Chef vault issue


#1

while creating a chef vault, if we use -C option and many values then it is unable to recognize the private key of the node,
whereas when using -S option then also it gives the same error.

but when using these options with a single value of client then it gives no error?


#2

Please share exactly the command line you’re using to specify many nodes with the -C option.


#3

knife vault create <vault_name> -A ‘user1,user2’ -M client -C ‘name:node1name,node2name’ -J /path/xyz.json file

This does not recognizes the private key on node1 .
When used only one name in -C option then recognizes the key and in vault which was created, the client is having the name of node.


#4

Like I said, that syntax is not right.
knife vault create <vault_name> -A ‘user1,user2’ -M client -C ‘name:node1name,node2name’ -J /path/xyz.json file

should be
knife vault create <vault_name> -A ‘user1,user2’ -M client -C ‘node1name,node2name’ -J /path/xyz.json file
ie, remove the name: at the start of the -C section when you’re specifying the list of nodes. It’s not a search.


#5

@thommay what’s the exact difference between -C and -S option?


#6

-C takes a comma separated list of nodes, -S takes a search.
ie: -C nodea,nodeb,nodec or -S name:node* .


#7

@thommay though the private key is existing on node but when using
knife vault create <vault_name> -A ‘user1,user2’ -M client -C ‘node1name,node2name’ -J /path/xyz.json file

This does not recognizes the private key on node1 ?? why is this happening


#8

@thommay i am creating vault through root user but on node running the recipe as oracle user so does this make it for the cookbook to be not recognizable and it says that

vault/vault item is not encrypted with your public key. Contact an administrator of the vault item to encrypt for you!

Or is there any problem in the creation of vault