Chef node configuration issue with knife bootstrap- can't authenticate with server

6
votes

I am trying to setup a chef client node using knife bootstrap:

knife bootstrap nodename -x user -P passwd --sudo

Getting the following error messages::

Chef encountered an error attempting to create the client "nodename .url.com" Authentication Error - Failed to authenticate to the chef server (http 401). Server Response: Invalid signature for user or client 'chef-validator'*

My config settings looks good, I have tried restarting all the chef-server services and tried configuring the chef-client from the node as

  1. Installed chef correctly in a new VM
  2. Removed files in /etc/chef
  3. Copied over my Chef servers /etc/chef/chef-validator.pem to my /etc/chef/validator.pem
  4. Ran the chef-client -l debug -S https://mychefserver.url.com -K /etc/chef/validation.pem Still I am getting

    [2014-07-03T14:03:25-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)*

My chef workstation is working fine without any issues. Any configuration files in chef node I could possibly troubleshoot?
3
chef-infraknife
Not thinking about fixing the formatting of your comment?StephenKing
Did you really copy your Chef Server's /etc/chef/chef-validator.pem or was it /etc/chef-server/chef-validator.pem. Also if you didn't adjust the client.rb's validation_key variable, the default path would be /etc/chef/validation.pem (not validator.pem).StephenKing
It was the mychefserver::/etc/chef-server/chef-validator.pem > mychefclient::/etc/chef/validation.pem. It doesn't make any difference if you are specifying the key using chef-client -KBalualways
Looks like an issue with the chef-server I had installed or the environment. Created a new chef-server and the was able to bootstrap successfully.Balualways

3 Answers

5
votes

I also had this problem...

  • If using a Windows workstation, check that the files contained in the unzipped starter kit are "Unblocked" in Windows Explorer.

  • Also go to our chef node and delete any client.pem files which are contained there.

This can happen if you have already boot strapped a node then you download your starter kit again. The previous client.pem is not removed from the node. You need to manually remove this so that authentication can occur.

0
votes

There is a chance for the client and server time to be out of sync. The drift is always there when you are running either or both of them on AWS. It is always a good practice to have NTP running.

-1
votes

It was an issue with the chef-server I had installed or the environment. Created a new chef-server and the was able to bootstrap successfully.