Knife


#1

I setup a chef server on my Centos 5.4 instance. Chef installed correctly
and the web ui was up and running. I then created a user called knife and in
the home directory of the knife user I created and in the home directory I
made a .chef/ directory. I then did

knife configure -i

Entered in the information:

Please enter the chef server URL: [localhost:4000]

Please enter a clientname for the new client: [root] knife
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client’s private key:
[/etc/chef/webui.pem] .chef/webui.pem
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem]
.chef/validation.pem
Please enter the path to a chef repository (or leave blank):* [route to my
svn repository]*
Creating initial API user…

I then ran

$ knife client list

ERROR: Chef::Exceptions::InvalidPrivateKey: The file

/home/knife/.chef/knife.pem does not contain a correctly formatted private
key.
The key file should begin with ‘-----BEGIN RSA PRIVATE KEY-----’ and end
with ‘-----END RSA PRIVATE KEY-----’

I don’t host my svn repo on Github so I don’t have a RSA private key…

Any help would be appreciated


#2

You need a client private key to authenticate your client…
You can use the webui.pem in /etc/chef or you’d have to create a client through the webui and save the private key that is reported when you first create the client.
I’m guessing that your setup doesn’t actually have a

.chef/webui.pem

On Aug 3, 2011, at 8:15 PM, Brian Jakovich b.jakovich@gmail.com wrote:

I setup a chef server on my Centos 5.4 instance. Chef installed correctly and the web ui was up and running. I then created a user called knife and in the home directory of the knife user I created and in the home directory I made a .chef/ directory. I then did

knife configure -i

Entered in the information:

Please enter the chef server URL: [localhost:4000]
Please enter a clientname for the new client: [root] knife
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client’s private key: [/etc/chef/webui.pem] .chef/webui.pem
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem
Please enter the path to a chef repository (or leave blank): [route to my svn repository]
Creating initial API user.
I then ran

$ knife client list

ERROR: Chef::Exceptions::InvalidPrivateKey: The file /home/knife/.chef/knife.pem does not contain a correctly formatted private key.
The key file should begin with ‘-----BEGIN RSA PRIVATE KEY-----’ and end with ‘-----END RSA PRIVATE KEY-----’

I don’t host my svn repo on Github so I don’t have a RSA private key…

Any help would be appreciated


#3

On Wed, Aug 3, 2011 at 5:15 PM, Brian Jakovich b.jakovich@gmail.com wrote:

I don’t host my svn repo on Github so I don’t have a RSA private key…

Chef uses RSA keypairs to authenticate clients. Running ‘knife
configure -i’ uses existing keypairs in /etc/chef created during
server startup to authenticate to create an additional client, in your
case named ‘knife’. The private key is then saved to disk and the
public key stored on the server.

$ knife client list

ERROR: Chef::Exceptions::InvalidPrivateKey: The file
/home/knife/.chef/knife.pem does not contain a correctly formatted private
key.
The key file should begin with ‘-----BEGIN RSA PRIVATE KEY-----’ and end
with ‘-----END RSA PRIVATE KEY-----’

Is there any chance you ran this command more than once? Have you
looked in /home/knife/.chef/knife.pem? Does it contain “nil”? There is
a bug [1] where if a client already exists with that name, knife
overwrites the pem file with “nil”. If this is the case, create a new
client with a different name and then use 'knife client delete knife’
to delete the broken and unused one.

[1] http://tickets.opscode.com/browse/CHEF-2344