Creating organizations using CHEF::REST

Hello,

I’m trying to access the CHEF::REST API to interact with the Chef
server and I must be missing something as the behavior is quite odd.

Im executing this code:

#-----------------
require 'rubygems’
require 'chef/config’
require 'chef/log’
require ‘chef/rest’

chef_server_url = 'http://127.0.0.1
client_name = 'webui’
signing_key_filename = ‘/etc/opscode/webui_priv.pem’

rest = Chef::REST.new(chef_server_url, client_name, signing_key_filename)

puts rest.get_rest(’/organizations/asdf/users/admin’)
puts rest.get_rest(’/organizations/asdf/clients’)
puts rest.get_rest(’/organizations/asdf/users’)
puts rest.get_rest(’/organizations/asdf/nodes’)
puts rest.get_rest(’/organizations/asdf’)

data = {“username” => “admin”, “password” => “4dm1n1str4t0r” }
rest.post_rest(‘authenticate_user’, data)

data = {“name” => “fdsa”, “full_name” => “asdf” }
rest.post_rest(‘organizations’, data)
#-----------------

Now, the thing is how to configure correctly the client_name/key in
order to have them working properly?
How this client should be configured correctly?

Depending on the client/key Im getting 401, 403 or empty outputs.

Thanks!

On Monday, September 14, 2015 at 6:45 AM, Carlos Camacho wrote:

Hello,

I'm trying to access the CHEF::REST API to interact with the Chef
server and I must be missing something as the behavior is quite odd.

Im executing this code:

#-----------------
require 'rubygems'
require 'chef/config'
require 'chef/log'
require 'chef/rest'

chef_server_url = 'http://127.0.0.1'
client_name = 'webui'
signing_key_filename = '/etc/opscode/webui_priv.pem'

This isn’t what you want. The webui key enables a special handling of authentication where you can impersonate any user (this is how you can log in with your username and password, and the webui can make requests to the API server as you). You need to use the pivotal key for these kinds of requests. Though I suppose you could theoretically set the client name to pivotal and use the webui key, but this requires a special header, so it’s more work.

rest = Chef::REST.new(chef_server_url, client_name, signing_key_filename)

puts rest.get_rest('/organizations/asdf/users/admin')
puts rest.get_rest('/organizations/asdf/clients')
puts rest.get_rest('/organizations/asdf/users')
puts rest.get_rest('/organizations/asdf/nodes')
puts rest.get_rest('/organizations/asdf')

data = {"username" => "admin", "password" => "4dm1n1str4t0r" }
rest.post_rest('authenticate_user', data)

data = {"name" => "fdsa", "full_name" => "asdf" }
rest.post_rest('organizations', data)
#-----------------

Now, the thing is how to configure correctly the client_name/key in
order to have them working properly?
How this client should be configured correctly?

Depending on the client/key Im getting 401, 403 or empty outputs.

Thanks!
I’d recommend using the code in knife-opc as a reference: GitHub - chef-boneyard/knife-opc: Knife plugin for managing Chef Server Organizations

--
Daniel DeLeo

Thanks a lot for the info.

Now I'm able to use the pivotal client as an actor or the current user
in the old Chef Server Web UI.

I am able to log-in, logout and get the environments using a default
organization name.

I wanted to do a simple test case to see if was easy to adapt the old
web interface to Chef 12.

I think in a few weeks I can have it fully working (I'm doing it
because I like the old interface).

I will let you know then if you want to check-it, test-it or review the code.

Cheers,

Carlos.

On Mon, Sep 14, 2015 at 7:54 PM, Daniel DeLeo dan@kallistec.com wrote:

On Monday, September 14, 2015 at 6:45 AM, Carlos Camacho wrote:

Hello,

I'm trying to access the CHEF::REST API to interact with the Chef
server and I must be missing something as the behavior is quite odd.

