- From: "McDade, Michael" <
>
- To: "
" <
>
- Subject: [chef] Chef Server 12 - Problem deploying certificate from encrypted data bag.
- Date: Fri, 17 Apr 2015 19:27:15 +0000
- Accept-language: en-US
?Hello all. I'm fairly new to chef, so it's possible that I'm overlooking
something obvious. We have just finished installing and configuring a new
chef 12 server version 12.2.1. Initially we were going to upgrade an existing
Open Source Chef 11 server, but ran into issues that made upgrade or
migration problematic. That's another story for another time.
We have uploaded the cookbooks from our 11 server to the 12 server and are
in the process of testing one of them on a test node. Everything appears to
be working as expected except for a problem creating a certificate from an
encrypted data bag.
The problem occurs when trying to apply this recipe:
cookbook_file '/etc/chef/encrypted_data_bag_secret' do
owner 'root'
group 'root'
mode 00600
end
certificate_manage 'wildcard' do
cert_path "#{node['mumail']['sysconf']}/ssl"
cert_file 'wildcard.pem'
key_file 'wildcard.key'
chain_file 'wildcard-bundle.crt'
action :create
not_if { node['virtualization']['role'] == 'guest' &&
(node['virtualization']['system'] == 'lxc' ||
node['virtualization']['system'] == 'vbox') }
end
On the chef run we get this:
================================================================================
Error executing action `create` on resource 'certificate_manage[wildcard]'
================================================================================
Net::HTTPServerException
------------------------
401 "Unauthorized"
Cookbook Trace:
---------------
/var/chef/cache/cookbooks/certificate/providers/manage.rb:26:in `block in
class_from_file'
Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/mu-mail/recipes/certificate.rb
26: certificate_manage 'wildcard' do
27: cert_path "#{node['mumail']['sysconf']}/ssl"
28: cert_file 'wildcard.pem'
29: key_file 'wildcard.key'
30: chain_file 'wildcard-bundle.crt'
31: action :create
32: not_if { node['virtualization']['role'] == 'guest' &&
(node['virtualization']['system'] == 'lxc' ||
node['virtualization']['system'] == 'vbox') }
33: end
Compiled Resource:
------------------
# Declared in
/var/chef/cache/cookbooks/mu-mail/recipes/certificate.rb:26:in `from_file'
certificate_manage("wildcard") do
action [:create]
retries 0
retry_delay 2
default_guard_interpreter :default
declared_type :certificate_manage
cookbook_name "mu-mail"
recipe_name "certificate"
cert_path "/etc/postfix/ssl"
cert_file "wildcard.pem"
key_file "wildcard.key"
chain_file "wildcard-bundle.crt"
data_bag_secret "/etc/chef/encrypted_data_bag_secret"
data_bag "certificates"
search_id "wildcard"
not_if { #code block }
end
Any idea what I'm doing wrong?
?
Michael McDade
IT Associate Senior
Marshall University Information Technology
Drinko Library 428K, 1 John Marshall Dr., Huntington, WV 25755
Phone: 304.696.6127
- [chef] Chef Server 12 - Problem deploying certificate from encrypted data bag., McDade, Michael, 04/17/2015
Archive powered by MHonArc 2.6.16.