On Thu, Jan 15, 2015 at 11:32 PM, Douglas Garstang
What is an organisation exactly?
An organization is a “tenant.” It allows different groups to use the
same Chef server but with their data logically separated from each
other such that it is like each group had its own Chef server. Users
can exist in multiple organizations.
Do I need to add the admin user, or is that automatic now?
You should use the
chef-server-ctl user-create command to create a
user for yourself. There is no default “admin” user. There is an
internal admin user of sorts called pivotal, but it is mostly an
implementation detail. The user you create with user-create is the
user you will use for all of your Chef Server API interactions.
What happens after I run these commands? Do I THEN go to the web console to
Chef Server 12 does not ship with a web console by default which is
why the command line tools were provided for user and organization
adminstration. You can install the Management Console add-on, which
is available for free up to 25 nodes.
Where do I get the validation private key from?
The validation private key will be returned from the chef-server-ctl
org-create command. If you provide the
option to this command, it will be written to the path you provide,
otherwise it will be written to stdout.
What if I want to generate a robot user that doesn’t have an email address
or a last name?
If your robot only ever needs to operate inside a single organization,
you could make a client. If you need a user so it can operate
different organizations, then you can make up a last name and email
address. I agree that it is sub-optimal that these are required.
I tried to add the admin user and was told “Response: User ‘admin’ already
exists”. So, then I tried to create the org and associate the admin user
with the admins group as the documentation says and was told “Response:
Could not find user admin”.
Unfortunately, without some more detail on the exact commands you ran
and their order, it is hard to know what is happening there. If you
have your terminal history available and are willing to share what
happened, we can probably figure out what happened. My guess is this:
When you attempted to create the admin user, you tried to use an
email address that was already in use. Email addresses must be
unique. We currently have a bug where this returns the generic
"conflict" error message. Thus, the admin user was never created,
which is why you got the “Could not find user admin” when attempting
to associate that user to the organization.
I hope this helps.