How do I create user account by chef-solo?

Question

Question

1. How do I create user account by chef-solo?
2. Why does "users" recipe needs client.pem?

Environment

• ruby is ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-linux]
• chef-solo is Chef: 0.10.8
• "users" recipe version is head at 2012-03-27 (commit:f6e1d421f3513c92a0cfbf89c77f750e402ba545).
• recipe only {"run_list":["recipe[users::sysadmins]"]}

Description

I would create user account by chef-solo with recipe "users". But occurred error, following like this.

FATAL: Chef::Exceptions::PrivateKeyMissing: users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!

Log

vagrant@lucid32:/tmp/vagrant-chef-1$ ruby --version
ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-linux]
vagrant@lucid32:/tmp/vagrant-chef-1$ chef-solo -v
Chef: 0.10.8
vagrant@lucid32:/tmp/vagrant-chef-1$ cat /tmp/vagrant-chef-1/solo.rb
file_cache_path "/tmp/vagrant-chef-1"
cookbook_path ["/tmp/vagrant-chef-1/chef-solo-1/cookbooks", "/tmp/vagrant-chef-1/cookbooks/cookbooks"]
role_path nil
log_level :debug
vagrant@lucid32:/tmp/vagrant-chef-1$ cat /tmp/vagrant-chef-1/dna.json
{"run_list":["recipe[users::sysadmins]"]}
vagrant@lucid32:/tmp/vagrant-chef-1$ sudo chef-solo -c solo.rb -j dna.json
[Mon, 26 Mar 2012 17:54:48 -0700] INFO: *** Chef 0.10.8 ***
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Building node object for lucid32
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Extracting run list from JSON attributes provided on command line
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Setting the run_list to ["recipe[users::sysadmins]"] from JSON
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Applying attributes from json file
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Platform is ubuntu version 10.04
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Run List is [recipe[users::sysadmins]]
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Run List expands to [users::sysadmins]
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Starting Chef Run for lucid32
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Running start handlers
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Start handlers complete.
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: No chefignore file found at /tmp/vagrant-chef-1/chef-solo-1/cookbooks/chefignore no files will be ignored
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: No chefignore file found at /tmp/vagrant-chef-1/cookbooks/cookbooks/chefignore no files will be ignored
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loading cookbook users's providers from /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loaded contents of /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb into a provider named users_manage defined in Chef::Provider::UsersManage
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loading cookbook users's resources from /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/resources/manage.rb
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loaded contents of /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/resources/manage.rb into a resource named users_manage defined in Chef::Resource::UsersManage
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loading Recipe users::sysadmins via include_recipe
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Found recipe sysadmins in cookbook users
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loading from cookbook_path: /tmp/vagrant-chef-1/chef-solo-1/cookbooks, /tmp/vagrant-chef-1/cookbooks/cookbooks
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Converging node lucid32
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Processing users_manage[sysadmin] on lucid32
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Processing users_manage[sysadmin] action remove (users::sysadmins line 23)
[Mon, 26 Mar 2012 17:54:49 -0700] WARN: Failed to read the private key /etc/chef/client.pem: #<Errno::ENOENT: No such file or directory - /etc/chef/client.pem>
[Mon, 26 Mar 2012 17:54:49 -0700] ERROR: users_manage[sysadmin] (users::sysadmins line 23) has had an error
[Mon, 26 Mar 2012 17:54:49 -0700] ERROR: users_manage[sysadmin] (/tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/recipes/sysadmins.rb:23:in `from_file') had an error:
users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:62:in `load_signing_key'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:33:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `search'
/tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb:27:in `class_from_file'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `instance_eval'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `action_remove'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `send'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `run_action'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:45:in `run_action'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `each'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:94:in `execute_each_resource'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:92:in `execute_each_resource'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:76:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:312:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:160:in `run'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:192:in `run_application'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `loop'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `run_application'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application.rb:67:in `run'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/chef-solo:25
/opt/ruby/bin//chef-solo:19:in `load'
/opt/ruby/bin//chef-solo:19
[Mon, 26 Mar 2012 17:54:49 -0700] ERROR: Running exception handlers
[Mon, 26 Mar 2012 17:54:49 -0700] ERROR: Exception handlers complete
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Re-raising exception: Chef::Exceptions::PrivateKeyMissing - users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:62:in `load_signing_key'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:33:in `initialize'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `new'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `initialize'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `new'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `initialize'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `new'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `search'
  /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb:27:in `class_from_file'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `instance_eval'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `action_remove'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `send'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `run_action'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:45:in `run_action'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `each'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:94:in `execute_each_resource'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:92:in `execute_each_resource'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:76:in `converge'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:312:in `converge'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:160:in `run'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:192:in `run_application'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `loop'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `run_application'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application.rb:67:in `run'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/chef-solo:25
  /opt/ruby/bin//chef-solo:19:in `load'
  /opt/ruby/bin//chef-solo:19
[Mon, 26 Mar 2012 17:54:49 -0700] FATAL: Stacktrace dumped to /tmp/vagrant-chef-1/chef-stacktrace.out
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Chef::Exceptions::PrivateKeyMissing: users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:62:in `load_signing_key'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:33:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `search'
/tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb:27:in `class_from_file'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `instance_eval'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `action_remove'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `send'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `run_action'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:45:in `run_action'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `each'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:94:in `execute_each_resource'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:92:in `execute_each_resource'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:76:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:312:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:160:in `run'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:192:in `run_application'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `loop'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `run_application'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application.rb:67:in `run'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/chef-solo:25
/opt/ruby/bin//chef-solo:19:in `load'
/opt/ruby/bin//chef-solo:19
[Mon, 26 Mar 2012 17:54:49 -0700] FATAL: Chef::Exceptions::PrivateKeyMissing: users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!

Answer 1

Finally I succeeded in creating an account with chef-solo and data_bags.

It needs:

• chef-solo-search
• users(require version 1.1.2, not working at head revision)

cookbooks.

See https://github.com/niku/vagrant_config_files/tree/minimum_set

Answer 2

Opscode's "users" cookbook relies on using server centric features for user management, namely data bags and search. It is not designed or intended to work with Chef Solo.

The users_manage resource that is used in the users::sysadmins recipe runs a Chef Search query against the users data bag. When the recipe runs, it attempts to connect to a server, which is why it is looking for /etc/chef/client.pem - to authenticate with a Chef Server. Since you have neither, it fails.

Update

There is now a cookbook that adds "search-like" functionality for data bag items to Chef Solo that may be of interest for using the "users" cookbook.

• Chef Solo Search cookbook

Note that the "users" cookbook currently checks for Chef Solo and will not run if detected. This is part of an effort recently to pass linting check from foodcritic, per FC003. Version 1.1.2 of the users cookbook does not include this change (it is in the master branch)