chef solo - Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!


#1

Hi,

I am running chef solo based on this wiki. I am new to chef solo.

http://wiki.opscode.com/display/chef/Chef+Solo

I get this error… What did I miss fro the wiki?

sudo chef-solo -c ~/workspace/htChef/chef-repo/solo/solo.rb -j
~/workspace/htChef/chef-repo/solo/node.json
[2012-10-11T22:03:21+08:00] INFO: *** Chef 10.14.4 ***
[2012-10-11T22:03:21+08:00] INFO: Setting the run_list to
[“recipe[ht_server]”] from JSON
[2012-10-11T22:03:21+08:00] INFO: Run List is [recipe[ht_server]]
[2012-10-11T22:03:21+08:00] INFO: Run List expands to [ht_server]
[2012-10-11T22:03:21+08:00] INFO: Starting Chef Run for ubuntu
[2012-10-11T22:03:21+08:00] INFO: Running start handlers
[2012-10-11T22:03:21+08:00] INFO: Start handlers complete.
[2012-10-11T22:03:21+08:00] WARN: Failed to read the private key
/etc/chef/client.pem: #<Errno::ENOENT: No such file or directory -
/etc/chef/client.pem>
[2012-10-11T22:03:21+08:00] ERROR: Running exception handlers
[2012-10-11T22:03:21+08:00] ERROR: Exception handlers complete
[2012-10-11T22:03:21+08:00] FATAL: Stacktrace dumped to
/var/chef-solo/chef-stacktrace.out
[2012-10-11T22:03:21+08:00] FATAL:
Chef::Exceptions::PrivateKeyMissing: I cannot read
/etc/chef/client.pem, which you told me to use to sign requests!

Thanks


#2

I don’t know why chef-solo would be looking for the client.pem. That
should only be needed if you were running chef-client to connect to a chef
server. Can we see your solo.rb contents?

On Thu, Oct 11, 2012 at 10:36 AM, David Montgomery <
davidmontgomery@gmail.com> wrote:

Hi,

I am running chef solo based on this wiki. I am new to chef solo.

http://wiki.opscode.com/display/chef/Chef+Solo

I get this error… What did I miss fro the wiki?

sudo chef-solo -c ~/workspace/htChef/chef-repo/solo/solo.rb -j
~/workspace/htChef/chef-repo/solo/node.json
[2012-10-11T22:03:21+08:00] INFO: *** Chef 10.14.4 ***
[2012-10-11T22:03:21+08:00] INFO: Setting the run_list to
[“recipe[ht_server]”] from JSON
[2012-10-11T22:03:21+08:00] INFO: Run List is [recipe[ht_server]]
[2012-10-11T22:03:21+08:00] INFO: Run List expands to [ht_server]
[2012-10-11T22:03:21+08:00] INFO: Starting Chef Run for ubuntu
[2012-10-11T22:03:21+08:00] INFO: Running start handlers
[2012-10-11T22:03:21+08:00] INFO: Start handlers complete.
[2012-10-11T22:03:21+08:00] WARN: Failed to read the private key
/etc/chef/client.pem: #<Errno::ENOENT: No such file or directory -
/etc/chef/client.pem>
[2012-10-11T22:03:21+08:00] ERROR: Running exception handlers
[2012-10-11T22:03:21+08:00] ERROR: Exception handlers complete
[2012-10-11T22:03:21+08:00] FATAL: Stacktrace dumped to
/var/chef-solo/chef-stacktrace.out
[2012-10-11T22:03:21+08:00] FATAL:
Chef::Exceptions::PrivateKeyMissing: I cannot read
/etc/chef/client.pem, which you told me to use to sign requests!

Thanks


#3

I do have hosted chef but I just want to bootstrap my local machine
with recipes. Can I just knife bootstrap 106.187.95.170 -x root -P
temp --sudo -r “role[monitor_server]” -E local -N localhost

Or should i use chef solo. What is best practice here?

Thanks

file_cache_path "/var/chef-solo"
cookbook_path "/home/ubuntu/workspace/htChef/chef-repo/cookbooks"
data_bag_path "/home/ubuntu/workspace/htChef/chef-repo/data_bags/ht_data_bag/ht.json"
environment “local”

On Fri, Oct 12, 2012 at 12:14 AM, Jeremiah Snapp
jeremiah.snapp@gmail.com wrote:

I don’t know why chef-solo would be looking for the client.pem. That should
only be needed if you were running chef-client to connect to a chef server.
Can we see your solo.rb contents?

