[chef] Chef Server 12 - Problem deploying certificate from encrypted data bag.

["McDade, Michael" < >]

?Hello all. I'm fairly new to chef, so it's possible that I'm overlooking 
something obvious. We have just finished installing and configuring a new 
chef 12 server version 12.2.1. Initially we were going to upgrade an existing 
Open Source Chef 11 server, but ran into issues that made upgrade or 
migration problematic. That's another story for another time.


 We have uploaded the cookbooks from our 11 server to the 12 server and are 
in the process of testing one of them on a test node. Everything appears to 
be working as expected except for a problem creating a certificate from an 
encrypted data bag.


The problem occurs when trying to apply this recipe:


cookbook_file '/etc/chef/encrypted_data_bag_secret' do
  owner 'root'
  group 'root'
  mode 00600
end

certificate_manage 'wildcard' do
  cert_path "#{node['mumail']['sysconf']}/ssl"
  cert_file 'wildcard.pem'
  key_file 'wildcard.key'
  chain_file 'wildcard-bundle.crt'
  action :create
  not_if { node['virtualization']['role'] == 'guest' && 
(node['virtualization']['system'] == 'lxc' || 
node['virtualization']['system'] == 'vbox') }
end


On the chef run we get this:

    
================================================================================
    Error executing action `create` on resource 'certificate_manage[wildcard]'
    
================================================================================

    Net::HTTPServerException
    ------------------------
    401 "Unauthorized"

    Cookbook Trace:
    ---------------
    /var/chef/cache/cookbooks/certificate/providers/manage.rb:26:in `block in 
class_from_file'

    Resource Declaration:
    ---------------------
    # In /var/chef/cache/cookbooks/mu-mail/recipes/certificate.rb

     26: certificate_manage 'wildcard' do
     27:   cert_path "#{node['mumail']['sysconf']}/ssl"
     28:   cert_file 'wildcard.pem'
     29:   key_file 'wildcard.key'
     30:   chain_file 'wildcard-bundle.crt'
     31:   action :create
     32:   not_if { node['virtualization']['role'] == 'guest' && 
(node['virtualization']['system'] == 'lxc' || 
node['virtualization']['system'] == 'vbox') }
     33: end

    Compiled Resource:
    ------------------
    # Declared in 
/var/chef/cache/cookbooks/mu-mail/recipes/certificate.rb:26:in `from_file'

    certificate_manage("wildcard") do
      action [:create]
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      declared_type :certificate_manage
      cookbook_name "mu-mail"
      recipe_name "certificate"
      cert_path "/etc/postfix/ssl"
      cert_file "wildcard.pem"
      key_file "wildcard.key"
      chain_file "wildcard-bundle.crt"
      data_bag_secret "/etc/chef/encrypted_data_bag_secret"
      data_bag "certificates"
      search_id "wildcard"
      not_if { #code block }
    end

Any idea what I'm doing wrong?
?

Michael McDade
IT Associate Senior
Marshall University Information Technology
Drinko Library 428K, 1 John Marshall Dr., Huntington, WV 25755
Phone: 304.696.6127