401 error while doing validatorless bootstrap


I am trying validatorless bootstrap first time with chef client version 13.6.4.
I am manualy trying to bootstrap using user data.

Here is my client.rb

chef_server_url 'https://X.X.X.X/organizations/q73
client_key 'C:\chef\ops.pem’
node_name 'chefwindows’
ssl_verify_mode :verify_none

where node_name is the hostname of the client VM. I keep getting the following error

Starting Chef Client, version 13.6.4

Chef encountered an error attempting to load the node data for “chefwindows”

Authentication Error:

Failed to authenticate to the chef server (http 401).

Server Response:

Failed to authenticate as ‘chefwindows’. Ensure that your node_name and client key are correct.

Relevant Config Settings:

chef_server_url "https://X.X.X.X/organizations/q73"
node_name "chefwindows"
client_key “C:\chef\ops.pem”

If these settings are correct, your client_key may be invalid, or
you may have a chef user with the same client name as this node.

System Info:

ruby=ruby 2.4.2p198 (2017-09-14 revision 59899) [x64-mingw32]

However as I change node_name to ops (same as client key name) it works. But this is not the way it should work I can have multiple chef client bootstrapped to the same chef server using the same client key. I am not sure what am I missing here.


Each client generates a key that can only be used by that client. What I think you want is called a validator which allows the node to connect to chef and allow the client specific keys to be generated. You will likely want to remove the validator key from the node as soon as you have bootstrapped.

The following links might be of value: