I’m trying to automate the addition of chef nodes to the chef server.
Cloud-init is running a script that downloads an admin user’s pem file from
an S3 bucket, generates a new node’s json file and adds the node with the
knife command, ie:
knife node from file /tmp/somenewnode.json -c /tmp/knife.rb
That works fine. I can see the new node on the chef server. After that,
another script downloaded from S3 is creating /etc/chef/client.rb file for
the new node, like so:
When I run the chef-client I get a message:
Failed to authenticate to the chef server (http 401).
Invalid signature for user or client ‘chef-validator’
What am I missing here? I’ve confirmed the validator key is correct. I’m
making sure to remove both the node and the client from the chef server
before running (as I know that having an existing client cert on the server
will break it). Is this something to do with the trusted_certs thing? How
is that supposed to work?