How to log-in to chef-server and create role normally?

Chef Infra (archive)
1

Hello!

We are faced with a third party application authorization
(written in Rails) to chef-server. In particular: it is necessary to
establish the role of our application. According to the documentation we
create a POST query of the form:

{
“name”: “123”,
“chef_type”:
“role”,
“json_class”: “Chef:: Role”
}

But the server does not transmit
the request, because we are not authorized on it. We’re trying to login
(so in the documentation) on the server as:

chef_server_url =
"http://10.1.6.106:4000"
client_name = “desktop"
signing_ket_filename
= “/ etc / chef / client.pem"
rest = Chef:: REST.new (chef_server_url,
client_name, signing_ket_filename)
puts rest.get_rest (”/
clients”)

And we have nothing. Somehow we have to create a header that
will contain the signature, but it is unclear how to do it.
Question:
how to log-in to chef-server and create role normally?


Best
Regards,
Ilya

2

Yo,

Chef::REST should just work, I guess.. :slight_smile:

Take a look at these.

https://github.com/opscode/chef/blob/master/chef/lib/chef/role.rb#L326
https://github.com/opscode/chef/blob/master/chef/lib/chef/knife/role_from_file.rb

Have nice day.

--AJ

On 6 December 2011 22:47, Ilya ilya@notarikon.net wrote:

Hello!

We are faced with a third party application authorization (written in Rails)
to chef-server. In particular: it is necessary to establish the role of our
application. According to the documentation we create a POST query of the
form:

{
"name": "123",
"chef_type": "role",
"json_class": "Chef:: Role"
}

But the server does not transmit the request, because we are not authorized
on it. We're trying to login (so in the documentation) on the server as:

chef_server_url = "http://10.1.6.106:4000"
client_name = "desktop"
signing_ket_filename = "/ etc / chef / client.pem"
rest = Chef:: REST.new (chef_server_url, client_name,
signing_ket_filename)
puts rest.get_rest ("/ clients")

And we have nothing. Somehow we have to create a header that will contain
the signature, but it is unclear how to do it.
Question: how to log-in to chef-server and create role normally?

--
Best Regards,
Ilya

3

it seems that some sort of signing going on, but not substituted
for the required headers (see attached screenshot)

On Tue, 6 Dec 2011
22:55:46 +1300, AJ Christensen wrote:

Yo,

Chef::REST should
just work, I guess.. :slight_smile:

Take a look at these.

https://github.com/opscode/chef/blob/master/chef/lib/chef/role.rb#L326
[1]

https://github.com/opscode/chef/blob/master/chef/lib/chef/knife/role_from_file.rb
[2]

spice/lib/spice/role.rb at master · danryan/spice · GitHub [3]

Have nice day.

--AJ

On 6 December 2011 22:47, Ilya
wrote:

Hello! We are faced with a third party application
authorization (written in Rails) to chef-server. In particular: it is
necessary to establish the role of our application. According to the
documentation we create a POST query of the form: { "name": "123",
"chef_type": "role", "json_class": "Chef:: Role" } But the server does
not transmit the request, because we are not authorized on it. We're
trying to login (so in the documentation) on the server as:
chef_server_url = "http://10.1.6.106:4000" client_name = "desktop"
signing_ket_filename = "/ etc / chef / client.pem" rest = Chef::
REST.new (chef_server_url, client_name, signing_ket_filename) puts
rest.get_rest ("/ clients") And we have nothing. Somehow we have to
create a header that will contain the signature, but it is unclear how
to do it. Question: how to log-in to chef-server and create role
normally? -- Best Regards, Ilya

--
Best Regards,
Ilya

Links:

[1]
https://github.com/opscode/chef/blob/master/chef/lib/chef/role.rb#L326
[2]
https://github.com/opscode/chef/blob/master/chef/lib/chef/knife/role_from_file.rb
[3]

[4]
mailto:ilya@notarikon.net

4

--
Dan DeLeo

On Tuesday, December 6, 2011 at 3:22 AM, Ilya wrote:

it seems that some sort of signing going on, but not substituted for the required headers (see attached screenshot)

Here's an example using RestClient: https://github.com/opscode/chef/blob/master/chef/lib/chef/cookbook_uploader.rb#L123-139

You can also try Dan Ryan's spice: https://github.com/danryan/spice/tree/

And Chef::REST should be working, try checking Chef::REST#sign_requests? to see if the object thinks it should sign the requests.

