Generating a new client key for users


#1

I’m running open source chef server, trying to generate a new client key for myself using the chef web UI . After I copy the private key to ~/.chef/mhart.pem, knife complains with:

ERROR: Failed to authenticate to https://chef.cloud.arcticwolf.net as mhart with key /Users/michaelhart/.chef/mhart.pem
Response: Invalid signature for user or client ‘mhart’

On a whim I copied the original key back (this is after regenerating the key at least five times) and then knife happily works again. It seems to me that the server is generating a new key but not saving the public key anywhere.

I’m running chef server 11.0.12-1.ubuntu.12.04, knife 11.12.2. AFAIK no errors in the logs at all. I’d check https://tickets.opscode.com/ but it appears to be down.

Thoughts?

thanks
mike


Michael Hart
Arctic Wolf Networks
M: 226-388-4773


#2

And I just gave out way too much information. On a positive note, creating new accounts and generating new keys works fine. :slight_smile:

mike

Michael Hart
Arctic Wolf Networks
M: 226-388-4773

On Apr 24, 2014, at 3:18 PM, Michael Hart <michael.hart@arcticwolf.commailto:michael.hart@arcticwolf.com> wrote:

I’m running open source chef server, trying to generate a new client key for myself using the chef web UI . After I copy the private key to ~/.chef/mhart.pem, knife complains with:

ERROR: Failed to authenticate to https://chef.cloud.arcticwolf.nethttps://chef.cloud.arcticwolf.net/ as mhart with key /Users/michaelhart/.chef/mhart.pem
Response: Invalid signature for user or client ‘mhart’

On a whim I copied the original key back (this is after regenerating the key at least five times) and then knife happily works again. It seems to me that the server is generating a new key but not saving the public key anywhere.

I’m running chef server 11.0.12-1.ubuntu.12.04, knife 11.12.2. AFAIK no errors in the logs at all. I’d check https://tickets.opscode.com/ but it appears to be down.

Thoughts?

thanks
mike


Michael Hart
Arctic Wolf Networks
M: 226-388-4773


#3

its fine :slight_smile: . reset passwords.
have you tried the knife * commands? knife regenrate will create new keys
for existing clients. knife client create can do the same for new clients
(no web user). you can create client with predefined pub keys using knife raw.

btw you can use OSC and i disable chef webui ,chef-server-ctl stop/disable chef-server-webui, you can do pretty much everything using knife, if you
have chef/knife installed in your system.

On Thu, Apr 24, 2014 at 12:30 PM, Michael Hart
michael.hart@arcticwolf.comwrote:

And I just gave out way too much information. On a positive note,
creating new accounts and generating new keys works fine. :slight_smile:

mike

Michael Hart
Arctic Wolf Networks
M: 226-388-4773

On Apr 24, 2014, at 3:18 PM, Michael Hart michael.hart@arcticwolf.com
wrote:

I’m running open source chef server, trying to generate a new client key
for myself using the chef web UI . After I copy the private key to
~/.chef/mhart.pem, knife complains with:

ERROR: Failed to authenticate to https://chef.cloud.arcticwolf.net as
mhart with key /Users/michaelhart/.chef/mhart.pem
Response: Invalid signature for user or client ‘mhart’

On a whim I copied the original key back (this is after regenerating the
key at least five times) and then knife happily works again. It seems to me
that the server is generating a new key but not saving the public key
anywhere.

I’m running chef server 11.0.12-1.ubuntu.12.04, knife 11.12.2. AFAIK no
errors in the logs at all. I’d check https://tickets.opscode.com/ but it
appears to be down.

Thoughts?

thanks
mike


Michael Hart
Arctic Wolf Networks
M: 226-388-4773


#4

Thanks Ranjib, that does work. I will likely take your advice and disable the ui completely.

thanks
mike


Michael Hart
Arctic Wolf Networks
M: 226-388-4773

On Apr 24, 2014, at 3:53 PM, Ranjib Dey <dey.ranjib@gmail.commailto:dey.ranjib@gmail.com> wrote:

its fine :slight_smile: . reset passwords.
have you tried the knife * commands? knife regenrate will create new keys for existing clients. knife client create can do the same for new clients (no web user). you can create client with predefined pub keys using knife raw.

btw you can use OSC and i disable chef webui ,chef-server-ctl stop/disable chef-server-webui, you can do pretty much everything using knife, if you have chef/knife installed in your system.

On Thu, Apr 24, 2014 at 12:30 PM, Michael Hart <michael.hart@arcticwolf.commailto:michael.hart@arcticwolf.com> wrote:
And I just gave out way too much information. On a positive note, creating new accounts and generating new keys works fine. :slight_smile:

mike

Michael Hart
Arctic Wolf Networks
M: 226-388-4773tel:226-388-4773

On Apr 24, 2014, at 3:18 PM, Michael Hart <michael.hart@arcticwolf.commailto:michael.hart@arcticwolf.com> wrote:

I’m running open source chef server, trying to generate a new client key for myself using the chef web UI . After I copy the private key to ~/.chef/mhart.pem, knife complains with:

ERROR: Failed to authenticate to https://chef.cloud.arcticwolf.nethttps://chef.cloud.arcticwolf.net/ as mhart with key /Users/michaelhart/.chef/mhart.pem
Response: Invalid signature for user or client ‘mhart’

On a whim I copied the original key back (this is after regenerating the key at least five times) and then knife happily works again. It seems to me that the server is generating a new key but not saving the public key anywhere.

I’m running chef server 11.0.12-1.ubuntu.12.04, knife 11.12.2. AFAIK no errors in the logs at all. I’d check https://tickets.opscode.com/ but it appears to be down.

Thoughts?

thanks
mike


Michael Hart
Arctic Wolf Networks
M: 226-388-4773tel:226-388-4773