Hi.
I am getting this error.
ERROR: You authenticated successfully to
https://api.opscode.com/organizations/mycomapy as mynode but you are
not authorized for this action
SO…how do I auth? I am trying to delete nodes using knife. This
is a script on a monitoring that is run once a minute.
knife node delete thatnopde --yes
By default the API Clients for nodes do not have permission in the ACL to modify/delete other node objects. You can update the ACLs, or create a specific API client to use for that purpose.
--
Joshua Timberman
Sent from a mobile device
On Wednesday, July 18, 2012 at 6:09, David Montgomery wrote:
Hi.
I am getting this error.
ERROR: You authenticated successfully to
Sign In - Chef Manage as mynode but you are
not authorized for this actionSO...how do I auth? I am trying to delete nodes using knife. This
is a script on a monitoring that is run once a minute.knife node delete thatnopde --yes
Thanks,
In hosted chef, I went to clients and edited permissions for the
node. I gave all clients in groups to CRUD.I tried the individual
node but that did not help as well. I still get the error.
So....from hosted chef UI, for my monitoring server, what is the
proper way?
On Wed, Jul 18, 2012 at 9:49 PM, Joshua Timberman joshua@opscode.com wrote:
By default the API Clients for nodes do not have permission in the ACL to
modify/delete other node objects. You can update the ACLs, or create a
specific API client to use for that purpose.--
Joshua Timberman
Sent from a mobile deviceOn Wednesday, July 18, 2012 at 6:09, David Montgomery wrote:
Hi.
I am getting this error.
ERROR: You authenticated successfully to
Sign In - Chef Manage as mynode but you are
not authorized for this actionSO...how do I auth? I am trying to delete nodes using knife. This
is a script on a monitoring that is run once a minute.knife node delete thatnopde --yes
On Wed, Jul 18, 2012 at 10:01 AM, David Montgomery
davidmontgomery@gmail.com wrote:
In hosted chef, I went to clients and edited permissions for the
node. I gave all clients in groups to CRUD.I tried the individual
node but that did not help as well. I still get the error.
So....from hosted chef UI, for my monitoring server, what is the
proper way?
You can get support from Opscode for Hosted Chef at
Chef Support for Automation & DevOps | Chef.
What credentials are you using with knife? Are you using the node's
client key, or your own?
It'd help if you provided steps to reproduce that showed what commands
you were running as well.
Bryan
Here is the knife file I use. I am using the nodes key and I have a
template for the below.
log_level :info
log_location STDOUT
node_name "<%= node.name %>"
client_key "/etc/chef/client.pem"
validation_client_name "mycomany-validator"
validation_key "#{current_dir}/mycomanyi-validator.pem"
chef_server_url "Sign In - Chef Manage"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
I can list nodes e.g.. That works.
knife node list
Yay! it works
I cant list clients.
knife client list
ERROR: You authenticated successfully to
Sign In - Chef Manage as dev_tokyo_monitor but
you are not authorized for this action
Response: Merb::ControllerExceptions::Forbidden
On Wed, Jul 18, 2012 at 10:19 PM, Bryan McLellan btm@loftninjas.org wrote:
On Wed, Jul 18, 2012 at 10:01 AM, David Montgomery
davidmontgomery@gmail.com wrote:In hosted chef, I went to clients and edited permissions for the
node. I gave all clients in groups to CRUD.I tried the individual
node but that did not help as well. I still get the error.
So....from hosted chef UI, for my monitoring server, what is the
proper way?You can get support from Opscode for Hosted Chef at
Chef Support for Automation & DevOps | Chef.What credentials are you using with knife? Are you using the node's
client key, or your own?It'd help if you provided steps to reproduce that showed what commands
you were running as well.Bryan
I'm guessing you're using the wrong client key. /etc/chef/client.pem is
usually the client for the node rather than for your administrative user.
If you don't already have the key for your user, you can log into the
webui and get one here https://www.opscode.com/account/password then put
that pem file in the knife.rb file as client_key.
