Knife setup problem


#1

Hi,

I’m trying to setup knife but I run in a ‘cannot read .pem file’

The first thing I’m trying to do is to get a API Key for knife:

gilles:.chef gilles$ knife client create gilles -f ~/.chef/gilles.pem -l debug
ERROR: Failed to read the private key /Users/gilles/.chef/gilles.pem:
#<Errno::ENOENT: No such file or directory -
/Users/gilles/.chef/gilles.pem>,
/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:in
read'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:inload_signing_key’/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:49:in
initialize'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/api_client.rb:231:innew’/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/api_client.rb:231:in
save'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/knife/client_create.rb:47:inrun’/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/application/knife.rb:110:in
run'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/bin/knife:26/usr/bin/knife:19:inload’/usr/bin/knife:19
/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:63:in
load_signing_key': I cannot read /Users/gilles/.chef/gilles.pem, which you told me to use to sign requests! (Chef::Exceptions::PrivateKeyMissing) from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:49:ininitialize’
from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/api_client.rb:231:in
new' from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/api_client.rb:231:insave’
from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/knife/client_create.rb:47:in
run' from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/application/knife.rb:110:inrun’
from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/bin/knife:26
from /usr/bin/knife:19:in `load’
from /usr/bin/knife:19

The command is prompting me with
{
“public_key”: null,
“name”: “gilles”,
“json_class”: “Chef::ApiClient”,
“admin”: false,
“chef_type”: “client”
}

-> I don’t really know what to set here, I tried different input for
public_key with the same result.

This is my knife.rb file
log_level :info
log_location STDOUT
node_name 'gilles’
client_key '/Users/gilles/.chef/gilles.pem’
validation_client_name 'chef-validator’
validation_key '/Users/gilles/.chef/validation.pem’
chef_server_url ‘http://chefserver:4000
cache_type ‘BasicFile’
cache_options( :path => ‘/Users/gilles/.chef/checksums’ )
cookbook_path [ ‘/Users/gilles/Sites/chef/cookbooks’,
’/Users/gilles/Sites/chef/site-cookbooks’ ]

the validation key is the one created during chef-server install and I
can register chef-clients without problems.

chef rubygem is 0.8.4

Do I need to setup the dev box as a chef-client for knife to work?

Any other idea?

Thanks

–Gilles


#2

Hi Gilles,

I think the problem is that the -f flag for that command specifies where to put the key file belonging to the client that you just created when it’s done. So your configuration says “use ~/.chef/gilles.pem to authenticate” but the file doesn’t exist yet. For an initial user creation you need to use the validation key, but it doesn’t do that by default. When I create a new knife user, here is the command I use:

knife client create billybob -f path/to/save/billybob.pem -u chef-validator -k path/to/validation.pem

So the -u says “run this command as this user” and the -k says “and use this key to sign the request”. It looks like you have the validation.pem already so I think if you pass that in, you should be set. One thing to remember is that you probably want to set your knife user to be an admin. You can do this by editing the JSON that pops up, or by specifying --admin as an option to the command. You could even pass --no-editor to create an admin user without popping up EDITOR.

Hope that fixes things for you!

– Eric

-----Original Message-----
From: Gilles Devaux [mailto:gilles.devaux@gmail.com]
Sent: Tuesday, March 02, 2010 5:24 PM
To: chef@lists.opscode.com
Subject: [chef] knife setup problem

Hi,

I’m trying to setup knife but I run in a ‘cannot read .pem file’

The first thing I’m trying to do is to get a API Key for knife:

gilles:.chef gilles$ knife client create gilles -f ~/.chef/gilles.pem -l debug
ERROR: Failed to read the private key /Users/gilles/.chef/gilles.pem:
#<Errno::ENOENT: No such file or directory - /Users/gilles/.chef/gilles.pem>,
/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:in
read'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:inload_signing_key’/Library/Ruby/Gems/1.8/gems/chef-
0.8.4/lib/chef/rest.rb:49:in
initialize'/Library/Ruby/Gems/1.8/gems/chef- 0.8.4/lib/chef/api_client.rb:231:innew’/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/api_client.rb:231:in
save'/Library/Ruby/Gems/1.8/gems/chef- 0.8.4/lib/chef/knife/client_create.rb:47:inrun’/Library/Ruby/Gems/1.8/gems/chef-
0.8.4/lib/chef/application/knife.rb:110:in
run'/Library/Ruby/Gems/1.8/gems/chef- 0.8.4/bin/knife:26/usr/bin/knife:19:inload’/usr/bin/knife:19
/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:63:in
load_signing_key': I cannot read /Users/gilles/.chef/gilles.pem, which you told me to use to sign requests! (Chef::Exceptions::PrivateKeyMissing) from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:49:ininitialize’
from /Library/Ruby/Gems/1.8/gems/chef-
0.8.4/lib/chef/api_client.rb:231:in
new' from /Library/Ruby/Gems/1.8/gems/chef- 0.8.4/lib/chef/api_client.rb:231:insave’
from /Library/Ruby/Gems/1.8/gems/chef-
0.8.4/lib/chef/knife/client_create.rb:47:in
run' from /Library/Ruby/Gems/1.8/gems/chef- 0.8.4/lib/chef/application/knife.rb:110:inrun’
from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/bin/knife:26
from /usr/bin/knife:19:in `load’
from /usr/bin/knife:19

The command is prompting me with
{
“public_key”: null,
“name”: “gilles”,
“json_class”: “Chef::ApiClient”,
“admin”: false,
“chef_type”: “client”
}

-> I don’t really know what to set here, I tried different input for
public_key with the same result.

