yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #49290
[Bug 1568940] [NEW] validation_key in client.rb should be filepath not actual validation key content
Public bug reported:
The chef example shows that you need to pass validation key content in
user data
(http://cloudinit.readthedocs.org/en/latest/topics/examples.html
#install-and-run-chef-recipes) which will populate
/etc/chef/validation.pem. This populates /etc/chef/validation.pem
correctly on your vm but unfortunately puts this content as the value of
validation_key in /etc/chef/client.rb. This value should be a file path
as per documentation: https://docs.chef.io/config_rb_client.html.
validation_key
The location of the file that contains the key used when a chef-client is registered with a Chef server. A validation key is signed using the validation_client_name for authentication. Default value: /etc/chef/validation.pem.
When you try to run chef-client on this node you will get the following
error:
Creating a new client identity for poliva-bescloud-
admin.poliva.dev.altus.bblabs using the validator key.
================================================================================
Chef encountered an error attempting to create the client "poliva-bescloud-admin.poliva.dev.altus.bblabs"
================================================================================
Private Key Not Found:
----------------------
Your private key could not be loaded. If the key file exists, ensure that it is
readable by chef-client.
Relevant Config Settings:
-------------------------
validation_key "-----BEGIN RSA PRIVATE KEY-----
<key content>
-----END RSA PRIVATE KEY-----"
I have noticed that when running chef-client as daemon though you do not
hit this problem (not sure why). But in my case I didn't want to run in
daemon mode.
** Affects: cloud-init
Importance: Undecided
Status: New
** Tags: chef
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1568940
Title:
validation_key in client.rb should be filepath not actual validation
key content
Status in cloud-init:
New
Bug description:
The chef example shows that you need to pass validation key content in
user data
(http://cloudinit.readthedocs.org/en/latest/topics/examples.html
#install-and-run-chef-recipes) which will populate
/etc/chef/validation.pem. This populates /etc/chef/validation.pem
correctly on your vm but unfortunately puts this content as the value
of validation_key in /etc/chef/client.rb. This value should be a file
path as per documentation: https://docs.chef.io/config_rb_client.html.
validation_key
The location of the file that contains the key used when a chef-client is registered with a Chef server. A validation key is signed using the validation_client_name for authentication. Default value: /etc/chef/validation.pem.
When you try to run chef-client on this node you will get the
following error:
Creating a new client identity for poliva-bescloud-
admin.poliva.dev.altus.bblabs using the validator key.
================================================================================
Chef encountered an error attempting to create the client "poliva-bescloud-admin.poliva.dev.altus.bblabs"
================================================================================
Private Key Not Found:
----------------------
Your private key could not be loaded. If the key file exists, ensure that it is
readable by chef-client.
Relevant Config Settings:
-------------------------
validation_key "-----BEGIN RSA PRIVATE KEY-----
<key content>
-----END RSA PRIVATE KEY-----"
I have noticed that when running chef-client as daemon though you do
not hit this problem (not sure why). But in my case I didn't want to
run in daemon mode.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1568940/+subscriptions
Follow ups