chef-provisioning-docker icon indicating copy to clipboard operation
chef-provisioning-docker copied to clipboard

Published 20 hours ago verified publisher icon chef-boneyard

OpenSSL::SSL::SSLError:

Open marcusl33beach opened this issue 9 years ago • 3 comments

While running the default recipe in my dev environment I run into the chef error listed below. This error is because I am using a untrusted cert with the chef server. I am attempting to pass the ":ssl_verify_mode => 'verify_none'" to the knife.rb file of the docker container. I believe I am doing this correctly, so this could be a bug. However, It could be something I miss configuration.

Recipe I am using

require "chef/provisioning/docker_driver"
with_driver "docker"

machine 'Workstation' do
    recipe 'chef-dk::default'

    machine_options :docker_options => {
      :base_image => {
          :name => 'ubuntu',
          :repository => 'ubuntu',
          :tag => '14.04'
      }
    },
    :convergenc_options => {
      :ssl_verify_mode => 'verify_none'
    }
end

Error I am getting

================================================================================
    Error executing action `converge` on resource 'machine[Workstation]'
    ================================================================================

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    Expected process to exit with [0], but received '1'
    ---- Begin output of docker run --name Workstation 702a3a1b8f2a92896f5a84381c3958c7fcee10840650ad67dec8e14fdc8b0bf2 chef-client -l info ----
    STDOUT: [2015-04-30T01:23:54+00:00] INFO: Forking chef instance to converge...
    [2015-04-30T01:23:54+00:00] INFO: *** Chef 12.3.0 ***
    [2015-04-30T01:23:54+00:00] INFO: Chef-client pid: 10
    [2015-04-30T01:23:55+00:00] ERROR: SSL Validation failure connecting to host: docker-01 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

    ================================================================================
    Chef encountered an error attempting to load the node data for "Workstation"
    ================================================================================

    Unexpected Error:
    -----------------
    OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

    [2015-04-30T01:23:55+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
    [2015-04-30T01:23:55+00:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
    [2015-04-30T01:23:55+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
    STDERR:
    ---- End output of docker run --name Workstation 702a3a1b8f2a92896f5a84381c3958c7fcee10840650ad67dec8e14fdc8b0bf2 chef-client -l info ----
    Ran docker run --name Workstation 702a3a1b8f2a92896f5a84381c3958c7fcee10840650ad67dec8e14fdc8b0bf2 chef-client -l info returned 1

    Resource Declaration:
    ---------------------
    # In /var/chef/cache/cookbooks/Chef-Provisioner-Docker-Cookbook/recipes/workstation.rb

     11: machine 'Workstation' do
     12:     recipe 'chef-dk::default'
     13:
     14:     machine_options :docker_options => {
     15:       :base_image => {
     16:           :name => 'ubuntu',
     17:           :repository => 'ubuntu',
     18:           :tag => '14.04'
     19:       }
     20:     },
     21:     :convergenc_options => {
     22:       :ssl_verify_mode => 'verify_none'
     23:     }
     24: end

    Compiled Resource:
    ------------------
    # Declared in /var/chef/cache/cookbooks/Chef-Provisioner-Docker-Cookbook/recipes/workstation.rb:11:in `from_file'

    machine("Workstation") do
      action :converge
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      chef_server {:chef_server_url=>"https://docker-01/organizations/marcusbeach", :options=>{:client_name=>"docker-01", :signing_key_filename=>"/etc/chef/client.pem"}}
      driver "docker"
      machine_options {:docker_options=>{:base_image=>{:name=>"ubuntu", :repository=>"ubuntu", :tag=>"14.04"}}, :convergenc_options=>{:ssl_verify_mode=>"verify_none"}}
      declared_type :machine
      cookbook_name "Chef-Provisioner-Docker-Cookbook"
      recipe_name "workstation"
      run_list_modifiers [#<Chef::RunList::RunListItem:0x00000004c71c90 @version=nil, @type=:recipe, @name="chef-dk::default">]
    end

[2015-04-29T21:23:55-04:00] INFO: Running queued delayed notifications before re-raising exception

Running handlers:
[2015-04-29T21:23:55-04:00] ERROR: Running exception handlers
Running handlers complete
[2015-04-29T21:23:55-04:00] ERROR: Exception handlers complete
[2015-04-29T21:23:55-04:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
Chef Client failed. 1 resources updated in 13.763251552 seconds
[2015-04-29T21:23:56-04:00] ERROR: machine[Workstation] (Chef-Provisioner-Docker-Cookbook::workstation line 11) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of docker run --name Workstation 702a3a1b8f2a92896f5a84381c3958c7fcee10840650ad67dec8e14fdc8b0bf2 chef-client -l info ----
STDOUT: [2015-04-30T01:23:54+00:00] INFO: Forking chef instance to converge...
[2015-04-30T01:23:54+00:00] INFO: *** Chef 12.3.0 ***
[2015-04-30T01:23:54+00:00] INFO: Chef-client pid: 10
[2015-04-30T01:23:55+00:00] ERROR: SSL Validation failure connecting to host: docker-01 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

================================================================================
Chef encountered an error attempting to load the node data for "Workstation"
================================================================================

Unexpected Error:
-----------------
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

[2015-04-30T01:23:55+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2015-04-30T01:23:55+00:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
[2015-04-30T01:23:55+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
STDERR:
---- End output of docker run --name Workstation 702a3a1b8f2a92896f5a84381c3958c7fcee10840650ad67dec8e14fdc8b0bf2 chef-client -l info ----
Ran docker run --name Workstation 702a3a1b8f2a92896f5a84381c3958c7fcee10840650ad67dec8e14fdc8b0bf2 chef-client -l info returned 1
[2015-04-29T21:23:56-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

marcusl33beach avatar Apr 30 '15 01:04 marcusl33beach

Just checking, have you tried with :convergence_options rather than :convergenc_options

stuartpreston avatar Apr 30 '15 03:04 stuartpreston

Good call, but yes I have. Here is another example of some testing. I am wishing this to be a typo or something simple.

machine 'dhcp1' do
    recipe 'dhcp::default'

    machine_options :docker_options => {
      :base_image => {
          :name => 'ubuntu',
          :repository => 'ubuntu',
          :tag => '14.04'
      }
    },
      :convergence_options => {
        :ssl_verify_mode => 'verify_none'
      }
    end
  end

I have also tried:

machine 'dhcp1' do
    recipe 'dhcp::default'

    machine_options :docker_options => {
      :base_image => {
          :name => 'ubuntu',
          :repository => 'ubuntu',
          :tag => '14.04'
      },
       :convergence_options => {
        :ssl_verify_mode => 'verify_none'
      }
    }
    end
  end

marcusl33beach avatar Apr 30 '15 12:04 marcusl33beach

I was able to get over this hurdle by adding the cert to the container from the provisioning node's chef directory. It'd be nice if it bootstrapped that by itself.

file '/etc/chef/trusted_certs/server1', '/etc/chef/trusted_certs/server1.crt'

mickfeech avatar Nov 11 '15 15:11 mickfeech