Knife configure (chef 12)

Chef Infra (archive)
1

Hello,

In chef 11, when I executed “knife configure —initial” on workstation,
copied from below pem files from chef server.

  • /etc/chef-server/admin.pm
  • /etc/chef-server/chef-validator.pem

But In chef 12, there are not these pem files.
Which pem file can I use when I execute “knife configure —initial” on workstation?

[Chef Workstation]# knife configure --initial
WARNING: No knife configuration file found
Where should I put the config file? [/root/.chef/knife.rb]
Please enter the chef server URL: [https://xxx:443] https://x.x.x.x:443
Please enter a name for the new user: [root]
Please enter the existing admin name: [admin]
Please enter the location of the existing admin’s private key: [/etc/chef-server/admin.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem]
Please enter the path to a chef repository (or leave blank): /root/chef-repo
Creating initial API user…
Please enter a password for the new user:
ERROR: Your private key could not be loaded from /etc/chef-server/admin.pem
Check your configuration file and ensure that your private key is readable

[Chef Workstation]# find /opt/chefdk -name “*.pem” | egrep “admin|valid”
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/support/dummy-validation.pem
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/berkshelf-3.1.5/spec/config/validator.pem
/opt/chefdk/embedded/apps/test-kitchen/support/dummy-validation.pem
/opt/chefdk/embedded/apps/berkshelf/spec/config/validator.pem

[Chef Server]# find /etc/{chef,opscode} -name “*.pem”
/etc/opscode/worker-private.pem
/etc/opscode/worker-public.pem
/etc/opscode/webui_priv.pem
/etc/opscode/webui_pub.pem
/etc/opscode/pivotal.pem

I installed knife-solo by following command on workstation.

chef gem install knife-solo

Version:

  • chef-server-core-12.0.0_rc.4-1.el5.x86_64
  • chefdk-0.3.0-1.x86_64
  • knife-solo (0.4.2)

Thank you.


idzzy

2

On Monday, October 6, 2014 at 9:15 PM, idzzy wrote:

Hello,

In chef 11, when I executed “knife configure —initial” on workstation,
copied from below pem files from chef server.

  • /etc/chef-server/admin.pm
  • /etc/chef-server/chef-validator.pem

But In chef 12, there are not these pem files.
Which pem file can I use when I execute “knife configure —initial” on workstation?

A similar issue just came up on the list: chef - [chef] Chef Open Source Sever 12 RC

With Chef 12 server, users can be admins (or not) in multiple organizations independently, so you need to create an organization and a user to be admin of it first, then you can add new users.

--
Daniel DeLeo

3

Hello,

Thank you Daniel.

I’ve already created organization and user and could login to Chef-Manage.

I got knife.rb by executing “Generate Knife Config in Organizations Menu”.
I’ll put this file in ~/.chef/ on workstation.
But where can I get user.pem and organization-validator.pem?

current_dir = File.dirname(FILE)
log_level :info
log_location STDOUT
node_name "idey"
client_key "#{current_dir}/user.pem"
validation_client_name “organization-validator"
validation_key "#{current_dir}/organization-validator.pem"
chef_server_url "https://host/organizations/organization"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]

I can see public file of user by this command. but this is just public key.

chef-server-ctl user-show user

Is there manual/document somewhere which is described this kind of procedure?
I still cannot find it...

Thank you.


idzzy

On October 7, 2014 at 1:25:57 PM, Daniel DeLeo (dan@kallistec.com) wrote:

On Monday, October 6, 2014 at 9:15 PM, idzzy wrote:

Hello,

In chef 11, when I executed “knife configure —initial” on workstation,
copied from below pem files from chef server.

  • /etc/chef-server/admin.pm
  • /etc/chef-server/chef-validator.pem

But In chef 12, there are not these pem files.
Which pem file can I use when I execute “knife configure —initial” on workstation?

A similar issue just came up on the list: chef - [chef] Chef Open Source Sever 12 RC

With Chef 12 server, users can be admins (or not) in multiple organizations independently, so you need to create an organization and a user to be admin of it first, then you can add new users.

--
Daniel DeLeo

4

From the "manage" interface, if you click "download starter kit", you
get a zipfile containing a .chef directory that has the keys you need.

Also, to update the info from yesterday: there is a workaround if you
don't want to install the webui and are doing all operations from the
server prompt. You just create the org first and then the user (see
the conversation on the bug at
https://github.com/opscode/opscode-omnibus/issues/534#issuecomment-58186003)

In that situation, the org and user keys are printed on stdout when
you create them.

  • Julian

On Tue, Oct 7, 2014 at 1:39 AM, idzzy idezebi@gmail.com wrote:

Hello,

Thank you Daniel.

I’ve already created organization and user and could login to Chef-Manage.

I got knife.rb by executing “Generate Knife Config in Organizations Menu”.
I’ll put this file in ~/.chef/ on workstation.
But where can I get user.pem and organization-validator.pem?

current_dir = File.dirname(FILE)
log_level :info
log_location STDOUT
node_name "idey"
client_key "#{current_dir}/user.pem"
validation_client_name “organization-validator"
validation_key "#{current_dir}/organization-validator.pem"
chef_server_url "https://host/organizations/organization"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]

I can see public file of user by this command. but this is just public key.

chef-server-ctl user-show user

Is there manual/document somewhere which is described this kind of
procedure?
I still cannot find it...

Thank you.


idzzy

On October 7, 2014 at 1:25:57 PM, Daniel DeLeo (dan@kallistec.com) wrote:

On Monday, October 6, 2014 at 9:15 PM, idzzy wrote:

Hello,

In chef 11, when I executed “knife configure —initial” on workstation,
copied from below pem files from chef server.

