Skip to main content

Authorization error with API user knife initialization `knife configure -i`

Notice these errors. First error shows the API user of knife (root) failed to authenticate:

# knife client list
WARN: HTTP Request Returned 401 Unauthorized: Failed to authenticate!
/usr/lib/ruby/1.8/net/http.rb:2101:in `error!': 401 "Unauthorized" (Net::HTTPServerException)
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest.rb:217:in `api_request'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest.rb:268:in `retriable_rest_request'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest.rb:198:in `api_request'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest.rb:101:in `get_rest'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/api_client.rb:185:in `list'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/knife/client_list.rb:35:in `run'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/application/knife.rb:115:in `run'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/bin/knife:25
from /usr/bin/knife:19:in `load'
from /usr/bin/knife:19

so I tried to re-initialize API user (root). And encountered another authentication failure (this time with webui client user (see chef-server log that follows).

# knife configure -i
Overwrite /root/.chef/knife.rb? (Y/N) Y
Please enter the chef server URL: [http://localhost:4000]
Please enter a clientname for the new client: [root]
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem]
Please enter the path to a chef repository (or leave blank):
WARN: Creating initial API user...
FATAL: Failed to read the private key /etc/chef/webui.pem: #, /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest/auth_credentials.rb:59:in `read'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest/auth_credentials.rb:59:in `load_signing_key'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest/auth_credentials.rb:33:in `initialize'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest.rb:41:in `new'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest.rb:41:in `initialize'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/api_client.rb:232:in `new'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/api_client.rb:232:in `save'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/knife/client_create.rb:55:in `run'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/knife/configure.rb:86:in `run'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/application/knife.rb:115:in `run'/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/bin/knife:25/usr/bin/knife:19:in `load'/usr/bin/knife:19
/usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest/auth_credentials.rb:62:in `load_signing_key': I cannot read /etc/chef/webui.pem, which you told me to use to sign requests! (Chef::Exceptions::PrivateKeyMissing)
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest/auth_credentials.rb:33:in `initialize'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest.rb:41:in `new'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/rest.rb:41:in `initialize'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/api_client.rb:232:in `new'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/api_client.rb:232:in `save'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/knife/client_create.rb:55:in `run'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/knife/configure.rb:86:in `run'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/lib/chef/application/knife.rb:115:in `run'
from /usr/lib/ruby/gems/1.8/gems/chef-0.9.6/bin/knife:25
from /usr/bin/knife:19:in `load'
from /usr/bin/knife:19

This is the chef-server log that gives hint it is webui that is failing to authenticate:

2010-09-13_15:13:48.61008 INFO: Authenticating client chef-webui
2010-09-13_15:13:48.63105 merb : worker (port 4000) ~ Started request handling: Mon Sep 13 08:13:48 -0700 2010
2010-09-13_15:13:48.63110 merb : worker (port 4000) ~ Params: {"name"=>"root", "action"=>"create", "admin"=>true, "controller"=>"clients"}
2010-09-13_15:13:48.63112 merb : worker (port 4000) ~ Failed to authenticate! - (Merb::ControllerExceptions::Unauthorized)
2010-09-13_15:13:48.63165 /usr/lib/ruby/gems/1.8/gems/chef-server-api-0.9.6/app/controllers/application.rb:50:in `authenticate_every'
2010-09-13_15:13:48.63166 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/abstract_controller.rb:352:in `send'
2010-09-13_15:13:48.63167 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/abstract_controller.rb:352:in `_call_filters'
2010-09-13_15:13:48.63169 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/abstract_controller.rb:344:in `each'
2010-09-13_15:13:48.63170 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/abstract_controller.rb:344:in `_call_filters'
2010-09-13_15:13:48.63171 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/abstract_controller.rb:286:in `_dispatch'
2010-09-13_15:13:48.63172 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/abstract_controller.rb:284:in `catch'
2010-09-13_15:13:48.63175 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/abstract_controller.rb:284:in `_dispatch'
2010-09-13_15:13:48.63176 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/merb_controller.rb:285:in `_dispatch'
2010-09-13_15:13:48.63177 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/merb_controller.rb:262:in `_call'
2010-09-13_15:13:48.63178 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/controller/merb_controller.rb:252:in `call'
2010-09-13_15:13:48.63179 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/dispatch/dispatcher.rb:91:in `dispatch_action'
2010-09-13_15:13:48.63180 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/dispatch/dispatcher.rb:69:in `handle'
2010-09-13_15:13:48.63181 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/dispatch/dispatcher.rb:29:in `handle'
2010-09-13_15:13:48.63183 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/rack/application.rb:17:in `call'
2010-09-13_15:13:48.63184 /usr/lib/ruby/gems/1.8/gems/rack-1.0.0/lib/rack/content_length.rb:13:in `call'
2010-09-13_15:13:48.63185 /usr/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/connection.rb:76:in `pre_process'
2010-09-13_15:13:48.63186 /usr/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/connection.rb:74:in `catch'
2010-09-13_15:13:48.63188 /usr/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/connection.rb:74:in `pre_process'
2010-09-13_15:13:48.64712 /usr/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/connection.rb:57:in `process'
2010-09-13_15:13:48.64713 /usr/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/connection.rb:42:in `receive_data'
2010-09-13_15:13:48.64715 /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.8/lib/eventmachine.rb:242:in `run_machine'
2010-09-13_15:13:48.64716 /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.8/lib/eventmachine.rb:242:in `run'
2010-09-13_15:13:48.64717 /usr/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/backends/base.rb:57:in `start'
2010-09-13_15:13:48.64718 /usr/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/server.rb:156:in `start'
2010-09-13_15:13:48.64719 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/rack/adapter/thin.rb:30:in `start_server'
2010-09-13_15:13:48.64720 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/rack/adapter/abstract.rb:305:in `start_at_port'
2010-09-13_15:13:48.64721 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/rack/adapter/abstract.rb:138:in `start'
2010-09-13_15:13:48.64727 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/server.rb:174:in `bootup'
2010-09-13_15:13:48.64729 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core/server.rb:42:in `start'
2010-09-13_15:13:48.64732 /usr/lib/ruby/gems/1.8/gems/merb-core-1.1.3/lib/merb-core.rb:165:in `start'
2010-09-13_15:13:48.64733 /usr/lib/ruby/gems/1.8/gems/chef-server-api-0.9.6/bin/chef-server:75
2010-09-13_15:13:48.64734 /usr/bin/chef-server:19:in `load'
2010-09-13_15:13:48.64735 /usr/bin/chef-server:19
2010-09-13_15:13:48.64736 merb : worker (port 4000) ~ Params: {"name"=>"root", "action"=>"create", "admin"=>true, "controller"=>"clients"}
2010-09-13_15:13:48.64738 merb : worker (port 4000) ~ {:dispatch_time=>0.041183, :action_time=>0.008142, :after_filters_time=>3.2e-05, :before_filters_time=>0.002237}
2010-09-13_15:13:48.64739 merb : worker (port 4000) ~
2010-09-13_15:13:48.64740


