Knife Bootstrap Authentication Error


#1

Hello everyone,

I am a noob to chef and I had an issues right off the bat. I’m trying to add a new node but I am getting an error.

knife bootstrap server01.acmecomputers.com --ssh-user root --ssh-password ‘MyPassword’ --node-name server01

Authentication Error:

Failed to authenticate to the chef server (http 401).

Server Response:

Failed to authenticate as ‘acmecomputers’. Ensure that your node_name and client key are correct.

So my question is about the above error message. When it states that the command failed to authenticate as ‘acmecomputers’, is chef attempting to use ‘acmecomputers’ as a user? I’m passing my root user name and root password, to connect to server01 from my chef server.

Can someone give a brief explanation of how this process works and what I should be looking at to correct this?

Operating systems is CentOS 7.

chef -v
Chef Development Kit Version: 2.5.3
chef-client version: 13.8.5
delivery version: master (73ebb72a6c42b3d2ff5370c476be800fee7e5427)
berks version: 6.3.1
kitchen version: 1.20.0
inspec version: 1.51.21

Thanks,

Clay


#2

Did you get your user “starter kit” from the chef server already? If that’s greek…. You need to download an auth key from the chef server to validate yourself as having rights to add/manage nodes on the server (same like using private key pair auth for ssh connections, etc.). The knife.rb need to point to this private key, the chef server where its valid, and the appropriate organization on the chef server.

Regards,
Dan-Joe Lopez

Proprietor


#3

So I was able to run knife ssl check and that was successful. But I am still unable to run the bootstrap on the remote server. Do I need to install a client on the remote server? Is there any reason I should not use the same server as my chef workstation and chef server? I get 401 error when attempting to login to the chef manage webpage.


#4

There is no need to install a client on remote server. Bootstraping does this automatically.

Please verify the following configuration.

  1. Verify you have the correct values in your knife.rb file, especially for the node_name and client_key settings.

  2. Check if the file referenced in the client_key setting (usually USER.pem) exists. Some common locations include:

    ~/.chef
    ~/projects/current_project/.chef
    /etc/chef

If one is present, verify that it has the correct read permissions.


#5

I was able to make this work!

At the top of the output from the knife bootstrap command reads: “Delete your validation key in order to use your user credentials”

So that is what I did. In my ~/.chef directory, I deleted the acmecomputers-validator.pem key file.

Then reran the knife bootstrap command using the IP address and without the password so as to prompt for a password like this: knife bootstrap 172.10.9.61 -x root -N ‘server01’

And all is well!


#6

Did not know that the Chef Manage web console cost money. Never mind.