Trying to get knife ssh to work. In interactive mode if I try chef-client
(or sudo chef-client) I see a very verbose message which boils down to:
Failed to read the private key /etc/chef/client.pem:
*
* I cannot read /etc/chef/client.pem, which you told me to use to sign
requests! (Chef::Exceptions::PrivateKeyMissing)
I’m a bit confused by this. If I ssh into the box and open the
/etc/chef/client.pem, I see that a key is present. It appears that the
server isn’t allowed to read it’s own key.
Did I miss something up here? Is there documentation on this?
On Sunday, February 20, 2011 at 6:14 PM, Joshua Jarboe wrote:
Good evening,
Trying to get knife ssh to work. In interactive mode if I try chef-client (or sudo chef-client) I see a very verbose message which boils down to:
Failed to read the private key /etc/chef/client.pem:
I cannot read /etc/chef/client.pem, which you told me to use to sign requests! (Chef::Exceptions::PrivateKeyMissing)
I'm a bit confused by this. If I ssh into the box and open the /etc/chef/client.pem, I see that a key is present. It appears that the server isn't allowed to read it's own key.
Did I miss something up here? Is there documentation on this?
Can you provide more detail on what you're doing? What knife command are you running from your workstation? What happens if you ssh in to the remote node (the old fashioned way) and run chef-client? Is there anything notable missing from your environment if you run ssh REMOTEBOX env vs. sshing in and then running env?
Good evening,
Trying to get knife ssh to work. In interactive mode if I try chef-client
(or sudo chef-client)
Well, which is it?
knife ssh, which relies on correct settngs in ~/.chef/knife.rb onyourworkstation, or chef-client, which lives on the client-side
(usually a server, just not chef server) and reads
/etc/chef/client.rb on that box?
I believe he is using knife ssh to invoke chef-client. I used a similar
method on 0.8.6 without problems, but have since replaced the knife ssh
component (with the help of Chef Infra (archive)), not because it didn't work, but because
other options provide more flexibility (control over responses, variability
in actions taken). However, in most cases, knife ssh will do the trick.
The error he posted appears to be from the chef-client invocation, which
aligns with what he stated.
Good evening,
Trying to get knife ssh to work. In interactive mode if I try
chef-client
(or sudo chef-client)
Well, which is it?
knife ssh, which relies on correct settngs in ~/.chef/knife.rb onyourworkstation, or chef-client, which lives on the client-side
(usually a server, just not chef server) and reads
/etc/chef/client.rb on that box?
Re-reading the original message, it isn't entirely clear where the error
message is coming from... so we definitely need more information to help.
On Mon, Feb 21, 2011 at 10:23 AM, James js@aegisco.com wrote:
Jonathan,
I believe he is using knife ssh to invoke chef-client. I used a similar
method on 0.8.6 without problems, but have since replaced the knife ssh
component (with the help of Chef Infra (archive)), not because it didn't work, but because
other options provide more flexibility (control over responses, variability
in actions taken). However, in most cases, knife ssh will do the trick.
The error he posted appears to be from the chef-client invocation, which
aligns with what he stated.
Good evening,
Trying to get knife ssh to work. In interactive mode if I try
chef-client
(or sudo chef-client)
Well, which is it?
knife ssh, which relies on correct settngs in ~/.chef/knife.rb onyourworkstation, or chef-client, which lives on the client-side
(usually a server, just not chef server) and reads
/etc/chef/client.rb on that box?
I use knife ssh to connect to the instance in interactive mode and I send
"sudo chef-client" When I do that I see the error I listed.
Sorry, I haven't had much time to track these threads. They've split. Your
clarifying questions have actually helped me understand this better, and
I've put some time into investigating the problem. I may have it fixed but
I haven't had time to verify as I'm trying to get a staging server set up.
Good evening,
Trying to get knife ssh to work. In interactive mode if I try
chef-client
(or sudo chef-client)
Well, which is it?
knife ssh, which relies on correct settngs in ~/.chef/knife.rb onyourworkstation, or chef-client, which lives on the client-side
(usually a server, just not chef server) and reads
/etc/chef/client.rb on that box?
Confirmed. I've got this nailed. Thanks for your help folks.
On Mon, Feb 21, 2011 at 8:47 AM, Joshua Jarboe josh@kingofweb.com wrote:
I use knife ssh to connect to the instance in interactive mode and I send
"sudo chef-client" When I do that I see the error I listed.
Sorry, I haven't had much time to track these threads. They've split.
Your clarifying questions have actually helped me understand this better,
and I've put some time into investigating the problem. I may have it fixed
but I haven't had time to verify as I'm trying to get a staging server set
up.
Good evening,
Trying to get knife ssh to work. In interactive mode if I try
chef-client
(or sudo chef-client)
Well, which is it?
knife ssh, which relies on correct settngs in ~/.chef/knife.rb onyourworkstation, or chef-client, which lives on the client-side
(usually a server, just not chef server) and reads
/etc/chef/client.rb on that box?
Sorry about the split, that was my fault. I'm glad you may have resolved the
problem, please post back what the solution was for other's benefit, if you
don't mind.
In regard to the staging server, I tend to use ubuntu 10.04 for quick chef
server setup because it is package based and everything is quick and easy.
James
On Mon, Feb 21, 2011 at 11:47 AM, Joshua Jarboe josh@kingofweb.com wrote:
I use knife ssh to connect to the instance in interactive mode and I send
"sudo chef-client" When I do that I see the error I listed.
Sorry, I haven't had much time to track these threads. They've split.
Your clarifying questions have actually helped me understand this better,
and I've put some time into investigating the problem. I may have it fixed
but I haven't had time to verify as I'm trying to get a staging server set
up.
Good evening,
Trying to get knife ssh to work. In interactive mode if I try
chef-client
(or sudo chef-client)
Well, which is it?
knife ssh, which relies on correct settngs in ~/.chef/knife.rb onyourworkstation, or chef-client, which lives on the client-side
(usually a server, just not chef server) and reads
/etc/chef/client.rb on that box?
