Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to upload cookbooks if non SSL mode is enabled #1338

Open
jwadolowski opened this issue Jul 23, 2017 · 1 comment
Open

Unable to upload cookbooks if non SSL mode is enabled #1338

jwadolowski opened this issue Jul 23, 2017 · 1 comment
Labels
Component: opscode-erchef investigation-required Status: To be prioritized Indicates that product needs to prioritize this issue. Triage: Confirmed Indicates and issue has been confirmed as described. Triage: Try Reproducing Indicates that this issue needs to be reproduced. Type: Bug Does not work as expected.

Comments

@jwadolowski
Copy link

jwadolowski commented Jul 23, 2017

I configured my Chef Server as follows:

User <== (HTTPS) ==> ELB <== (HTTP) ==> Apache <== (HTTP) ==> Chef Server

My chef-server.rb:

$ cat /etc/opscode/chef-server.rb
api_fqdn "chef.example.org"
notification_email "[email protected]"
nginx['enable_non_ssl'] = true
nginx['non_ssl_port'] = "80"

Whenever I try to upload new cookbook I get this error

$ berks upload
Skipping apt (5.0.1) (frozen)
Skipping chef-sugar (3.4.0) (frozen)
Skipping compat_resource (12.19.0) (frozen)
Skipping cron (4.1.3) (frozen)
/opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:345:in `each': task was terminated (Celluloid::Task::TerminatedError)
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:345:in `cleanup'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:329:in `shutdown'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:321:in `handle_crash'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:166:in `rescue in run'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:148:in `run'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:130:in `block in start'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/thread_handle.rb:13:in `block in initialize'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor_system.rb:32:in `block in get_thread'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/internal_pool.rb:130:in `block in create'
	from (celluloid):0:in `remote procedure call'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/calls.rb:92:in `value'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/proxies/sync_proxy.rb:33:in `method_missing'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:55:in `block (2 levels) in upload'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:51:in `each'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:51:in `block in upload'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/ridley-5.1.1/lib/ridley/client.rb:38:in `open'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/ridley-5.1.1/lib/ridley.rb:56:in `open'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf.rb:175:in `ridley_connection'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:50:in `upload'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:37:in `run'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/berksfile.rb:597:in `upload'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/cli.rb:205:in `upload'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/cli.rb:49:in `dispatch'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/cli.rb:25:in `execute!'
	from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/bin/berks:5:in `<top (required)>'
	from /opt/chefdk/bin/berks:263:in `load'
	from /opt/chefdk/bin/berks:263:in `<main>'

At first glance it may look like berkshelf bug, but it seems that in such setup Chef Server generates invalid response to POST /organizations/example/sandboxes request (details below).

All other operations work without issues (knife cookbook list, knife node list, etc)

Expected Behavior

Chef Server should work properly and allow cookbook uploads if it's configured as outlined above.

Current Behavior

berks upload triggers a bunch of HTTP requests

10.15.0.5 - - [21/Jul/2017:16:15:59 -0400] "GET /organizations/example/cookbooks/apt/5.0.1 HTTP/1.1" 200 7942 "-" "Ridley v5.1.1"
10.15.0.5 - - [21/Jul/2017:16:15:59 -0400] "GET /organizations/example/cookbooks/chef-sugar/3.4.0 HTTP/1.1" 200 1221 "-" "Ridley v5.1.1"
10.15.0.5 - - [21/Jul/2017:16:16:00 -0400] "GET /organizations/example/cookbooks/compat_resource/12.19.0 HTTP/1.1" 200 6074 "-" "Ridley v5.1.1"
10.15.0.5 - - [21/Jul/2017:16:16:00 -0400] "GET /organizations/example/cookbooks/cron/4.1.3 HTTP/1.1" 200 3569 "-" "Ridley v5.1.1"
10.15.0.5 - - [21/Jul/2017:16:16:00 -0400] "POST /organizations/example/sandboxes HTTP/1.1" 201 2885 "-" "Ridley v5.1.1"

The last one seems to be crucial in this case. Here's raw HTTP response

Headers

HTTP/1.1 201 Created
Server: openresty/1.11.2.1
Date: Sun, 21 Jul 2017 20:16:01 GMT
Content-Type: application/json
Content-Length: 2885
Connection: keep-alive
X-Ops-Server-API-Version: {"min_version":"0","max_version":"1","request_version":"0","response_version":"0"}
X-Ops-API-Info: flavor=cs;version=12.0.0;oc_erchef=12.15.7+20170619072446
Location: http://chef.example.org/organizations/example/sandboxes/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Body

{
  "sandbox_id":"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
  "uri":"https://chef.example.org:80/organizations/example/sandboxes/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
   ...
}

uri is set to https://chef.example.org:80, which is incorrect (wrong port) and most probably that's the reason why berks fails

Steps to Reproduce

  1. Configure Chef Server as presented above
  2. Try to upload any new cookbook using berks upload command

Your Environment

  • Chef Server Version: 12.15.8
  • Operating System and Version: RHEL 7.3

Related issues

It seems to be related/partially related to #50 and #662

@jwadolowski
Copy link
Author

As an interim solution I set nginx['enable_non_ssl'] = false, run chef-server-ctl reconfigure and updated my Apache config to use HTTPS proxy instead of plain HTTP one:

User <== (HTTPS) ==> ELB <== (HTTP) ==> Apache <== (HTTPS) ==> Chef Server

@PrajaktaPurohit PrajaktaPurohit added Aspect: Correctness Triage: Confirmed Indicates and issue has been confirmed as described. Triage: Try Reproducing Indicates that this issue needs to be reproduced. Type: Bug Does not work as expected. Component: opscode-erchef Status: To be prioritized Indicates that product needs to prioritize this issue. labels Nov 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Component: opscode-erchef investigation-required Status: To be prioritized Indicates that product needs to prioritize this issue. Triage: Confirmed Indicates and issue has been confirmed as described. Triage: Try Reproducing Indicates that this issue needs to be reproduced. Type: Bug Does not work as expected.
Projects
None yet
Development

No branches or pull requests

4 participants