chef-client INFO: HTTP Request Returned 409 Conflict: Client already exists

  • 7022917
  • 03-May-2018
  • 07-May-2018

Environment

SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7

Situation

Running chef-client errors out with:

root@d52-54-00-e1-0c-39:~ # chef-client
[2018-05-03T14:28:42+02:00] INFO: *** Chef 10.32.2 ***
[2018-05-03T14:28:42+02:00] INFO: Client key /etc/chef/client.pem is not present - registering
[2018-05-03T14:28:42+02:00] INFO: HTTP Request Returned 409 Conflict: Client already exists
[2018-05-03T14:28:42+02:00] INFO: HTTP Request Returned 403 Forbidden: You are not allowed to take this action.

================================================================================
Chef encountered an error attempting to create the client "d52-54-00-e1-0c-39.suse.com"
================================================================================

Authorization Error:
--------------------
Your validation client is not authorized to create the client for this node (HTTP 403).

Possible Causes:
----------------
* There may already be a client named "d52-54-00-e1-0c-39.suse.com"
* Your validation client (chef-validator) may have misconfigured authorization permissions.

[2018-05-03T14:28:42+02:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2018-05-03T14:28:42+02:00] FATAL: Net::HTTPServerException: 403 "Forbidden"


Resolution

On the admin node delete the client:

knife client delete d52-54-00-e1-0c-39.suse.com



Then on the failing node d52-54-00-e1-0c-39.suse.com run:

crowbar_join --setup

crowbar_join --start

This will delete the public key of the node from the chef-server.  It won't change any of the node attributes.
The crowbar_join call will then generate a new key-pair.


Cause

File /etc/chef/client.pem is missing for some reason.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.