On Thu, Oct 11, 2012 at 10:36 AM, David Montgomery
davidmontgomery@gmail.com wrote:

Hi,

I am running chef solo based on this wiki. I am new to chef solo.

http://wiki.opscode.com/display/chef/Chef+Solo

I get this error… What did I miss fro the wiki?

sudo chef-solo -c ~/workspace/htChef/chef-repo/solo/solo.rb -j
~/workspace/htChef/chef-repo/solo/node.json
[2012-10-11T22:03:21+08:00] INFO: *** Chef 10.14.4 ***
[2012-10-11T22:03:21+08:00] INFO: Setting the run_list to
[“recipe[ht_server]”] from JSON
[2012-10-11T22:03:21+08:00] INFO: Run List is [recipe[ht_server]]
[2012-10-11T22:03:21+08:00] INFO: Run List expands to [ht_server]
[2012-10-11T22:03:21+08:00] INFO: Starting Chef Run for ubuntu
[2012-10-11T22:03:21+08:00] INFO: Running start handlers
[2012-10-11T22:03:21+08:00] INFO: Start handlers complete.
[2012-10-11T22:03:21+08:00] WARN: Failed to read the private key
/etc/chef/client.pem: #<Errno::ENOENT: No such file or directory -
/etc/chef/client.pem>
[2012-10-11T22:03:21+08:00] ERROR: Running exception handlers
[2012-10-11T22:03:21+08:00] ERROR: Exception handlers complete
[2012-10-11T22:03:21+08:00] FATAL: Stacktrace dumped to
/var/chef-solo/chef-stacktrace.out
[2012-10-11T22:03:21+08:00] FATAL:
Chef::Exceptions::PrivateKeyMissing: I cannot read
/etc/chef/client.pem, which you told me to use to sign requests!

Thanks


#4

I wonder if somehow chef-solo is getting confused by your hosted chef
configuration. That’s just speculation and since that’s all I have to
offer I’ll just hope someone more knowledgeable has something to offer
about your error.

It seems like the decision between managing your local machine with
chef-client or using chef-solo is just up to you. Hosted chef with
chef-client of course keeps the cookbooks and config off your local machine
so it’s easy to replace your local machine and use chef to configure it
like your old machine if you ever wanted to.

If you wanted to use chef-client to manage your local machine I don’t think
you’d need to bootstrap chef since you already have chef installed on your
local machine right? I think you would just need to have the hosted chef
validation key and run chef-client the first time with “-K
validation_key_path” to register your machine with the chef server. That
assumes you have other parameters (chef server url) configured correctly in
client.rb.

I hope that’s at least somewhat helpful.

Jeremiah

On Thu, Oct 11, 2012 at 12:39 PM, David Montgomery <
davidmontgomery@gmail.com> wrote:

I do have hosted chef but I just want to bootstrap my local machine
with recipes. Can I just knife bootstrap 106.187.95.170 -x root -P
temp --sudo -r “role[monitor_server]” -E local -N localhost

Or should i use chef solo. What is best practice here?

Thanks

file_cache_path "/var/chef-solo"
cookbook_path “/home/ubuntu/workspace/htChef/chef-repo/cookbooks"
data_bag_path
”/home/ubuntu/workspace/htChef/chef-repo/data_bags/ht_data_bag/ht.json"
environment “local”

On Fri, Oct 12, 2012 at 12:14 AM, Jeremiah Snapp
jeremiah.snapp@gmail.com wrote:

I don’t know why chef-solo would be looking for the client.pem. That
should
only be needed if you were running chef-client to connect to a chef
server.
Can we see your solo.rb contents?

On Thu, Oct 11, 2012 at 10:36 AM, David Montgomery
davidmontgomery@gmail.com wrote:

Hi,

I am running chef solo based on this wiki. I am new to chef solo.

http://wiki.opscode.com/display/chef/Chef+Solo

I get this error… What did I miss fro the wiki?

sudo chef-solo -c ~/workspace/htChef/chef-repo/solo/solo.rb -j
~/workspace/htChef/chef-repo/solo/node.json
[2012-10-11T22:03:21+08:00] INFO: *** Chef 10.14.4 ***
[2012-10-11T22:03:21+08:00] INFO: Setting the run_list to
[“recipe[ht_server]”] from JSON
[2012-10-11T22:03:21+08:00] INFO: Run List is [recipe[ht_server]]
[2012-10-11T22:03:21+08:00] INFO: Run List expands to [ht_server]
[2012-10-11T22:03:21+08:00] INFO: Starting Chef Run for ubuntu
[2012-10-11T22:03:21+08:00] INFO: Running start handlers
[2012-10-11T22:03:21+08:00] INFO: Start handlers complete.
[2012-10-11T22:03:21+08:00] WARN: Failed to read the private key
/etc/chef/client.pem: #<Errno::ENOENT: No such file or directory -
/etc/chef/client.pem>
[2012-10-11T22:03:21+08:00] ERROR: Running exception handlers
[2012-10-11T22:03:21+08:00] ERROR: Exception handlers complete
[2012-10-11T22:03:21+08:00] FATAL: Stacktrace dumped to
/var/chef-solo/chef-stacktrace.out
[2012-10-11T22:03:21+08:00] FATAL:
Chef::Exceptions::PrivateKeyMissing: I cannot read
/etc/chef/client.pem, which you told me to use to sign requests!

Thanks