这就是401认证错误
401“未经授权”的错误有多种原因,所以请使用下面的章节来找到最接近您的输出的错误消息。如果您无法找到匹配的错误,或者如果所提供的步骤无效,请提交帮助票。
Failed to authenticate as ORGANIZATION-validator¶
如果有以下错误,您需要重新生成组织的pem文件
If you’re receiving an error like the following it most likely means you’ll need to regenerate the ORGANIZATION-validator.pem file:
INFO: Client key /etc/chef/client.pem is not present - registering INFO: HTTP Request Returned 401 Unauthorized: Failed to authenticate as ORGANIZATION-validator. Ensure that your node_name and client key are correct. FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out FATAL: Net::HTTPServerException: 401 "Unauthorized"
Troubleshooting Steps
检查以下三个地方
- Check if the ORGANIZATION-validator.pem file exists in one of the following locations:
~/.chef ~/projects/current_project/.chef /etc/chef
If one is present, verify that it has the correct read permissions.
- If there’s no ORGANIZATION-validator.pem file, regenerate it.
~/.chef ~/projects/current_project/.chef /etc/chef If one is present, verify that it has the correct read permissions.
- If there’s no client.rb file, regenerate it and ensure the values for the node_name and client_key settings are correct.
Organization not found¶ 没找到组织
If you see this error when trying to recreate the ORGANIZATION-validator.pem, it’s possible that the chef-client itself was deleted. In this situation, the ORGANIZATION-validator.pem will need to be recreated. In these directions, ORGANIZATION should be replaced with the name of your organization.
To reset a chef-validator key:
- Open the Chef management console.
- Click Policy.
- Click Clients.
- Select a chef-validator key.
- Click the Details tab.
- Click Reset Key.
- In the Reset Key dialog box, confirm that the key should be regenerated and click the Reset Key button:
- Copy the private key:
or download and save the private key locally:
Synchronize the clock on your host¶
系统超过15分钟也会出现认证问题
All other 401 errors
The general Net::HTTPServerException: 401 "Unauthorized" error will usually occur for one of two reasons.
Make sure your client.pem is valid.
$ rm /etc/chef/client.pem $ chef-client
403 Forbidden
FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out FATAL: Net::HTTPServerException: 403 "Forbidden"
Troubleshooting Steps
In Chef, there are two different types of permissions issues, object specific and global permissions. To figure out which type of permission issue you’re experiencing, run the chef-client again using the -l debug options to see debugging output.
.
500 (Unexpected)
/var/log/opscode/opscode-account/current
- /var/log/opscode/opscode-erchef/current
502 / 504 (Gateway)
Determine which API service is returning 504s using the Nginx access logs. API requests returning 504 can be found with the following command on a frontend:
$ grep 'HTTP/1.1" 504' /var/log/opscode/nginx/access.log
$ grep 'HTTP/1.1" 504' nginx-access.log | cut -d' ' -f8 | sort | uniq -c | sort
$ tail -10000 nginx-access.log | grep 'HTTP/1.1" 504' | cut -d' ' -f8 | sort | uniq -c | sort
$ chef-client -c /etc/chef/client.rb