The Chef server includes the following object permissions: Permission This can be fixed by syncing the clock with an Network Time Protocol (NTP) server. The system clock has drifted from the actual time by more than 15 minutes.This issue can be resolved by explicitly setting the node name in the client.rb file or by using the -N option for the chef-client executable. For example, if the client.rb file does not specify the correct node name and the host name has recently changed. A node_name is different from the one used during the initial chef-client run.When the chef-client re-runs, it will re-attempt to register with the Chef server and generate the correct key.
This can be fixed by deleting the client.pem file and re-running the chef-client. If the authentication is happening on the node, there are a number of common causes: If the authentication request occurs during the initial chef-client run, the issue is most likely with the private key. For example, the api.get method can be used to return a node named foobar, and then. The returned object is then available to be called by other methods. Whenever possible, the Chef server API will return an object of the relevant type. join ( '\n' ) end end Usage () ExecuteUserChoice ()Īnother way Ruby can be used with the Chef server API is to get objects from the Chef server, and then interact with the returned data using Ruby methods. puts ex print 'Error calling chef API' print ex.
Use the delete_validation recipe found in the chef-client cookbook ( ) to remove the chef-validator. (If, for any reason, the chef-validator is unable to make an authenticated request to the Chef server, the initial chef-client run will fail.)ĭuring the initial chef-client run, the chef-client will register with the Chef server using the private key assigned to the chef-validator, after which the chef-client will obtain a client.pem private key for all future authentication requests to the Chef server.Īfter the initial chef-client run has completed successfully, the chef-validator is no longer required and may be deleted from the node. Instead, the chef-client will attempt to use the private key assigned to the chef-validator, located in /etc/chef/validation.pem. However, during the first chef-client run, this private key does not exist. When the chef-client makes a request to the Chef server, the chef-client authenticates each request using a private key located in /etc/chef/client.pem. Every request made by the chef-client to the Chef server must be an authenticated request using the Chef server API and a private key.