from your knife.rb file.
See this doc for the configure command of knife.
Edit after comment:
Documentation on the steps neede on chef 12 is here
Brief quote you have to:
chef-server-ctl user-create user_name first_name last_name email password which will return the rsa key for the user which will be you validation key at end
chef-server-ctl org-create short_name full_organization_name --association_user user_name To create your organization and associate the previous user as the validation user to be used later for registering users/nodes etc.
Upvotes: 0
Related Questions
- Chef clients and validators
- How to pass ssl_verify_mode option to chef-client.exe
- Where can i find public key of specific node on chef server?
- Chef chef-validator.pem security
- Add authorize keys for users via chef
- Validatorless Bootstraps in chef 12.2.0
- Best practice for distributing chef validation key
- Using ssh key scan in a chef recipe
- Is there a non-interactive way to regenerate OSS chef 11 validator key?
- Chef 11 Regenerate validation key