Chef Server Version

Chef-server = 14.16.19

Platform Details

The new chef 14 installation is done for Amazon Linux 2 system

Configuration

It is standalone machine and doing fresh install in Amazon Linux with FIPS enabled. Please find the chef-server.rb file

chef-server.rb

postgresql['external'] = true fips = true api_version = '14.16.19' postgresql['enable'] = true postgresql['sslmode'] = 'require' postgresql['db_superuser'] = 'postgres' postgresql['db_superuser_password'] = '***' postgresql['vip'] = 'devchf975srv2.cyokjaytsehc.ap-southeast-2.rds.amazonaws.com' bookshelf['enable'] = true bookshelf['vip'] = 's3-ap-southeast-2.amazonaws.com'

bookshelf['url'] = 'http://127.0.0.1:4321'

bookshelf['listen'] = '127.0.0.1' bookshelf['port'] = '4321' bookshelf['external_url'] = 'https://s3-ap-southeast-2.amazonaws.com' bookshelf['access_key_id'] = '*' bookshelf['secret_access_key'] = '***' opscode_erchef['s3_bucket'] = 'devchf975chef.**' nginx['server_name'] = 'chef.**' nginx['ssl_company_name'] = '*' nginx['ssl_email_address'] = 'ops12@****' nginx['ssl_locality_name'] = 'San Francisco' nginx['ssl_state_name'] = 'CA' nginx['url'] = 'https://127.0.0.1' nginx['ssl_certificate'] = '/etc/ssl/certs/webserver.cert.pem' nginx['ssl_certificate_key'] = '/etc/ssl/priv/webserver.key.pem' nginx['ssl_protocols'] = 'TLSv1.2' nginx['ssl_ciphers'] = 'EECDH+E

Scenario

[What you are trying to achieve and you can't?] We are installing chef 14 in FIPS enabled in Amazon linux 2 .Post installation and running the chef-server-ctl test we are using unit test case are failing when it needs to delete cookbook from S3.

Steps to Reproduce

We need to install Chef 14 in FIPS enabled Amazon Linux 2 systmem

[If you are filing an issue what are the things we need to do in order to repro your problem? How are you using this cookbook or any resources it includes?]

Expected Result

We are expecting that chef-server-ctl test would be passing in all unit test case and also we should also be able to pust new cookbooks in remote s3 bucket(bookshelf)

Actual Result

we are not able to push new cookbooks to remote s3 location . error noticed are given below . 1) Cookbook Artifacts API endpoint API v0 behaves like deletes cookbook artifacts DELETE /cookbook_artifacts// for existing cookbooks when deleting existent version of an existing cookbook should cleanup unused checksum data in s3/bookshelf Failure/Error: raise "bad response code #{response.code} in response: #{response}"

 RuntimeError:
   bad response code 500 in response: {"error":["internal service error"]}
 Shared Example Group: "deletes cookbook artifacts" called from ./spec/api/cookbook_artifacts/delete_spec.rb:196
 # ./lib/pedant/rspec/common.rb:429:in `ensure_2xx'
 # ./lib/pedant/rspec/cookbook_util.rb:65:in `commit_sandbox'
 # ./lib/pedant/rspec/cookbook_util.rb:74:in `upload_files_to_sandbox'
 # ./lib/pedant/rspec/cookbook_util.rb:287:in `make_cookbook_artifact_with_recipes'
 # ./spec/api/cookbook_artifacts/delete_spec.rb:109:in `block (6 levels) in <top (required)>'

2) Cookbook Artifacts API endpoint API v2 behaves like deletes cookbook artifacts DELETE /cookbook_artifacts// for existing cookbooks when deleting existent version of an existing cookbook should cleanup unused checksum data in s3/bookshelf Failure/Error: raise "bad response code #{response.code} in response: #{response}"

 RuntimeError:
   bad response code 500 in response: {"error":["internal service error"]}
 Shared Example Group: "deletes cookbook artifacts" called from ./spec/api/cookbook_artifacts/delete_spec.rb:200
 # ./lib/pedant/rspec/common.rb:429:in `ensure_2xx'
 # ./lib/pedant/rspec/cookbook_util.rb:65:in `commit_sandbox'
 # ./lib/pedant/rspec/cookbook_util.rb:74:in `upload_files_to_sandbox'
 # ./lib/pedant/rspec/cookbook_util.rb:287:in `make_cookbook_artifact_with_recipes'
 # ./spec/api/cookbook_artifacts/delete_spec.rb:109:in `block (6 levels) in <top (required)>'

chef / chef-server

chef-server-ctl test in failing in FIPS enabled Amazon Linux 2 system. #3398