How to recover the pivotal user in Chef12?


#1

Hello,

I can’t find a way to solve my issue so I’m posting here.
I’ve installed chef12 from scratch and created some users using (replacing
by good values of source):

root@chef-server# chef-server-ctl user-create USER_NAME FIRST_NAME
LAST_NAME EMAIL PASSWORD -f USER_NAME.pem -o ORGANIZATION
root@chef-server# chef-server-ctl org-user-add ORGANIZATION USER_NAME
–admin

And then, I deleted the initial ‘pivotal’ user thinking that I did not
need it anymore using:

chef-server-ctl user-delete pivotal

But now I can’t create any more users or do any operations:

root@chef-server# chef-server-ctl user-list
ERROR: Failed to authenticate to https://127.0.0.1:443 as pivotal with key
/etc/opscode/pivotal.pem
Response: Failed to authenticate as ‘pivotal’. Ensure that your node_name
and client key are correct.

And if I try with the key I created earlier: permission error (though as
admin I thought I could do it).
Same thing with the original admin user:

root@chef-server:~# chef-server-ctl user-list -V -u admin -k
/etc/chef-server/admin.pem
INFO: Using configuration from /etc/opscode/pivotal.rb
INFO: HTTP Request Returned 403 Forbidden: error
ERROR: You authenticated successfully to https://127.0.0.1:443 as admin
but you are not authorized for this action

Any idea on how to restore this pivotal user ?

Thanks
Fanny


#2

Your best bet is to recover from a backup or nuke and pave :frowning: Since Pivotal is the first user, I think it’s bootstrapped by inserting directly into the database. Also it owns many things in the authorization database (separate DB) which would be very difficult to manually repair.


Daniel DeLeo

On Wednesday, September 16, 2015 at 3:58 PM, Fanny Strudel wrote:

Hello,

I can’t find a way to solve my issue so I’m posting here.
I’ve installed chef12 from scratch and created some users using (replacing
by good values of source):

root@chef-server# chef-server-ctl user-create USER_NAME FIRST_NAME
LAST_NAME EMAIL PASSWORD -f USER_NAME.pem -o ORGANIZATION
root@chef-server# chef-server-ctl org-user-add ORGANIZATION USER_NAME
–admin

And then, I deleted the initial ‘pivotal’ user thinking that I did not
need it anymore using:

chef-server-ctl user-delete pivotal

But now I can’t create any more users or do any operations:

root@chef-server# chef-server-ctl user-list
ERROR: Failed to authenticate to https://127.0.0.1:443 as pivotal with key
/etc/opscode/pivotal.pem
Response: Failed to authenticate as ‘pivotal’. Ensure that your node_name
and client key are correct.

And if I try with the key I created earlier: permission error (though as
admin I thought I could do it).
Same thing with the original admin user:

root@chef-server:~# chef-server-ctl user-list -V -u admin -k
/etc/chef-server/admin.pem
INFO: Using configuration from /etc/opscode/pivotal.rb
INFO: HTTP Request Returned 403 Forbidden: error
ERROR: You authenticated successfully to https://127.0.0.1:443 as admin
but you are not authorized for this action

Any idea on how to restore this pivotal user ?

Thanks
Fanny


#3

Not that hard to recover, actually. Someone’s done it and posted instructions: https://github.com/chef/chef-server/issues/544#issuecomment-142966484