Restore then fails chef-server-ctl test
mrjcleaver opened this issue · comments
Martin Cleaver commented
I did a backup of my production box and moved and extracted the tgz to my testing box.
root@testbox-chef:/var/log/chef-server# chef-server-ctl test
Configuring logging...
Creating platform...
Starting Pedant Run: 2014-12-31 18:29:35 UTC
setting up rspec config for #<Pedant::OpenSourcePlatform:0x0000000298b050>
Configuring RSpec for Open-Source Tests
_______ _______ _______ _______ _______ ______ _______
| || || || || || | | |
| _ || _ || _____|| || _ || _ || ___|
| | | || |_| || |_____ | || | | || | | || |___
| |_| || ___||_____ || _|| |_| || |_| || ___|
| || | _____| || |_ | || || |___
|_______||___| |_______||_______||_______||______| |_______|
_______ _______ ______ _______ __ _ _______
| || || | | _ || | | || |
| _ || ___|| _ || |_| || |_| ||_ _|
| |_| || |___ | | | || || | | |
| ___|| ___|| |_| || || _ | | |
| | | |___ | || _ || | | | | |
|___| |_______||______| |__| |__||_| |__| |___|
"Accuracy Over Tact"
=== Testing Environment ===
Config File: /var/opt/chef-server/chef-pedant/etc/pedant_config.rb
HTTP Traffic Log File: /var/log/chef-server/chef-pedant/http-traffic.log
Running tests from the following directories:
/opt/chef-server/embedded/service/chef-pedant/spec/api
Ruby? Erlang? true
Run options:
include {:focus=>true, :smoke=>true}
exclude {:platform=>:multitenant, :cleanup=>true}
Creating client pedant_admin_client...
Encountered an error attempting to create client pedant_admin_client
Response Code was: 401
Response Body was: {"error":["Invalid signature for user or client 'admin'"]}
Exception during Pedant credentials setup
Anyone else get this? It also has the effect that clients of the testing box see:
> Authentication Error:
> ---------------------
> Failed to authenticate to the chef server (http 401).
>
> Server Response:
> ----------------
> Invalid signature for user or client 'chef-validator'
>
> Relevant Config Settings:
> -------------------------
> chef_server_url "https://...:443"
> validation_client_name "chef-validator"
> validation_key "/etc/chef/validation.pem"
>
> If these settings are correct, your validation_key may be invalid.
Thanks, M.
Martin Cleaver commented
Might be connected to #26 - trying that.
Martin Cleaver commented
Tried regenerating using knife configure on the client; didn't help.
Martin Cleaver commented
Ok. So, I fixed this (rightly or wrongly) as follows:
- On the restored Chef server:
a) Edit the chef-validator Client, private key, regenerate, save, copy Private Key (the one shown only once)
b) PASTE this to /etc/chef-server/validation.pem
/etc/chef-server# cat > validation.pem
- On the new node, again, PASTE:
root@elkstack:~# cat > /etc/chef/validation.pem
- chef-client now works
Martin Cleaver commented
https://docs.chef.io/chef_private_keys.html was of some help.
Martin Cleaver commented
Actually:
/etc/chef-server# chef-server-ctl test
still fails (same error) but I assume this is just needing to regenerate the password or key for the admin user.