← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1568940] [NEW] validation_key in client.rb should be filepath not actual validation key content

 

Public bug reported:

The chef example shows that you need to pass validation key content in
user data
(http://cloudinit.readthedocs.org/en/latest/topics/examples.html
#install-and-run-chef-recipes) which will populate
/etc/chef/validation.pem. This populates /etc/chef/validation.pem
correctly on your vm but unfortunately puts this content as the value of
validation_key in /etc/chef/client.rb. This value should be a file path
as per documentation: https://docs.chef.io/config_rb_client.html.

validation_key
The location of the file that contains the key used when a chef-client is registered with a Chef server. A validation key is signed using the validation_client_name for authentication. Default value: /etc/chef/validation.pem.

When you try to run chef-client on this node you will get the following
error:

Creating a new client identity for poliva-bescloud-
admin.poliva.dev.altus.bblabs using the validator key.

================================================================================
Chef encountered an error attempting to create the client "poliva-bescloud-admin.poliva.dev.altus.bblabs"
================================================================================

Private Key Not Found:
----------------------
Your private key could not be loaded. If the key file exists, ensure that it is
readable by chef-client.

Relevant Config Settings:
-------------------------
validation_key "-----BEGIN RSA PRIVATE KEY-----
<key content>
-----END RSA PRIVATE KEY-----"

I have noticed that when running chef-client as daemon though you do not
hit this problem (not sure why). But in my case I didn't want to run in
daemon mode.

** Affects: cloud-init
     Importance: Undecided
         Status: New


** Tags: chef

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1568940

Title:
  validation_key in client.rb should be filepath not actual validation
  key content

Status in cloud-init:
  New

Bug description:
  The chef example shows that you need to pass validation key content in
  user data
  (http://cloudinit.readthedocs.org/en/latest/topics/examples.html
  #install-and-run-chef-recipes) which will populate
  /etc/chef/validation.pem. This populates /etc/chef/validation.pem
  correctly on your vm but unfortunately puts this content as the value
  of validation_key in /etc/chef/client.rb. This value should be a file
  path as per documentation: https://docs.chef.io/config_rb_client.html.

  validation_key
  The location of the file that contains the key used when a chef-client is registered with a Chef server. A validation key is signed using the validation_client_name for authentication. Default value: /etc/chef/validation.pem.

  When you try to run chef-client on this node you will get the
  following error:

  Creating a new client identity for poliva-bescloud-
  admin.poliva.dev.altus.bblabs using the validator key.

  ================================================================================
  Chef encountered an error attempting to create the client "poliva-bescloud-admin.poliva.dev.altus.bblabs"
  ================================================================================

  Private Key Not Found:
  ----------------------
  Your private key could not be loaded. If the key file exists, ensure that it is
  readable by chef-client.

  Relevant Config Settings:
  -------------------------
  validation_key "-----BEGIN RSA PRIVATE KEY-----
  <key content>
  -----END RSA PRIVATE KEY-----"

  I have noticed that when running chef-client as daemon though you do
  not hit this problem (not sure why). But in my case I didn't want to
  run in daemon mode.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1568940/+subscriptions


Follow ups