search

canonical / cloud-init

Official upstream for the cloud-init: cloud instance initialization
https://cloud-init.io/
Other
2.97k stars 881 forks source link

validation_key in client.rb should be filepath not actual validation key content #2645

Open ubuntu-server-builder opened 1 year ago

ubuntu-server-builder commented 1 year ago

This bug was originally filed in Launchpad as LP: #1568940

Launchpad details 
affected_projects = []
assignee = None
assignee_name = None
date_closed = None
date_created = 2016-04-11T15:55:04.280847+00:00
date_fix_committed = None
date_fix_released = None
id = 1568940
importance = medium
is_complete = False
lp_url = https://bugs.launchpad.net/cloud-init/+bug/1568940
milestone = None
owner = philoliva8
owner_name = Philip Oliva
private = False
status = triaged
submitter = philoliva8
submitter_name = Philip Oliva
tags = ['chef']
duplicates = []

Launchpad user Philip Oliva(philoliva8) wrote on 2016-04-11T15:55:04.280847+00:00

The chef example shows that you need to pass validation key content in user data (http://cloudinit.readthedocs.org/en/latest/topics/examples.html#install-and-run-chef-recipes) which will populate /etc/chef/validation.pem. This populates /etc/chef/validation.pem correctly on your vm but unfortunately puts this content as the value of validation_key in /etc/chef/client.rb. This value should be a file path as per documentation: https://docs.chef.io/config_rb_client.html.

validation_key The location of the file that contains the key used when a chef-client is registered with a Chef server. A validation key is signed using the validation_client_name for authentication. Default value: /etc/chef/validation.pem.

When you try to run chef-client on this node you will get the following error:

Creating a new client identity for poliva-bescloud-admin.poliva.dev.altus.bblabs using the validator key.

================================================================================ Chef encountered an error attempting to create the client "poliva-bescloud-admin.poliva.dev.altus.bblabs"

Private Key Not Found:

Your private key could not be loaded. If the key file exists, ensure that it is readable by chef-client.

Relevant Config Settings:

validation_key "-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----" I have noticed that when running chef-client as daemon though you do not hit this problem (not sure why). But in my case I didn't want to run in daemon mode.
ubuntu-server-builder commented 1 year ago

Launchpad user Scott Moser(smoser) wrote on 2016-04-12T14:49:22.460868+00:00

Hi, could you test the provided patch and give some feedback as to if it works for you? Also any example on how to easily actually test cloud-init chef config connecting to an existing chef woudl be wonderful. Whenever I have to test this I dont really have a clue.

ubuntu-server-builder commented 1 year ago

Launchpad user Philip Oliva(philoliva8) wrote on 2016-06-01T15:54:06.050039+00:00

Hi Scott,

Sorry for very delayed response. I didn't notice you actually provided a patch until today.

Unfortunately this patch is not working for me right now. The format of /etc/chef/validation.pem is not correct as it is getting created with spaces instead of newlines.

ie) -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAlvMoKKLUHLScqx90eRES6QqhWTln4SYGxcubAV+bF0tKktLi kC8WVHpeC3bycIr8Do2DSKi/psSoKz4sRuJWZ9aEWwJRbJ3Wt8yyokeUmHPFYTEw mFbXxdUuiOZ/hdg1GOwhTh7x+x8T9nIUNkpfXlL9+7Qb3pAoA0N/kdp9rQowCiu4 /3uy/kXwj289XtiR6tfnIQ7RvI3t0ts37VtTbTBuqKLMZI2Tk2bRJfpb60Vou9aI MtWPH/d9WNfsazkFl+D/y0v1dVhleQfsroNFXpwlWeQ7yjLro1iWXiqlwy9ut8GJ onyjDE9W7Vw4MArRJW7QkIxUg5TP7ZK9noKYdQIDAQABAoIBAHgs/jvb5qMz58cV M9VvEm8WV36BhYJqk9nFT5K4WvEgsC5UVqwT0ONQyK639CxFeobbgznFn09WIczL otSMPd5NmvIZ1llzEA8kmNM5ycPV576JOvcNrJuELZgwajZU+3DsDVf0qxISnAII sK7IZ0ThLfPGYKnAexqeEmI8YPHxgVUqMIb7/R7Tvq9k0i0/pMlKncDLVTGR6lK7 K2uyaEP2M+9B124/KNcezHNcilyM0JfF7txPIAOM5QP7Ja01/G/VXg0Rw5dzqIoU iCuKaRCMoRxhK8me65Ohr1TiEAixT4cmm4iUKLe5P7k2q2IOMfc2DrnY/uIbfROZ 54jT2gECgYEAyT8Ih+XXhaLomNi97LTWc6uxhnRQLi+m7tlxBekwfx0Rknrk3O+z /N+TnoCCjgBrl1Pr9Y6q9jDdNzisHrMZrw/Lq8xmeKioy56LvyXan2n5iU2t+8J2 8EmMqkEqbBD60NTqC82UEr1mLHT5veussXy2WhDWXCqxcL1U8VYGzB0CgYEAwATw Iva5bnY1ZYPOHkEyd2ICJyd6yE4kpDOPGeHLHTYktYc1JkBglHk5UDtJf5rSD2a0 7B/Rv9vOUalQ42x3XyNu1R89pMqH4NTs+fTnCTVzf9IbrQTG8mOLYLy/q92wnKrC mK8SPiKgCuZWNWBsyLqok3eWSlQ0oIICAI2W3jkCgYBMYyytyMRh6VA4lCyjKJEu HsGns4arwVKv3sFT6QuLdFEzNIqiginjlknGJClqFSbBrg0mjBzAjhOp3k0W6gyZ snkwoMlUi1Bm2atZxtiRIfyh7WZY5ZuX4ZMPHOUpV9icY/Tivgmyg0nBHjWdrVND m37r+PAk09++V19iq7Cw0QKBgClOZqH+1TDv+NiXm/ViLQsFaFUn5v/D35n7BWOZ 8OmdxhPOvB44Zw5JbYzW1B7BHUL24yCQT7yn+iAS/jWOFbe/lY3/JHGYp9Yzt66l gjW269upRQ7ZIjruMwNiVxEPpXhuO2JA9vmq1SbDGfRtg7lCfhUK+qeOqauFjAy2 aKfxAoGBAKeIH6qSC5EQ77kbl/AGzdSkit7fBs9/gFKF2FN8rlzQBZRibNvADpwl IDqbmYGCYw0CVZ6lgh4hwinBrtMhWErPe2/EDEtpEbIAVZATTC34pARASsYooS/0 OoBziCpnLT+XTeZDLJ0/EUskgrN2PDKo7bKMBGqFD7NLO7HpBcQ3 -----END RSA PRIVATE KEY-----

