Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bootstrapping a node raises missing create permission for chef infra server 13 #9207

Closed
vsingh-msys opened this issue Jan 9, 2020 · 4 comments
Closed

Comments

@vsingh-msys
Copy link
Contributor

@vsingh-msys vsingh-msys commented Jan 9, 2020

Description

While bootstrapping a node with the latest chef infra server 13.1.13 raises missing create permission while attempting to create a client.

Chef Version

15.5.17

Platform Version

Node: Ubuntu 18.04

Replication Case

  • Setup a standalone chef infra server 13.1.13
  • Bootstrap a node.

Client Output

ERROR: You authenticated successfully to https://chef-server.test/organizations/4thcoffee as chefadmin but you are not authorized for this action.
Response:  missing create permission

Stacktrace

Creating new client for node1
bundler: failed to load command: knife (/chef/vendor/bundle/ruby/2.6.0/bin/knife)
Net::HTTPServerException: 403 "Forbidden"
  /opt/chefdk/embedded/lib/ruby/2.6.0/net/http/response.rb:122:in `error!'
  /chef/lib/chef/http.rb:152:in `request'
  /chef/lib/chef/http.rb:131:in `post'
  /chef/lib/chef/api_client/registration.rb:106:in `create'
  /chef/lib/chef/api_client/registration.rb:96:in `create_or_update'
  /chef/lib/chef/api_client/registration.rb:59:in `run'
  /chef/lib/chef/knife/bootstrap/client_builder.rb:133:in `create_client!'
  /chef/lib/chef/knife/bootstrap/client_builder.rb:55:in `run'
  /chef/lib/chef/knife/bootstrap.rb:596:in `register_client'
  /chef/lib/chef/knife/bootstrap.rb:575:in `run'
  /chef/lib/chef/knife.rb:486:in `block in run_with_pretty_exceptions'
  /chef/lib/chef/local_mode.rb:42:in `with_server_connectivity'
  /chef/lib/chef/knife.rb:485:in `run_with_pretty_exceptions'
  /chef/lib/chef/knife.rb:229:in `run'
  /chef/lib/chef/application/knife.rb:163:in `run'
  /chef/bin/knife:24:in `<top (required)>'
  /chef/vendor/bundle/ruby/2.6.0/bin/knife:23:in `load'
  /chef/vendor/bundle/ruby/2.6.0/bin/knife:23:in `<top (required)>'
@lamont-granquist

This comment has been minimized.

Copy link
Contributor

@lamont-granquist lamont-granquist commented Jan 9, 2020

That doesn't seem like a bug in the client -- the user on the chef-server doesn't have create perms on the node container.

@lamont-granquist

This comment has been minimized.

Copy link
Contributor

@lamont-granquist lamont-granquist commented Jan 9, 2020

(i think there's been changes on the chef-server to lock things down over the years, and as a result of tightening security stance that means that it probably needs to be documented how to setup a user to be able to bootstrap nodes -- or something along those lines)

@vsingh-msys

This comment has been minimized.

Copy link
Contributor Author

@vsingh-msys vsingh-msys commented Jan 10, 2020

seems that updates related to client formation are missing in the changelog & release note of chef infra server, we probably need to look in detail and update the bootstrap process accordingly.

@lamont-granquist

This comment has been minimized.

Copy link
Contributor

@lamont-granquist lamont-granquist commented Jan 24, 2020

this needs to be addressed server-side i think or server-side docs. it certainly is a low priority for the client since i don't think there's any code changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.