I am using vagrant's chef_client provisioner with my org's validator.pem
As 'vagrant up' nears the end of the chef-client load, I get ERROR: 403 "Forbidden".
cat /var/chef/cache/chef-stacktrace.out
Generated at 2018-02-01 18:55:55 +0000
Net::HTTPServerException: 403 "Forbidden"
/opt/chef/embedded/lib/ruby/2.4.0/net/http/response.rb:122:in error!' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/http.rb:152:in
request'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/http.rb:123:in put' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/node.rb:596:in
save'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/client.rb:590:in save_updated_node' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/client.rb:755:in
converge_and_save'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/client.rb:286:in run' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application.rb:292:in
block in fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application.rb:280:in fork' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application.rb:280:in
fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application.rb:245:in block in run_chef_client' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/local_mode.rb:44:in
with_server_connectivity'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application.rb:233:in run_chef_client' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application/client.rb:469:in
sleep_then_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application/client.rb:458:in block in interval_run_chef_client' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application/client.rb:457:in
loop'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application/client.rb:457:in interval_run_chef_client' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application/client.rb:441:in
run_application'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/lib/chef/application.rb:59:in run' /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.7.16/bin/chef-client:26:in
<top (required)>'
/bin/chef-client:59:in `load'
- open-source chef-server used here.
- The node-file with attributes is pre-loaded by administrator-user;
- I understand validator identity is not admin role.
Is the 403 occurring because validator has no privie?
Or, does the node assume another idenity that is not privied?
Is there an administrative technique available to grant privies to overwrite the node?