  • /etc/chef-server/admin.pm
  • /etc/chef-server/chef-validator.pem

But In chef 12, there are not these pem files.
Which pem file can I use when I execute “knife configure —initial” on
workstation?

A similar issue just came up on the list:
http://lists.opscode.com/sympa/arc/chef/2014-10/msg00048.html

With Chef 12 server, users can be admins (or not) in multiple organizations
independently, so you need to create an organization and a user to be admin
of it first, then you can add new users.

--
Daniel DeLeo

--
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

5

Hello,

Thank you Julian.

I’ve already installed chef-manage and using UI.
I could access chef-server from knife-solo by using the “starter kit”.

When I pushed the button [Download Starter Kit], following messages was displayed.
So I could not make sure wether the keys should be RESET or not.

"Your user and organization keys will be reset. Are you sure you want to do this?"

Thanks for giving me the advice about such kind of basic question.


idzzy

On October 8, 2014 at 5:53:36 AM, Julian C. Dunn (jdunn@aquezada.com) wrote:

From the "manage" interface, if you click "download starter kit", you
get a zipfile containing a .chef directory that has the keys you need.

Also, to update the info from yesterday: there is a workaround if you
don't want to install the webui and are doing all operations from the
server prompt. You just create the org first and then the user (see
the conversation on the bug at
https://github.com/opscode/opscode-omnibus/issues/534#issuecomment-58186003)

In that situation, the org and user keys are printed on stdout when
you create them.

  • Julian

On Tue, Oct 7, 2014 at 1:39 AM, idzzy idezebi@gmail.com wrote:

Hello,

Thank you Daniel.

I’ve already created organization and user and could login to Chef-Manage.

I got knife.rb by executing “Generate Knife Config in Organizations Menu”.
I’ll put this file in ~/.chef/ on workstation.
But where can I get user.pem and organization-validator.pem?

current_dir = File.dirname(FILE)
log_level :info
log_location STDOUT
node_name "idey"
client_key "#{current_dir}/user.pem"
validation_client_name “organization-validator"
validation_key "#{current_dir}/organization-validator.pem"
chef_server_url "https://host/organizations/organization"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]

I can see public file of user by this command. but this is just public key.

chef-server-ctl user-show user

Is there manual/document somewhere which is described this kind of
procedure?
I still cannot find it...

Thank you.


idzzy

On October 7, 2014 at 1:25:57 PM, Daniel DeLeo (dan@kallistec.com) wrote:

On Monday, October 6, 2014 at 9:15 PM, idzzy wrote:

Hello,

In chef 11, when I executed “knife configure —initial” on workstation,
copied from below pem files from chef server.

  • /etc/chef-server/admin.pm
  • /etc/chef-server/chef-validator.pem

But In chef 12, there are not these pem files.
Which pem file can I use when I execute “knife configure —initial” on
workstation?

A similar issue just came up on the list:
chef - [chef] Chef Open Source Sever 12 RC

With Chef 12 server, users can be admins (or not) in multiple organizations
independently, so you need to create an organization and a user to be admin
of it first, then you can add new users.

--
Daniel DeLeo

--
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

6

On Tue, Oct 7, 2014 at 10:30 PM, idzzy idezebi@gmail.com wrote:

Hello,

Thank you Julian.

I’ve already installed chef-manage and using UI.
I could access chef-server from knife-solo by using the “starter kit”.

When I pushed the button [Download Starter Kit], following messages was
displayed.
So I could not make sure wether the keys should be RESET or not.

"Your user and organization keys will be reset. Are you sure you want to do
this?"

Thanks for giving me the advice about such kind of basic question.

Assuming you've just installed the server & nobody else is using it,
yes, it's safe to reset those keys in order to get the starter kit.

Unsure why you've installed knife-solo; you don't need it if you're
interacting with a server.

  • Julian

--
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

7

Hello,

Thank you Julian for the reply.
On October 8, 2014 at 1:28:55 PM, Julian C. Dunn (jdunn@aquezada.com) wrote:

Assuming you’ve just installed the server & nobody else is using it,
yes, it’s safe to reset those keys in order to get the starter kit.

Understood.

Unsure why you’ve installed knife-solo; you don’t need it if you’re
interacting with a server.

It’s for adding node to chef-server and apply recipes from workstation remotely by CLI.
chef-manage is for checking and confining current state on web browser.
I’m not familiar with this procedure of chef12.

Thank you.


idzzy

8

On Wed, Oct 8, 2014 at 1:06 AM, idzzy idezebi@gmail.com wrote:

On October 8, 2014 at 1:28:55 PM, Julian C. Dunn (jdunn@aquezada.com) wrote:

Unsure why you've installed knife-solo; you don't need it if you're
interacting with a server.

It’s for adding node to chef-server and apply recipes from workstation
remotely by CLI.
chef-manage is for checking and confining current state on web browser.
I’m not familiar with this procedure of chef12.

You can just bootstrap a machine directly with knife and don't need
"knife-solo" to do this, if you are interacting with a Chef server.

http://learn.getchef.com/rhel/bootstrap-your-node/ will teach you how
to do this (there are also variants on that site for Windows and
Ubuntu if you use those OSes)

  • Julian

--
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

9

Hi,

On October 8, 2014 at 2:14:06 PM, Julian C. Dunn (jdunn@aquezada.com) wrote:

You can just bootstrap a machine directly with knife and don’t need
"knife-solo" to do this, if you are interacting with a Chef server.

http://learn.getchef.com/rhel/bootstrap-your-node/ will teach you how
to do this (there are also variants on that site for Windows and
Ubuntu if you use those OSes)

My description in previous mail was a little bit wrong.
Yes, I’ll do “knife solo cook {host}” after bootstrap.

Anyway Thanks a lot;)


idzzy