Thanks,
Paul Mooring
On Wed, Jul 18, 2012 at 8:08 AM, David Montgomery <davidmontgomery@gmail.com
wrote:
Here is the knife file I use. I am using the nodes key and I have a
template for the below.log_level :info
log_location STDOUT
node_name "<%= node.name %>"
client_key "/etc/chef/client.pem"
validation_client_name "mycomany-validator"
validation_key "#{current_dir}/mycomanyi-validator.pem"chef_server_url "Sign In - Chef Manage"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )I can list nodes e.g.. That works.
knife node list
Yay! it worksI cant list clients.
knife client list
ERROR: You authenticated successfully to
Sign In - Chef Manage as dev_tokyo_monitor but
you are not authorized for this action
Response: Merb::ControllerExceptions::ForbiddenOn Wed, Jul 18, 2012 at 10:19 PM, Bryan McLellan btm@loftninjas.org
wrote:On Wed, Jul 18, 2012 at 10:01 AM, David Montgomery
davidmontgomery@gmail.com wrote:In hosted chef, I went to clients and edited permissions for the
node. I gave all clients in groups to CRUD.I tried the individual
node but that did not help as well. I still get the error.
So....from hosted chef UI, for my monitoring server, what is the
proper way?You can get support from Opscode for Hosted Chef at
Chef Support for Automation & DevOps | Chef.What credentials are you using with knife? Are you using the node's
client key, or your own?It'd help if you provided steps to reproduce that showed what commands
you were running as well.Bryan
--
Paul Mooring
Systems Engineer - Customer Advocate
Opscode, Inc.
c: 480.332.0589
e: paul@opscode.com
I think I misunderstood your problem, just adding list permissions to the
clients container and nodes container on the client you're using should
allow you to list the clients. That won't let you delete nodes or clients
though, for what you're trying to accomplish (deleting any client and
node). You can create a group for this and give that group the proper
permissions on the clients and nodes container which will be inherited by
new nodes/clients, but you would need to use this
GitHub - chef-boneyard/knife-acl: knife plugin for working with ACLs on Chef Server to set delete permissions on the
containers. The last option is to just make that client part of the users
group.
On Wed, Jul 18, 2012 at 8:44 AM, Paul Mooring paul@opscode.com wrote:
I'm guessing you're using the wrong client key. /etc/chef/client.pem is
usually the client for the node rather than for your administrative user.
If you don't already have the key for your user, you can log into the
webui and get one here https://www.opscode.com/account/password then put
that pem file in the knife.rb file as client_key.Thanks,
Paul Mooring
On Wed, Jul 18, 2012 at 8:08 AM, David Montgomery <
davidmontgomery@gmail.com> wrote:Here is the knife file I use. I am using the nodes key and I have a
template for the below.log_level :info
log_location STDOUT
node_name "<%= node.name %>"
client_key "/etc/chef/client.pem"
validation_client_name "mycomany-validator"
validation_key "#{current_dir}/mycomanyi-validator.pem"chef_server_url "Sign In - Chef Manage"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )I can list nodes e.g.. That works.
knife node list
Yay! it worksI cant list clients.
knife client list
ERROR: You authenticated successfully to
Sign In - Chef Manage as dev_tokyo_monitor but
you are not authorized for this action
Response: Merb::ControllerExceptions::ForbiddenOn Wed, Jul 18, 2012 at 10:19 PM, Bryan McLellan btm@loftninjas.org
wrote:On Wed, Jul 18, 2012 at 10:01 AM, David Montgomery
davidmontgomery@gmail.com wrote:In hosted chef, I went to clients and edited permissions for the
node. I gave all clients in groups to CRUD.I tried the individual
node but that did not help as well. I still get the error.
So....from hosted chef UI, for my monitoring server, what is the
proper way?You can get support from Opscode for Hosted Chef at
Chef Support for Automation & DevOps | Chef.What credentials are you using with knife? Are you using the node's
client key, or your own?It'd help if you provided steps to reproduce that showed what commands
you were running as well.Bryan
--
Paul Mooring
Systems Engineer - Customer Advocate
Opscode, Inc.c: 480.332.0589
e: paul@opscode.com
--
Paul Mooring
Systems Engineer - Customer Advocate
Opscode, Inc.
c: 480.332.0589
e: paul@opscode.com