Delete root and webui clients and delete corresponding keys (/root/.chef/root.pem and /etc/chef/webui.pem). Restart chef-server and you should get a new set of keys. Initialize a new API user (root):

# knife configure -i
Overwrite /root/.chef/knife.rb? (Y/N) Y
Please enter the chef server URL: [http://localhost:4000]
Please enter a clientname for the new client: [root]
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem]
Please enter the path to a chef repository (or leave blank):
WARN: Creating initial API user...
INFO: Created (or updated) client[root]
WARN: Configuration file written to /root/.chef/knife.rb

Test API with knife

# knife client list

should give you a list of clients.


Comments

Popular posts from this blog

Globe's HOOQ.TV an (unethical) scam!!

After being terribly disappointed with the subscription stage and after also after a very disappointing test drive (at least Netflix tries to be do-no-evil), I am now very disappointed with the un-subscription of HOOQ.tv with Globe.


Globe sends me a message:


Hi! We'd like to remind you that your free HOOQ will end in 7 days on 10/27/2015. Upon expiry, your subscription will auto-renew to the paid version for P149 per month. If you don't want the paid version, text HOOQ STOP to 8888. before the expiry date. Thank you!


I send the HOOQ STOP to 888 and received:


Sorry, you have entered an invalid keyword. Please make sure your keyword is correct with no extra characters and spaces. For more info on promos, dial *143#, FREE from your Globe/TM mobile phone.


I called Globe Support (211).


Here's the scam:


- GoSurf 999 comes with the HOOQ Free Plan


- After the Free HOOQ Plan (which you did not use because it sucks) expires, it will auto-renew without your consent (!!! UNETHICAL !!!…

Use Private Internet Access (PIA) in DigitalOcean

tags: PrivateInternetAccess, Digital Ocean, VPS, VPN

This runs the PIA VPN using OpenVPN all from the command line.

sudo apt-get install openvpn network-manager-openvpn Not sure if you need network-manager-openvpn.

sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip Extract. Move ca.crt and crl.pem to /etc/openvpn

Move "Hong Kong.ovpn" to "/etc/openvpn/Hong Kong.config" for example.

Modified the following lines.

auth-user-pass /etc/openvpn/login.conf route-up /etc/openvpn/route-up.sh
These are the contents of these files.

# cat /etc/openvpn/login.conf username password
Replace with your username and password.

# cat route-up.sh  #!/bin/bash
ip route flush table 100 ip route flush cache ip rule add from x.x.x.x table 100 ip route add table 100 to y.y.y.y/y dev ethX ip route add table 100 default via z.z.z.z
Replace x.x.x.x with your public IP address, y.y.y.y/y with your subnet. Compute using http://jodies.de/ipcalc. Hint: Input public IP and netmask, y…

aircrack-ng (rt2x00 Mac80211 Linux wireless stack) in Ubuntu Trusty 14.04 (14.0.4.1) LTS

Ubuntu is actually installed in a Virtualbox virtual machine on Mac OS X Yosemite 10.10 (10.10.2). Before proceeding read the important intro below from http://www.aircrack-ng.org/doku.php?id=cracking_wpa#introduction
Install aircrack-ng suite.

$ sudo apt-get install aircrack-ng
It should install and provide the following.
# dpkg -s aircrack-ng Package: aircrack-ng Status: install ok installed Priority: optional Section: net Installed-Size: 2167 Maintainer: Ubuntu Developers Architecture: amd64 Version: 1:1.1-6 Depends: libc6 (>= 2.15), libgcrypt11 (>= 1.4.5), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4), wireless-tools, iw Recommends: wget Description: wireless WEP/WPA cracking utilities  aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a  40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets  have been gathered. Also it can attack WPA1/2 networks with some advanced  methods or simply by brute force.  .  It implements the standard FMS attack alon…