Chef private key needed

mastarke · April 5, 2016, 5:57pm

Hi all,

I am trying to add my chef client to my chef server I am getting these errors I am not sure how to resolve them. Any help would be appreciated

[xr-vm_node0_RSP0_CPU0:/etc/chef]$knife ssl fetch
WARNING: Certificates from snmp-tools.cisco.com will be fetched and placed in your trusted_cert
directory (/etc/chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for snmp-tools.cisco.com in /etc/chef/trusted_certs/snmp-tools_cisco_com.crt
[xr-vm_node0_RSP0_CPU0:/etc/chef]$knife ssl check
Connecting to host snmp-tools.cisco.com:443
Successfully verified certificates from `snmp-tools.cisco.com’

[xr-vm_node0_RSP0_CPU0:/etc/chef]$knife client list
cisco-validator
router6

ERROR I AM GETTING :

[xr-vm_node0_RSP0_CPU0:/etc/chef]$chef-client --once -j /etc/chef/init.json
[2016-04-05T17:09:30+00:00] INFO: Forking chef instance to converge…
Starting Chef Client, version 12.4.1
[2016-04-05T17:09:30+00:00] INFO: *** Chef 12.4.1 ***
[2016-04-05T17:09:30+00:00] INFO: Chef-client pid: 55995
Creating a new client identity for xr-vm_node0_RSP0_CPU0 using the validator key.
[2016-04-05T17:09:32+00:00] INFO: Client key /etc/chef/client.pem is not present - registering
[2016-04-05T17:09:32+00:00] WARN: Failed to read the private key /etc/chef/validation.pem: #<Errno::ENOENT: No such file or directory @ rb_sysopen - /etc/chef/validation.pem>

================================================================================
Chef encountered an error attempting to create the client “xr-vm_node0_RSP0_CPU0”

Private Key Not Found:

Your private key could not be loaded. If the key file exists, ensure that it is
readable by chef-client.

Relevant Config Settings:

validation_key “/etc/chef/validation.pem”

Running handlers:
[2016-04-05T17:09:32+00:00] ERROR: Running exception handlers
Running handlers complete
[2016-04-05T17:09:32+00:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 1.278861104 seconds
[2016-04-05T17:09:32+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2016-04-05T17:09:32+00:00] ERROR: I cannot read /etc/chef/validation.pem, which you told me to use to sign requests!
[2016-04-05T17:09:32+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
[xr-vm_node0_RSP0_CPU0:/etc/chef]$knife ssl fetch

tiagobevilaqua · April 7, 2016, 1:27pm

Mastarke,

The validation_key is your organization key. And when you create the organization with the chef-server-ctl org-create command, it allows you to redirect the private key to a file with the --filename parameter.

If you use the Chef Manage GUI to create the organization, it displays the private key and also allows you to download it, saying that the private key is NOT stored anywhere on the server.

So, if you lost your key, I think that you will need to recreate your organization.

Regards,

Topic		Replies	Views
Windows chef clients not registering with server Chef Infra (archive)	5	349	November 29, 2011
SSL Cert Error Chef Infra (archive)	4	394	March 27, 2015
Struggling mightily with SSL on Windows Chef Infra (archive)	3	1237	November 16, 2016
Private CA Server / SSL Error Chef Infra (archive)	2	648	May 3, 2019
Need help with ERROR: OpenSSL::PKey::RSAError: private key needed Chef Infra (archive)	0	782	November 6, 2014

Chef private key needed

================================================================================ Chef encountered an error attempting to create the client “xr-vm_node0_RSP0_CPU0”

Private Key Not Found:

Relevant Config Settings:

Related topics

================================================================================
Chef encountered an error attempting to create the client “xr-vm_node0_RSP0_CPU0”