Im executing this code:

#-----------------
require 'rubygems'
require 'chef/config'
require 'chef/log'
require 'chef/rest'

chef_server_url = 'http://127.0.0.1'
client_name = 'webui'
signing_key_filename = '/etc/opscode/webui_priv.pem'

This isn’t what you want. The webui key enables a special handling of authentication where you can impersonate any user (this is how you can log in with your username and password, and the webui can make requests to the API server as you). You need to use the pivotal key for these kinds of requests. Though I suppose you could theoretically set the client name to pivotal and use the webui key, but this requires a special header, so it’s more work.

rest = Chef::REST.new(chef_server_url, client_name, signing_key_filename)

puts rest.get_rest('/organizations/asdf/users/admin')
puts rest.get_rest('/organizations/asdf/clients')
puts rest.get_rest('/organizations/asdf/users')
puts rest.get_rest('/organizations/asdf/nodes')
puts rest.get_rest('/organizations/asdf')

data = {"username" => "admin", "password" => "4dm1n1str4t0r" }
rest.post_rest('authenticate_user', data)

data = {"name" => "fdsa", "full_name" => "asdf" }
rest.post_rest('organizations', data)
#-----------------

Now, the thing is how to configure correctly the client_name/key in
order to have them working properly?
How this client should be configured correctly?

Depending on the client/key Im getting 401, 403 or empty outputs.

Thanks!
I’d recommend using the code in knife-opc as a reference: GitHub - chef-boneyard/knife-opc: Knife plugin for managing Chef Server Organizations

--
Daniel DeLeo

Why not just learn to love the new web interface? It seems like it would be
such a burden to cling onto the old one and spend a bunch of effort both
now and in the future as new versions of Chef are released to keep the old
web interface working. Just my 2 cents :slight_smile:

Greg

On Tue, Sep 15, 2015 at 8:11 AM, Carlos Camacho <
carlos.camacho@frontiersin.org> wrote:

Thanks a lot for the info.

Now I'm able to use the pivotal client as an actor or the current user
in the old Chef Server Web UI.

I am able to log-in, logout and get the environments using a default
organization name.

I wanted to do a simple test case to see if was easy to adapt the old
web interface to Chef 12.

I think in a few weeks I can have it fully working (I'm doing it
because I like the old interface).

I will let you know then if you want to check-it, test-it or review the
code.

Cheers,

Carlos.

On Mon, Sep 14, 2015 at 7:54 PM, Daniel DeLeo dan@kallistec.com wrote:

On Monday, September 14, 2015 at 6:45 AM, Carlos Camacho wrote:

Hello,

I'm trying to access the CHEF::REST API to interact with the Chef
server and I must be missing something as the behavior is quite odd.

Im executing this code:

#-----------------
require 'rubygems'
require 'chef/config'
require 'chef/log'
require 'chef/rest'

chef_server_url = 'http://127.0.0.1'
client_name = 'webui'
signing_key_filename = '/etc/opscode/webui_priv.pem'

This isn’t what you want. The webui key enables a special handling of
authentication where you can impersonate any user (this is how you can log
in with your username and password, and the webui can make requests to the
API server as you). You need to use the pivotal key for these kinds of
requests. Though I suppose you could theoretically set the client name to
pivotal and use the webui key, but this requires a special header, so it’s
more work.

rest = Chef::REST.new(chef_server_url, client_name,
signing_key_filename)

puts rest.get_rest('/organizations/asdf/users/admin')
puts rest.get_rest('/organizations/asdf/clients')
puts rest.get_rest('/organizations/asdf/users')
puts rest.get_rest('/organizations/asdf/nodes')
puts rest.get_rest('/organizations/asdf')

data = {"username" => "admin", "password" => "4dm1n1str4t0r" }
rest.post_rest('authenticate_user', data)

data = {"name" => "fdsa", "full_name" => "asdf" }
rest.post_rest('organizations', data)
#-----------------

Now, the thing is how to configure correctly the client_name/key in
order to have them working properly?
How this client should be configured correctly?

Depending on the client/key Im getting 401, 403 or empty outputs.

Thanks!
I’d recommend using the code in knife-opc as a reference:
GitHub - chef-boneyard/knife-opc: Knife plugin for managing Chef Server Organizations

--
Daniel DeLeo