Reputation: 78254
Chef and Knife to bootstrap ec2 - OpenSSL::PKey::RSAError: private key needed.: no start line
I am a newbie trying to bootstrap and ec2 instance and nothing works with chef.
- I am using chef server
- My dev machine has a username of ubuntu. I want to keep it the same name as ubuntu for ec2.
I tried this command.
ubuntu@ubuntu:~/.chef$ knife ec2 server create -x ubuntu -r "role[testredis]" --region ap-southeast-1 -Z ap-southeast-1a -i ami-ae1a5dfc -f t1.micro -S testpem -I ~/.ec2/testpem.pem -S knife --ssh-user ubuntu
And I got the following output
ERROR: You have not provided a valid image (AMI) value. Please note the short option for this value recently changed from '-i' to '-I'.
I then tried the below.
knife bootstrap ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com -r "role[testredis]" -x ubuntu -i ~/.ec2/sg_development.pem --sudo
And I got the following output
ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com /usr/bin/knife
ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com /usr/bin/shef
ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com Successfully installed chef-0.10.8
ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com 1 gem installed
ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com [Fri, 23 Mar 2012 23:56:02 +0000] INFO: *** Chef 0.10.8 ***
ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com [Fri, 23 Mar 2012 23:56:03 +0000] INFO: Client key /etc/chef/client.pem is not present - registering
ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com [Fri, 23 Mar 2012 23:56:03 +0000] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
ec2-46-137-231-241.ap-southeast-1.compute.amazonaws.com [Fri, 23 Mar 2012 23:56:03 +0000] FATAL: OpenSSL::PKey::RSAError: private key needed.: no start line
I notice that the /etc/chef/client.pem on the ec2 instance is the pem on the dev computer where I ran the knife command.
So, what do I do? Is it node name clashing?
Upvotes: 4
Views: 6548
Answers (1)
Reputation: 1199
It looks like have a missing or malformed validation key. You need this from your chef-server or Opscode Hosted Chef account in order to register new nodes with the server. Check your config in .chef/knife.rb. You need a validation key (typically 'ORGNAME-validator.pem') and it is NOT the same as the client.pem.
http://wiki.opscode.com/display/chef/Authentication+and+Authorization
Upvotes: 6
Related Questions
- Unable to Knife Bootstrap Ubuntu Ec2 instance
- Chef node configuration issue with knife bootstrap- can't authenticate with server
- Private key could not be loaded when I run "knife client list"
- Unable to create a ec2 ubuntu instance node using chef and knife
- SSL validation failure - knife ec2 with chef 12
- knife bootstrap ip-10-185-211-254.ec2.internal -x ubuntu -i JP_Key.pem —sudo -r “role[webserver]”
- knife ec2 bootstrap is failing
- SSLError while trying to create EC2 server with knife
- bootstrapping an ubuntu ec2 instance using chef and knife
- Knife - ERROR: Must pass an FQDN or ip to bootstrap