Deleting a Knife client without a private key?

Question

I've joined a new company and to get caught up to speed, I've been playing with Vagrant for my VM. I had my system nearly set up and then a weird error forced me to shut off my laptop without disconnecting via vagrant destroy. Now when trying to get set, I run vagrant up and get the following error message.

    [default] Running provisioner: Vagrant::Provisioners::ChefClient...
    [default] Creating folder to hold client key...
    [default] Uploading chef client validation key...
    [default] Generating chef JSON and uploading...
    [default] Running chef-client...
    stdin: is not a tty
    [Wed, 16 Jan 2013 05:20:20 -0500] INFO: *** Chef 0.10.2 ***
    [Wed, 16 Jan 2013 05:20:20 -0500] INFO: Client key /etc/chef/client.pem is not present     - registering
    [Wed, 16 Jan 2013 05:20:21 -0500] INFO: HTTP Request Returned 409 Conflict: Client already exists.
    [Wed, 16 Jan 2013 05:20:22 -0500] INFO: HTTP Request Returned 403 Forbidden: Merb::ControllerExceptions::Forbidden
    [Wed, 16 Jan 2013 05:20:22 -0500] FATAL: Stacktrace dumped to /srv/chef/file_store/chef-stacktrace.out
    [Wed, 16 Jan 2013 05:20:22 -0500] FATAL: Net::HTTPServerException: 403 "Forbidden"
    The following SSH command responded with a non-zero exit status.
    Vagrant assumes that this means the command failed!

    chef-client -c /tmp/vagrant-chef-1/client.rb -j /tmp/vagrant-chef-1/dna.json

Now from my own research I see that this means a client already exists with the name specified, so I decided to manually shut it down. I tried to list all the knife clients with knife client list but then got the following message:

    WARNING: No knife configuration file found
    ERROR: Your private key could not be loaded from /etc/chef/client.pem
    Check your configuration file and ensure that your private key is readable

Strange. I know knife.rb exists, I see it when I ls so I don't know how the knife configuration file couldn't exist. I can't see my knife clients without this private key apparently. I'm completely new to Vagrant, Knife AND Chef so I'm stumped.

Thoughts?

Answer 1

So the convention is that your knife.rb be located in ~/.chef/knife.rb or /etc/chef/knife.rb - I prefer the former, as it keeps it in my home folder, adn constrained to MY user account.

I will also typically keep my Chef Server client certificate there as well.

Once you are able to execute a knife client list successfully, then you will be able to identify and remove the offending client certificate. (You might also be able to use the Web UI in the interim).

Having Vagrant remove the client's cert on destroy was a suggested feature but was never implemented, leaving it to the operator to make that decision.

Additionally - it looks like you're using a VERY old version of Chef - 0.10.2 - and we've just had 10.18.2 released today. Something to consider.