search

chef-boneyard / delivery-truck

DEPRECATED: Delivery build cb for pipelines
Apache License 2.0
35 stars 48 forks source link

Berks vendor in publish phase causes permission denied on client key when pulling from a chef server #6

Open ndobson opened 9 years ago

ndobson commented 9 years ago

berks vendor in publish phase causes permission denied on client key when pulling from chef server, probably want to have berks use the delivery.pem instead

 execute[berks_vendor_cookbook_ge_delivery_chef] action run

    ================================================================================
    Error executing action `run` on resource 'execute[berks_vendor_cookbook_ge_delivery_chef]'
    ================================================================================

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    Expected process to exit with [0], but received '1'
    ---- Begin output of berks vendor /var/opt/delivery/workspace/3.166.221.12/ge_capital/archops/ge_delivery_chef/master/build/publish/cache/cookbook-upload ----
    STDOUT: Resolving cookbook dependencies...
    Fetching 'ge_delivery_chef' from source at .
    Fetching cookbook index from http://3.166.220.156...
    Installing chef-vault (1.3.0) from http://3.166.220.156 ([chef_server] https://3.166.221.11:443/organizations/archops)
    Installing delivery-truck (1.5.0) from http://3.166.220.156 ([chef_server] https://3.166.221.11:443/organizations/archops)
    Using ge_delivery_chef (0.2.20) from source at .
    STDERR: /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/ridley-4.1.2/lib/ridley/client.rb:144:in `read': Permission denied @ rb_sysopen - /etc/chef/client.pem (Errno::EACCES)
        from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/ridley-4.1.2/lib/ridley/client.rb:144:in `initialize'
        from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/calls.rb:26:in `public_send'
afiune commented 9 years ago

@ndobson Could you show me the permissions on the file /etc/chef/client.pem?

afiune commented 9 years ago

@ndobson any update on this? :smile:

ndobson commented 9 years ago

@afiune yes currently we have a wrapper build cookbook that is laying down a .berkshelf/config.json containing the path to the client key in both the publish and unit phases. Is this something that you think should be integrated into delivery-truck?