Chef bootstrap giving 401 unauthorized

Question

I'm trying to bootstrap a new chef node by running:
knife bootstrap <server ip> -x lewis -N gitlab --sudo
But I get the following output:
[Mon, 03 Sep 2012 14:45:17 +0000] INFO: *** Chef 10.12.0 *** [Mon, 03 Sep 2012 14:45:17 +0000] INFO: Client key /etc/chef/client.pem is not present - registering [Mon, 03 Sep 2012 14:45:17 +0000] INFO: HTTP Request Returned 401 Unauthorized: Failed to authenticate. Ensure that your client key is valid. [Mon, 03 Sep 2012 14:45:17 +0000] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out [Mon, 03 Sep 2012 14:45:17 +0000] FATAL: Net::HTTPServerException: 401 "Unauthorized"

My chef server is running Ubuntu 12.04 x32 and the machine I'm trying to bootstrap is running CentOS 6.3 x64

Any idea what's going wrong?

check date and time on ypur chef server and client – Jun 12 '15 at 13:04 — , Jun 12 '15 at 13:04

score 7 · Answer 1 · answered Oct 18 '12 at 12:13

7

I just had the same problem and fixed it from this thread http://comments.gmane.org/gmane.comp.sysutils.chef.user/2718

either ssh into your potential client machine and remove the /etc/chef/client.pem or run this quicky

ssh -t name@new.client.net "sudo rm /etc/chef/client.pem"

Run knife bootstrap again and it should work. You may have registered this machine already with another chef server.

answered Oct 18 '12 at 12:13

mraaroncruz

191
6

I have the same error as the op, and there is no client.pem on the node. – OlegYch Nov 02 '12 at 22:33
Yeah, it actually says there is no client.pem in the error message. My answer was to another question... oops. – mraaroncruz Nov 05 '12 at 11:45

OlegYch · Answer 2 · 2012-11-03T20:37:15.420

2

This worked for me http://wiki.opscode.com/display/chef/Common+Errors#CommonErrors-401Unauthorized(usingvalidatorAPIclient)

You need to delete validation.pem and restart chef-server, since it's broken by default in current ubuntu chef-server package.

edited Nov 03 '12 at 20:37

answered Nov 02 '12 at 22:59

OlegYch

71
4

Hi @OlgeYch , while we appreciate links to tutorials or outside sources we do ask that you include the summary of the page or process in your answer. – Jacob Nov 02 '12 at 23:24

Tim Potter · Answer 3 · 2012-09-03T23:14:58.717

0

To get knife-bootstrap working add entries to your ~/.chef/knife.rb like this:

validation_client_name  "chef-validator"
validation_key          "#{ENV["HOME"]}/.chef/validation.pem"

and put a copy of the /etc/chef/validation.pem file from the Chef server copied in to $HOME/.chef/validation.pem.

If you don't like knife-bootstrap there are a number of other ways of setting this up automatically

create an OS image e.g a custom AMI with the validation file already in place
use the cloud-init package that is part of Ubuntu to seed the image with the validation file

I've used cloud-init moderately successfully in the past, but it has its quirks.

edited Sep 03 '12 at 23:14

answered Sep 03 '12 at 22:43

Tim Potter

1,754
15
15

Hmm, i removed everything the the `/etc/chef` directory and tried running the command again and still got the same error – loddy1234 Sep 03 '12 at 22:55
Hi - sorry I misread your question slightly so I've rewritten the answer. Give it a try now. – Tim Potter Sep 03 '12 at 23:15
Nope, still not having any luck, same error again. Just to clarify, the error above is coming from the node I'm trying to bootstrap. Am I supposed to be doing this in the node or the chef server? (I've tried both) – loddy1234 Sep 04 '12 at 09:04
@loddy1234 The node. You had it right. – mraaroncruz Nov 05 '12 at 11:47

Chef bootstrap giving 401 unauthorized

3 Answers3

Linked