This is my knife.rb file
log_level :info
log_location STDOUT
node_name 'gilles’
client_key '/Users/gilles/.chef/gilles.pem’
validation_client_name ‘chef-validator’
validation_key ‘/Users/gilles/.chef/validation.pem’
chef_server_url ‘http://chefserver:4000
cache_type ‘BasicFile’
cache_options( :path => ‘/Users/gilles/.chef/checksums’ ) cookbook_path [
’/Users/gilles/Sites/chef/cookbooks’,
’/Users/gilles/Sites/chef/site-cookbooks’ ]

the validation key is the one created during chef-server install and I can
register chef-clients without problems.

chef rubygem is 0.8.4

Do I need to setup the dev box as a chef-client for knife to work?

Any other idea?

Thanks

–Gilles

This e-mail message and any attachments may contain confidential, proprietary or non-public information. This information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this e-mail, please notify the sender immediately and destroy this e-mail. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this e-mail are those of the author personally.


#3

Ahhhhhh “-u chef-validator -k path/to/validation.pem”

I thought knife would use the same flow as chef-client, if personal .pem is not there then send the validation.pem but you actually have to do it.

Works now.

Thanks a lot

–Gilles

On Mar 3, 2010, at 6:50 AM, Eric Hankins wrote:

Hi Gilles,

I think the problem is that the -f flag for that command specifies where to put the key file belonging to the client that you just created when it’s done. So your configuration says “use ~/.chef/gilles.pem to authenticate” but the file doesn’t exist yet. For an initial user creation you need to use the validation key, but it doesn’t do that by default. When I create a new knife user, here is the command I use:

knife client create billybob -f path/to/save/billybob.pem -u chef-validator -k path/to/validation.pem

So the -u says “run this command as this user” and the -k says “and use this key to sign the request”. It looks like you have the validation.pem already so I think if you pass that in, you should be set. One thing to remember is that you probably want to set your knife user to be an admin. You can do this by editing the JSON that pops up, or by specifying --admin as an option to the command. You could even pass --no-editor to create an admin user without popping up EDITOR.

Hope that fixes things for you!

– Eric

-----Original Message-----
From: Gilles Devaux [mailto:gilles.devaux@gmail.com]
Sent: Tuesday, March 02, 2010 5:24 PM
To: chef@lists.opscode.com
Subject: [chef] knife setup problem

Hi,

I’m trying to setup knife but I run in a ‘cannot read .pem file’

The first thing I’m trying to do is to get a API Key for knife:

gilles:.chef gilles$ knife client create gilles -f ~/.chef/gilles.pem -l debug
ERROR: Failed to read the private key /Users/gilles/.chef/gilles.pem:
#<Errno::ENOENT: No such file or directory - /Users/gilles/.chef/gilles.pem>,
/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:in
read'/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:60:inload_signing_key’/Library/Ruby/Gems/1.8/gems/chef-
0.8.4/lib/chef/rest.rb:49:in
initialize'/Library/Ruby/Gems/1.8/gems/chef- 0.8.4/lib/chef/api_client.rb:231:innew’/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/api_client.rb:231:in
save'/Library/Ruby/Gems/1.8/gems/chef- 0.8.4/lib/chef/knife/client_create.rb:47:inrun’/Library/Ruby/Gems/1.8/gems/chef-
0.8.4/lib/chef/application/knife.rb:110:in
run'/Library/Ruby/Gems/1.8/gems/chef- 0.8.4/bin/knife:26/usr/bin/knife:19:inload’/usr/bin/knife:19
/Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:63:in
load_signing_key': I cannot read /Users/gilles/.chef/gilles.pem, which you told me to use to sign requests! (Chef::Exceptions::PrivateKeyMissing) from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/lib/chef/rest.rb:49:ininitialize’
from /Library/Ruby/Gems/1.8/gems/chef-
0.8.4/lib/chef/api_client.rb:231:in
new' from /Library/Ruby/Gems/1.8/gems/chef- 0.8.4/lib/chef/api_client.rb:231:insave’
from /Library/Ruby/Gems/1.8/gems/chef-
0.8.4/lib/chef/knife/client_create.rb:47:in
run' from /Library/Ruby/Gems/1.8/gems/chef- 0.8.4/lib/chef/application/knife.rb:110:inrun’
from /Library/Ruby/Gems/1.8/gems/chef-0.8.4/bin/knife:26
from /usr/bin/knife:19:in `load’
from /usr/bin/knife:19

The command is prompting me with
{
“public_key”: null,
“name”: “gilles”,
“json_class”: “Chef::ApiClient”,
“admin”: false,
“chef_type”: “client”
}

-> I don’t really know what to set here, I tried different input for
public_key with the same result.

This is my knife.rb file
log_level :info
log_location STDOUT
node_name 'gilles’
client_key '/Users/gilles/.chef/gilles.pem’
validation_client_name ‘chef-validator’
validation_key ‘/Users/gilles/.chef/validation.pem’
chef_server_url ‘http://chefserver:4000
cache_type ‘BasicFile’
cache_options( :path => ‘/Users/gilles/.chef/checksums’ ) cookbook_path [
’/Users/gilles/Sites/chef/cookbooks’,
’/Users/gilles/Sites/chef/site-cookbooks’ ]

the validation key is the one created during chef-server install and I can
register chef-clients without problems.

chef rubygem is 0.8.4

Do I need to setup the dev box as a chef-client for knife to work?

Any other idea?

Thanks

–Gilles

This e-mail message and any attachments may contain confidential, proprietary or non-public information. This information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this e-mail, please notify the sender immediately and destroy this e-mail. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this e-mail are those of the author personally.