HTH,
Dan

5

Thank you very much!
It's what we need!

Best regards,
Ilya Maltsev

On Втр, 2011-12-06 at 08:31 -0800, Daniel DeLeo wrote:

--
Dan DeLeo

On Tuesday, December 6, 2011 at 3:22 AM, Ilya wrote:

it seems that some sort of signing going on, but not substituted for
the required headers (see attached screenshot)

Here's an example using RestClient:
https://github.com/opscode/chef/blob/master/chef/lib/chef/cookbook_uploader.rb#L123-139

You can also try Dan Ryan's spice:
https://github.com/danryan/spice/tree/

And Chef::REST should be working, try checking
Chef::REST#sign_requests? to see if the object thinks it should sign
the requests.

HTH,
Dan

--
Ilya Maltsev ilya@notarikon.net

6

we want to ask about "Spice"

not be obtained using the method POST, such as

Spice.connection.post ("/ roles",: name => "awesome")

method GET (for example, Spice.connection.get ("/ clients")) runs OK.

Do not tell, what could be the problem?

On Втр, 2011-12-06 at 08:31 -0800, Daniel DeLeo wrote:

--
Dan DeLeo

On Tuesday, December 6, 2011 at 3:22 AM, Ilya wrote:

it seems that some sort of signing going on, but not substituted for
the required headers (see attached screenshot)

Here's an example using RestClient:
https://github.com/opscode/chef/blob/master/chef/lib/chef/cookbook_uploader.rb#L123-139

You can also try Dan Ryan's spice:
https://github.com/danryan/spice/tree/

And Chef::REST should be working, try checking
Chef::REST#sign_requests? to see if the object thinks it should sign
the requests.

HTH,
Dan
--
Best regards,
Ilya Maltsev

7

Spice log on POST query:

--- &id001 !str
str: "{"error":["undefined method `name' for nil:NilClass"]}"
"@args":
:method: :post
:headers:
X-Ops-Content-Hash: k34CTSdz74bNt+5p/RFtYDJsoDI=
X-Ops-Authorization-1: S8s3M7rdabSuu/hIoW/9a5RQsCpcMUi7sTLCZRWjxcb6B+Ng7RlTtPQxDbCp
X-Ops-Userid: ilya-desktop
X-Ops-Sign: version=1.0
X-Ops-Authorization-2: +deLlWM6S+CPdcDG8b/JfsGQZ8r/axjkgUlXtTbIzNKbNLyHXFK/xXzktzgJ
Content-Type: application/json
X-Ops-Authorization-3: HYBQ8GsxrU5efWTuJsDNDVgOX7CWvcuXUPQlshdcXh3Rj5BF/nT3IVIqSE3j
X-Chef-Version: 0.10.4
Content-Length: "20"
X-Ops-Authorization-4: UbCug/pbk+rhqoZjgub8xezbim6oYeCYQPdePs5PBONpkh2wcrpwxUwVEhzE
X-Ops-Authorization-5: Ri0i4SI/s/3Kl2c/DY913qh3kQIf9QZ+pZnJJFh37wJ6DOKHoeLcwyWzrpiT
Accept: application/json
X-Ops-Authorization-6: 65DZbr4SVyqT4g8JoFWcHRfid+gsQGSBXnYn5yh5XQ==
X-Ops-Timestamp: "2011-12-07T12:03:28Z"
:host: 10.1.6.106:4000
:url: http://10.1.6.106:4000/roles
:payload: "{"name":"spicehren"}"
"@code": 500
"@net_http_res": !ruby/object:Net::HTTPInternalServerError
body: *id001
body_exist: true
code: "500"
header:
connection:
- close
content-type:
- application/json; charset=utf-8
server:
- thin 1.2.4 codename Flaming Astroboy
http_version: "1.1"
message: Internal Server Error
read: true
socket:

