Restore then fails chef-server-ctl test

Question

Restore then fails chef-server-ctl test

mrjcleaver opened this issue 10 years ago · comments

I did a backup of my production box and moved and extracted the tgz to my testing box.

root@testbox-chef:/var/log/chef-server# chef-server-ctl test
Configuring logging...
Creating platform...
Starting Pedant Run: 2014-12-31 18:29:35 UTC
setting up rspec config for #<Pedant::OpenSourcePlatform:0x0000000298b050>
Configuring RSpec for Open-Source Tests
 _______  _______  _______  _______  _______  ______   _______
|       ||       ||       ||       ||       ||      | |       |
|   _   ||    _  ||  _____||       ||   _   ||  _    ||    ___|
|  | |  ||   |_| || |_____ |       ||  | |  || | |   ||   |___
|  |_|  ||    ___||_____  ||      _||  |_|  || |_|   ||    ___|
|       ||   |     _____| ||     |_ |       ||       ||   |___
|_______||___|    |_______||_______||_______||______| |_______|

     _______  _______  ______   _______  __    _  _______
    |       ||       ||      | |   _   ||  |  | ||       |
    |    _  ||    ___||  _    ||  |_|  ||   |_| ||_     _|
    |   |_| ||   |___ | | |   ||       ||       |  |   |
    |    ___||    ___|| |_|   ||       ||  _    |  |   |
    |   |    |   |___ |       ||   _   || | |   |  |   |
    |___|    |_______||______| |__| |__||_|  |__|  |___|

                    "Accuracy Over Tact"

                  === Testing Environment ===
                 Config File: /var/opt/chef-server/chef-pedant/etc/pedant_config.rb
       HTTP Traffic Log File: /var/log/chef-server/chef-pedant/http-traffic.log

Running tests from the following directories:
/opt/chef-server/embedded/service/chef-pedant/spec/api
Ruby?  Erlang? true
Run options:
  include {:focus=>true, :smoke=>true}
  exclude {:platform=>:multitenant, :cleanup=>true}
Creating client pedant_admin_client...
Encountered an error attempting to create client pedant_admin_client
Response Code was: 401
Response Body was: {"error":["Invalid signature for user or client 'admin'"]}
Exception during Pedant credentials setup

Anyone else get this? It also has the effect that clients of the testing box see:

>   Authentication Error:
>   ---------------------
>   Failed to authenticate to the chef server (http 401).
>   
>   Server Response:
>   ----------------
>   Invalid signature for user or client 'chef-validator'
>
>  Relevant Config Settings:
>  -------------------------
>  chef_server_url         "https://...:443"
>  validation_client_name  "chef-validator"
>  validation_key          "/etc/chef/validation.pem"
>  
>  If these settings are correct, your validation_key may be invalid.

Thanks, M.

Martin Cleaver · Answer 1 · Thu Jan 01 2015 02:37:04 GMT+0800 (China Standard Time)

Might be connected to #26 - trying that.

Martin Cleaver · Answer 2 · Thu Jan 01 2015 02:39:52 GMT+0800 (China Standard Time)

Tried regenerating using knife configure on the client; didn't help.

Martin Cleaver · Answer 3 · Thu Jan 01 2015 03:12:10 GMT+0800 (China Standard Time)

Ok. So, I fixed this (rightly or wrongly) as follows:

On the restored Chef server:
a) Edit the chef-validator Client, private key, regenerate, save, copy Private Key (the one shown only once)
b) PASTE this to /etc/chef-server/validation.pem

/etc/chef-server# cat > validation.pem

On the new node, again, PASTE:

root@elkstack:~# cat > /etc/chef/validation.pem

chef-client now works

Martin Cleaver · Answer 4 · Thu Jan 01 2015 03:17:55 GMT+0800 (China Standard Time)

https://docs.chef.io/chef_private_keys.html was of some help.

Martin Cleaver · Answer 5 · Thu Jan 01 2015 03:19:31 GMT+0800 (China Standard Time)

Actually:

/etc/chef-server# chef-server-ctl test

still fails (same error) but I assume this is just needing to regenerate the password or key for the admin user.