Chef 11.8 API - 403 "Forbidden" (Net::HTTPServerException)

Hi All :slight_smile:

I am currently trying to delete nodes through API once they will be
terminated (autoscaling instances in AWS).

Code:

require ‘chef’
Chef::Config.from_file(’/etc/chef/client.rb’)
client_name = ENV[‘HOSTNAME’]
rest = Chef::REST.new(Chef::Config[:chef_server_url],client_name)
node_name = 'x’
node_deleted = rest.get_rest("/nodes/" + node_name)
node_deleted.destroy
puts “deleted node: " + node_name
client_deleted = rest.get_rest(”/clients/" + node_name)
client_deleted.destroy
puts "deleted client: " + node_name

During invocation I get:

/opt/chef-server/embedded/lib/ruby/1.9.1/net/http.rb:2633:in `error!’: 403
"Forbidden" (Net::HTTPServerException)

I am using chef open source 11.8 and I understand that I can:

  1. change in the web interface the client to admin=true?

  2. add some permissions for the client so that he will be able to delete
    nodes from /nodes endpoint?

  3. is a manual action and I would like to automate this. For chef 11.8
    actions such as chef-server-ctl user-edit (
    https://docs.chef.io/ctl_chef_server.html) are not available. Is there an
    automated way to change admin=false to admin=true for the node?

  4. I did not manage to find any usable docs about this.

Are there any other solutions? Can anyone help with 1) or 2)?

Thanks!

BR,
Rafal.

On Thursday, March 5, 2015 at 4:42 AM, Rafał Radecki wrote:

Hi All :slight_smile:

I am currently trying to delete nodes through API once they will be terminated (autoscaling instances in AWS).

Code:

require 'chef'
Chef::Config.from_file('/etc/chef/client.rb')
client_name = ENV['HOSTNAME']
rest = Chef::REST.new(Chef::Config[:chef_server_url],client_name)
node_name = 'x'
node_deleted = rest.get_rest("/nodes/" + node_name)
node_deleted.destroy
puts "deleted node: " + node_name
client_deleted = rest.get_rest("/clients/" + node_name)
client_deleted.destroy
puts "deleted client: " + node_name

During invocation I get:

/opt/chef-server/embedded/lib/ruby/1.9.1/net/http.rb:2633:in `error!': 403 "Forbidden" (Net::HTTPServerException)

I am using chef open source 11.8 and I understand that I can:

  1. change in the web interface the client to admin=true?

  2. add some permissions for the client so that he will be able to delete nodes from /nodes endpoint?

  3. is a manual action and I would like to automate this. For chef 11.8 actions such as chef-server-ctl user-edit (chef-server-ctl (executable)) are not available. Is there an automated way to change admin=false to admin=true for the node?
    The main pages on docs track the latest version. For Chef Server, this is 12.x which has the authorization system that used to be only in the proprietary enterprise chef server. You can see older versions here: http://docs.chef.io/releases.html

  1. I did not manage to find any usable docs about this.

Are there any other solutions? Can anyone help with 1) or 2)?
You can use knife client edit from a client with admin privileges to give another client admin privileges.

Thanks!

BR,
Rafal.

--
Daniel DeLeo