Chef 12 setup, stuck at adding admin user - not authorized for this action

Hi All,

I’m setting up a Chef 12 server on freshly started RedHat 7.1 server on AWS.

My setup looks like that:
yum-config-manager --enable rhui-REGION-rhel-server-optional
yum install ntp Package ruby rubygems ruby-devel wget screen nano telnet mlocate
setenforce Permissive
mkdir /root/chef
cd chef
rpm -Uhv chef-server-core-12.2.0-1.el6.x86_64.rpm
chef-server-ctl reconfigure ( this doesn’t produce any errors )

And then:
[root@ip-10-60-200-83 ~]# chef-server-ctl user-create admin Admin User Test123 -f admin.pem
ERROR: You authenticated successfully to as pivotal but you are not authorized for this action
/opt/opscode/embedded/lib/ruby/2.1.0/net/http/response.rb:325:in stream_check': undefined methodclosed?’ for nil:NilClass (NoMethodError)
from /opt/opscode/embedded/lib/ruby/2.1.0/net/http/response.rb:199:in read_body' from /opt/opscode/embedded/lib/ruby/2.1.0/net/http/response.rb:226:inbody’
from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/lib/chef/knife.rb:499:in rescue in format_rest_error' from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/lib/chef/knife.rb:497:informat_rest_error’
from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/lib/chef/knife.rb:453:in humanize_http_exception' from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/lib/chef/knife.rb:418:inhumanize_exception’
from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/lib/chef/knife.rb:409:in rescue in run_with_pretty_exceptions' from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/lib/chef/knife.rb:400:inrun_with_pretty_exceptions’
from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/lib/chef/knife.rb:203:in run' from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/lib/chef/application/knife.rb:142:inrun’
from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.0.current.0/bin/knife:25:in <top (required)>' from /opt/opscode/embedded/bin/knife:23:inload’
from /opt/opscode/embedded/bin/knife:23:in `’

[root@ip-10-60-200-83 ~]# chef-server-ctl status
run: bookshelf: (pid 6351) 1740s; run: log: (pid 5957) 2083s
run: nginx: (pid 9417) 1523s; run: log: (pid 6133) 2079s
run: oc_bifrost: (pid 6392) 1739s; run: log: (pid 5687) 2090s
run: oc_id: (pid 6428) 1739s; run: log: (pid 5700) 2089s
run: opscode-erchef: (pid 6463) 1738s; run: log: (pid 6011) 2082s
run: opscode-expander: (pid 6528) 1737s; run: log: (pid 5886) 2085s
run: opscode-expander-reindexer: (pid 6576) 1737s; run: log: (pid 5909) 2084s
run: opscode-solr4: (pid 6626) 1735s; run: log: (pid 5779) 2087s
run: postgresql: (pid 6639) 1735s; run: log: (pid 5628) 2091s
run: rabbitmq: (pid 6668) 1735s; run: log: (pid 5585) 2092s
run: redis_lb: (pid 8860) 1565s; run: log: (pid 6129) 2080s
[root@ip-10-60-200-83 ~]#

I have re provisioned the RedHat server twice now and I get the same.
Any feedback appreciated. Thanks!

Ok, so I’ll reply to myself in hope that I help someone else having the problem.

This has happen because our Amazon network environment is locked down and all http and https traffic allowed via squid.
Therefore as part of system provisioning we’re adding export https_proxy=http://proxy.server:8080 and export http_proxy=http://proxy.server:8080 to /etc/profile.
This is then picked up by chef-server-ctl and messes up the connection to a localhost chef server.

I suppose it be helpful if the chef-server-ctl displayed that it is using given proxy.

My team is doing some work to improve ease of use with proxies, I’ve pointed this out to my colleague. I wonder if localhost should always (or at least by default) be in the noproxy list?

I just had the same problem, and the comments said to wipe the server, and reinstall. I did, but still had the same issue. It turned out, I had to run it using sudo, even though I’m not using sudo?

cd ~/chef-repo

sudo chef-server-ctl user-create admin chef admin **** --filename admin.pem


I’ve opened which adds the local lb vip to the no_proxy config. I think it is sensible for most users.