On Втр, 2011-12-06 at 08:31 -0800, Daniel DeLeo wrote:

--
Dan DeLeo

On Tuesday, December 6, 2011 at 3:22 AM, Ilya wrote:

it seems that some sort of signing going on, but not substituted for
the required headers (see attached screenshot)

Here's an example using RestClient:
https://github.com/opscode/chef/blob/master/chef/lib/chef/cookbook_uploader.rb#L123-139

You can also try Dan Ryan's spice:
https://github.com/danryan/spice/tree/

And Chef::REST should be working, try checking
Chef::REST#sign_requests? to see if the object thinks it should sign
the requests.

HTH,
Dan
--
Best regards,
Ilya Maltsev

8

On Wednesday, December 7, 2011 at 4:05 AM, Ilya Maltsev wrote:

Spice log on POST query:

--- &id001 !str
str: "{"error":["undefined method `name' for nil:NilClass"]}"

Looks like you're missing quite a few fields in the JSON you post to the server. I'd consider it a bug that this doesn't return a 400 with a description of which fields are missing.

Anyway, you can play with this stuff in shef:

chef > new_role = Chef::Role.new
=> role
chef > new_role.name("my-new-role")
=> "my-new-role"
chef > new_role.to_json
=> "{"name":"my-new-role","description":"","json_class":"Chef::Role","default_attributes":{},"override_attributes":{},"chef_type":"role","run_list":,"env_run_lists":{}}"

--
Dan DeLeo

9

Hello! Thank you.
And how to send this json? we don't understand, sorry.

On Срд, 2011-12-07 at 09:01 -0800, Daniel DeLeo wrote:

On Wednesday, December 7, 2011 at 4:05 AM, Ilya Maltsev wrote:

Spice log on POST query:

--- &id001 !str
str: "{"error":["undefined method `name' for nil:NilClass"]}"

Looks like you're missing quite a few fields in the JSON you post to the server. I'd consider it a bug that this doesn't return a 400 with a description of which fields are missing.

Anyway, you can play with this stuff in shef:

chef > new_role = Chef::Role.new
=> role
chef > new_role.name("my-new-role")
=> "my-new-role"
chef > new_role.to_json
=> "{"name":"my-new-role","description":"","json_class":"Chef::Role","default_attributes":{},"override_attributes":{},"chef_type":"role","run_list":,"env_run_lists":{}}"

--
Best regards,
Ilya Maltsev

10

issue has been resolved! everything was very simple :

new_role.save

it's all!

Thank you very much for your help!

On Thu,
08 Dec 2011 10:36:38 +0400, Ilya Maltsev wrote:

Hello! Thank you.

And how to send this json? we don't understand, sorry.

On Срд,
2011-12-07 at 09:01 -0800, Daniel DeLeo wrote:

On Wednesday,
December 7, 2011 at 4:05 AM, Ilya Maltsev wrote:

Spice log on
POST query:

--- &id001 !str
str: "{"error":["undefined
method `name' for nil:NilClass"]}"

Looks like you're missing
quite a few fields in the JSON you post to the server. I'd consider it a
bug that this doesn't return a 400 with a description of which fields
are missing.

Anyway, you can play with this stuff in shef:

chef > new_role = Chef::Role.new
=> role
chef >
new_role.name("my-new-role")
=> "my-new-role"
chef >
new_role.to_json
=>
"{"name":"my-new-role","description":"","json_class":"Chef::Role","default_attributes":{},"override_attributes":{},"chef_type":"role","run_list":,"env_run_lists":{}}"

--
Best regards,
Ilya Maltsev

--
Best Regards,
Ilya Maltsev