REST authentication

Chef Infra (archive)
1

Hi Chef folks-

I’m very new to Chef. I’m trying to update the nodes on my chef server using Chef::REST, and I’m having trouble getting authenticated.

When I run this snippet:

start snippet

require 'chef’
require ‘chef/rest’

user = "nick"
pass = "whatever"
chefServer = "https://my-chef-server"
validationToken = “something”

r = Chef::REST.new(chefServer)
r.register(user,pass,validationToken)

r = Chef::REST.new(chefServer)
r.authenticate(user, pass)

end snippet

I get this output:

start output

[Sun, 30 Aug 2009 05:02:09 +0000] DEBUG: Registering nick for an openid
[Sun, 30 Aug 2009 05:02:09 +0000] DEBUG: Sending HTTP Request via GET to /registrations/nick
[Sun, 30 Aug 2009 05:02:09 +0000] DEBUG: Sending HTTP Request via POST to /registrations
[Sun, 30 Aug 2009 05:02:09 +0000] DEBUG: Authenticating nick via openid
[Sun, 30 Aug 2009 05:02:09 +0000] DEBUG: Sending HTTP Request via POST to /openid/consumer/start
/usr/lib/ruby/1.8/net/http.rb:2097:in error!': 400 "Bad Request" (Net::HTTPServerException) from /usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/rest.rb:233:inrun_request’
from /usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/rest.rb:95:in post_rest' from /usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/rest.rb:68:inauthenticate’
from go.rb:13

end output

Also, I noticed this in the Apache error.log:

start error.log

Params: {“submit”=>“Verify”, “action”=>“start”, “controller”=>“chef_server_slice/openid_consumer”, “openid_identifier”=>“http://localhost:4001/openid/server/node/nick”}
~ Discovery failed for http://localhost:4001/openid/server/node/nick: Failed to fetch identity URL http://localhost:4001/openid/server/node/nick : Error fetching http://localhost:4001/openid/server/node/nick: Connection refused - connect(2) - (Merb::ControllerExceptions::BadRequest)
/usr/lib/ruby/gems/1.8/gems/chef-server-slice-0.7.8/app/controllers/openid_consumer.rb:41:in start' /usr/lib/ruby/gems/1.8/gems/merb-core-1.0.12/lib/merb-core/controller/abstract_controller.rb:315:insend’
/usr/lib/ruby/gems/1.8/gems/merb-core-1.0.12/lib/merb-core/controller/abstract_controller.rb:315:in `_call_action’
[snip…]

end error.log

It looks like the registration part is working. In the web UI I can see the “nick” Registration is validated.

I have chef-clients on other machines that are successfully authenticating and running recipes just fine.

Is there something that I am missing about using Chef::REST? Is there a better library I should try using for RESTful Node management?

Thanks.

-Nick

2

On Sat, 2009-08-29 at 22:17 -0700, Nick wrote:

Hi Chef folks-

I'm very new to Chef. I'm trying to update the nodes on my chef server using Chef::REST, and I'm having trouble getting authenticated.
[...]
Is there something that I am missing about using Chef::REST? Is there a better library I should try using for RESTful Node management?

Thanks.

-Nick

Hi Nick,

have a look at "Knife", gist:104080 · GitHub. It's a nice
little command line tool to handle node/recipe assignments and
attributes which is based on the Rest API.

Regards,
Claus

3

After comparing the Knife code with what I was doing, the only thing I was missing was setting Chef::Config[:openid_url] (which is used in Chef::Rest).

Thanks Claus.

--- On Sun, 8/30/09, Claus Divossen claus.divossen@t-online.de wrote:

From: Claus Divossen claus.divossen@t-online.de
Subject: [chef] Re: REST authentication
To: chef@lists.opscode.com
Date: Sunday, August 30, 2009, 4:59 AM
On Sat, 2009-08-29 at 22:17 -0700,
Nick wrote:

Hi Chef folks-

I'm very new to Chef. I'm trying to update the
nodes on my chef server using Chef::REST, and I'm having
trouble getting authenticated.
[...]
Is there something that I am missing about using
Chef::REST? Is there a better library I should try
using for RESTful Node management?

Thanks.

-Nick

Hi Nick,

have a look at "Knife", gist:104080 · GitHub. It's a nice
little command line tool to handle node/recipe assignments
and
attributes which is based on the Rest API.

Regards,
Claus