search

chef / chef-server

Chef Infra Server is a hub for configuration data; storing cookbooks, node policies and metadata of managed nodes.
https://www.chef.io/chef/
Apache License 2.0
291 stars 210 forks source link

Unable to upload cookbooks if non SSL mode is enabled #1338

Open jwadolowski opened 7 years ago

jwadolowski commented 7 years ago

I configured my Chef Server as follows:

User <== (HTTPS) ==> ELB <== (HTTP) ==> Apache <== (HTTP) ==> Chef Server

My chef-server.rb:

$ cat /etc/opscode/chef-server.rb
api_fqdn "chef.example.org"
notification_email "chef@example.org"
nginx['enable_non_ssl'] = true
nginx['non_ssl_port'] = "80"

Whenever I try to upload new cookbook I get this error

$ berks upload
Skipping apt (5.0.1) (frozen)
Skipping chef-sugar (3.4.0) (frozen)
Skipping compat_resource (12.19.0) (frozen)
Skipping cron (4.1.3) (frozen)
/opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:345:in `each': task was terminated (Celluloid::Task::TerminatedError)
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:345:in `cleanup'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:329:in `shutdown'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:321:in `handle_crash'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:166:in `rescue in run'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:148:in `run'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:130:in `block in start'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/thread_handle.rb:13:in `block in initialize'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/actor_system.rb:32:in `block in get_thread'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/internal_pool.rb:130:in `block in create'
    from (celluloid):0:in `remote procedure call'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/calls.rb:92:in `value'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/celluloid-0.16.0/lib/celluloid/proxies/sync_proxy.rb:33:in `method_missing'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:55:in `block (2 levels) in upload'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:51:in `each'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:51:in `block in upload'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/ridley-5.1.1/lib/ridley/client.rb:38:in `open'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/ridley-5.1.1/lib/ridley.rb:56:in `open'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf.rb:175:in `ridley_connection'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:50:in `upload'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/uploader.rb:37:in `run'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/berksfile.rb:597:in `upload'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/cli.rb:205:in `upload'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/cli.rb:49:in `dispatch'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/lib/berkshelf/cli.rb:25:in `execute!'
    from /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.2.0/bin/berks:5:in `<top (required)>'
    from /opt/chefdk/bin/berks:263:in `load'
    from /opt/chefdk/bin/berks:263:in `<main>'

At first glance it may look like berkshelf bug, but it seems that in such setup Chef Server generates invalid response to POST /organizations/example/sandboxes request (details below).

All other operations work without issues (knife cookbook list, knife node list, etc)

Expected Behavior

Chef Server should work properly and allow cookbook uploads if it's configured as outlined above.

Current Behavior

berks upload triggers a bunch of HTTP requests

10.15.0.5 - - [21/Jul/2017:16:15:59 -0400] "GET /organizations/example/cookbooks/apt/5.0.1 HTTP/1.1" 200 7942 "-" "Ridley v5.1.1"
10.15.0.5 - - [21/Jul/2017:16:15:59 -0400] "GET /organizations/example/cookbooks/chef-sugar/3.4.0 HTTP/1.1" 200 1221 "-" "Ridley v5.1.1"
10.15.0.5 - - [21/Jul/2017:16:16:00 -0400] "GET /organizations/example/cookbooks/compat_resource/12.19.0 HTTP/1.1" 200 6074 "-" "Ridley v5.1.1"
10.15.0.5 - - [21/Jul/2017:16:16:00 -0400] "GET /organizations/example/cookbooks/cron/4.1.3 HTTP/1.1" 200 3569 "-" "Ridley v5.1.1"
10.15.0.5 - - [21/Jul/2017:16:16:00 -0400] "POST /organizations/example/sandboxes HTTP/1.1" 201 2885 "-" "Ridley v5.1.1"

The last one seems to be crucial in this case. Here's raw HTTP response

Headers

HTTP/1.1 201 Created
Server: openresty/1.11.2.1
Date: Sun, 21 Jul 2017 20:16:01 GMT
Content-Type: application/json
Content-Length: 2885
Connection: keep-alive
X-Ops-Server-API-Version: {"min_version":"0","max_version":"1","request_version":"0","response_version":"0"}
X-Ops-API-Info: flavor=cs;version=12.0.0;oc_erchef=12.15.7+20170619072446
Location: http://chef.example.org/organizations/example/sandboxes/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Body

{
  "sandbox_id":"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
  "uri":"https://chef.example.org:80/organizations/example/sandboxes/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
   ...
}

uri is set to https://chef.example.org:80, which is incorrect (wrong port) and most probably that's the reason why berks fails

Steps to Reproduce

  1. Configure Chef Server as presented above
  2. Try to upload any new cookbook using berks upload command

Your Environment

Related issues

It seems to be related/partially related to #50 and #662

jwadolowski commented 7 years ago

As an interim solution I set nginx['enable_non_ssl'] = false, run chef-server-ctl reconfigure and updated my Apache config to use HTTPS proxy instead of plain HTTP one:

User <== (HTTPS) ==> ELB <== (HTTP) ==> Apache <== (HTTPS) ==> Chef Server