The format of validation_cert looks good in /var/lib/cloud/instance/user-data.txt:

cloud-config

... ... ... ... chef: install_type: packages force_install: false server_url: https://front12.chef.fake.fake.fake.fake.fake/organizations/mandolin node_name: poliva-bescloud-admin.fake.fake.fake.fake environment: admin-poliva-Mandolin-thor validation_name: mandolin-validator validation_cert: "-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAlvMoKKLUHLScqx90eRES6QqhWTln4SYGxcubAV+bF0tKktLi kC8WVHpeC3bycIr8Do2DSKi/psSoKz4sRuJWZ9aEWwJRbJ3Wt8yyokeUmHPFYTEw mFbXxdUuiOZ/hdg1GOwhTh7x+x8T9nIUNkpfXlL9+7Qb3pAoA0N/kdp9rQowCiu4 /3uy/kXwj289XtiR6tfnIQ7RvI3t0ts37VtTbTBuqKLMZI2Tk2bRJfpb60Vou9aI MtWPH/d9WNfsazkFl+D/y0v1dVhleQfsroNFXpwlWeQ7yjLro1iWXiqlwy9ut8GJ onyjDE9W7Vw4MArRJW7QkIxUg5TP7ZK9noKYdQIDAQABAoIBAHgs/jvb5qMz58cV M9VvEm8WV36BhYJqk9nFT5K4WvEgsC5UVqwT0ONQyK639CxFeobbgznFn09WIczL otSMPd5NmvIZ1llzEA8kmNM5ycPV576JOvcNrJuELZgwajZU+3DsDVf0qxISnAII sK7IZ0ThLfPGYKnAexqeEmI8YPHxgVUqMIb7/R7Tvq9k0i0/pMlKncDLVTGR6lK7 K2uyaEP2M+9B124/KNcezHNcilyM0JfF7txPIAOM5QP7Ja01/G/VXg0Rw5dzqIoU iCuKaRCMoRxhK8me65Ohr1TiEAixT4cmm4iUKLe5P7k2q2IOMfc2DrnY/uIbfROZ 54jT2gECgYEAyT8Ih+XXhaLomNi97LTWc6uxhnRQLi+m7tlxBekwfx0Rknrk3O+z /N+TnoCCjgBrl1Pr9Y6q9jDdNzisHrMZrw/Lq8xmeKioy56LvyXan2n5iU2t+8J2 8EmMqkEqbBD60NTqC82UEr1mLHT5veussXy2WhDWXCqxcL1U8VYGzB0CgYEAwATw Iva5bnY1ZYPOHkEyd2ICJyd6yE4kpDOPGeHLHTYktYc1JkBglHk5UDtJf5rSD2a0 7B/Rv9vOUalQ42x3XyNu1R89pMqH4NTs+fTnCTVzf9IbrQTG8mOLYLy/q92wnKrC mK8SPiKgCuZWNWBsyLqok3eWSlQ0oIICAI2W3jkCgYBMYyytyMRh6VA4lCyjKJEu HsGns4arwVKv3sFT6QuLdFEzNIqiginjlknGJClqFSbBrg0mjBzAjhOp3k0W6gyZ snkwoMlUi1Bm2atZxtiRIfyh7WZY5ZuX4ZMPHOUpV9icY/Tivgmyg0nBHjWdrVND m37r+PAk09++V19iq7Cw0QKBgClOZqH+1TDv+NiXm/ViLQsFaFUn5v/D35n7BWOZ 8OmdxhPOvB44Zw5JbYzW1B7BHUL24yCQT7yn+iAS/jWOFbe/lY3/JHGYp9Yzt66l gjW269upRQ7ZIjruMwNiVxEPpXhuO2JA9vmq1SbDGfRtg7lCfhUK+qeOqauFjAy2 aKfxAoGBAKeIH6qSC5EQ77kbl/AGzdSkit7fBs9/gFKF2FN8rlzQBZRibNvADpwl IDqbmYGCYw0CVZ6lgh4hwinBrtMhWErPe2/EDEtpEbIAVZATTC34pARASsYooS/0 OoBziCpnLT+XTeZDLJ0/EUskgrN2PDKo7bKMBGqFD7NLO7HpBcQ3 -----END RSA PRIVATE KEY-----" run_list:

But /var/lib/cloud/instance/cloud-config.txt shows it as incorrect:

cloud-config

from 1 files

part-001

chef: environment: admin-poliva-Mandolin-thor exec: true exec_arguments: