chef - [chef] Re: SSL verification fails on a Berks API server?

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: SSL verification fails on a Berks API server?

From: Michel Blankleder < >
To:
Subject: [chef] Re: SSL verification fails on a Berks API server?
Date: Wed, 15 Apr 2015 11:51:42 -0300

Hi,

I had the same error a while ago and --ssl-verify=false solved the issue.

berks upload cookbook_name --ssl-verify=false

Hope it helps

Michel

On Wed, Apr 15, 2015 at 11:30 AM, Fouts, Chris < " target="_blank"> > wrote:

I set up an organization called berks-api on my Chef 12 Enterprise server to act as my Berks API server, and setup berkshelf-api. I then ran berks-api with

$ berks-api –c ~/.berkshelf/api-server/config.json

..where my config.json file looks like

{

"endpoints": [

    {

      "type": "chef_server",

       "options": {

       "url": "https://myserver.domain.com/organizations/berks-api",

       "client_name": "jenkins",

       "client_key": "/etc/berkshelf/api-server/jenkins.pem",

       "ssl_verify" : false

      }

    }

]

}

…and see the following on my terminal, so I know it’s working.

[2015-04-14T18:49:12.737950 #10033] INFO -- : Cache manager starting...

I, [2015-04-14T18:49:12.738207 #10033] INFO -- : Loading save from /root/.berkshelf/api-server/cerch

W, [2015-04-14T18:49:12.739368 #10033] WARN -- : Endpoints in config have changed - invalidating cache

I, [2015-04-14T18:49:12.739465 #10033] INFO -- : Cache contains 0 items

I, [2015-04-14T18:49:12.740341 #10033] INFO -- : Cache Builder starting...

I, [2015-04-14T18:49:12.846975 #10033] INFO -- : REST Gateway listening on 0.0.0.0:26200

I, [2015-04-14T18:49:12.887143 #10033] INFO -- : Processing chef_server: https://myserver.domain.com/organizations/berks-api

I, [2015-04-14T18:49:12.963418 #10033] INFO -- : Found 25 cookbooks from chef_server: https://myserver.domain.com/organizations/berks-api

I, [2015-04-14T18:49:12.964527 #10033] INFO -- : Processing metadata for 25 cookbooks with 0 remaining on chef_server: https://myserver.domain.com/organizations/berks-api

I’m able to upload cookbooks to the berks-api server.

Now I want to use Berkshelf magic to get cookbooks from it.

My Berkshelf file looks like this

source “https://myserver.domain.com/organizations/berks-api:26200”

metadata

cookbook “linux_role”

When I do a berks install, I get

Fetching cookbook index from https://myserver.domain.com:26200...

/opt/chef/embedded/lib/ruby/2.1.0/net/http.rb:920:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A (Faraday::SSLError)

from /opt/chef/embedded/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'

from /opt/chef/embedded/lib/ruby/2.1.0/timeout.rb:91:in `block in timeout'

from /opt/chef/embedded/lib/ruby/2.1.0/timeout.rb:101:in `call'

from /opt/chef/embedded/lib/ruby/2.1.0/timeout.rb:101:in `timeout'

from /opt/chef/embedded/lib/ruby/2.1.0/net/http.rb:920:in `connect'

from /opt/chef/embedded/lib/ruby/2.1.0/net/http.rb:863:in `do_start'

from /opt/chef/embedded/lib/ruby/2.1.0/net/http.rb:852:in `start'

from /opt/chef/embedded/lib/ruby/2.1.0/net/http.rb:1369:in `request'

from /opt/chef/embedded/lib/ruby/2.1.0/net/http.rb:1128:in `get'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/adapter/net_http.rb:80:in `perform_request'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/adapter/net_http.rb:40:in `block in call'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/adapter/net_http.rb:87:in `with_net_http_connection'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/adapter/net_http.rb:32:in `call'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/request/retry.rb:110:in `call'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/response.rb:8:in `call'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/response.rb:8:in `call'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/rack_builder.rb:139:in `build_response'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/connection.rb:377:in `run_request'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.1/lib/faraday/connection.rb:140:in `get'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/berkshelf-api-client-1.2.1/lib/berkshelf/api_client/connection.rb:62:in `universe'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/berkshelf-3.2.3/lib/berkshelf/source.rb:22:in `build_universe'

from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/berkshelf-3.2.3/lib/berkshelf/installer.rb:21:in `block (2 levels) in build_universe'

Is there an SSL setup I’m missing? I just want to disable SSL on the organization, if possible?

Chris

[chef] SSL verification fails on a Berks API server?, Fouts, Chris, 04/15/2015
- [chef] Re: SSL verification fails on a Berks API server?, Michel Blankleder, 04/15/2015
  - [chef] RE: Re: SSL verification fails on a Berks API server?, Fouts, Chris, 04/15/2015
    - [chef] Re: RE: Re: SSL verification fails on a Berks API server?, Peter Burkholder, 04/15/2015
      - [chef] RE: Re: RE: Re: SSL verification fails on a Berks API server?, Fouts, Chris, 04/16/2015
- [chef] Re: SSL verification fails on a Berks API server?, Kent Perrier, 04/15/2015