supermarket icon indicating copy to clipboard operation
supermarket copied to clipboard

Published 20 hours ago verified publisher icon chef

Open Resty oc_id error when redirected to chef server

Open hh opened this issue 8 years ago • 6 comments

I'm running chef-server-core 12.1.2 and supermarket 1.12.0-alpha.0

https://supermarket.internalcompany.com/sign-in redirects me to https://chef.internalcompany.com/id/oauth/authorize?client_id=3b4d28436d2702606b65f0d568957a777815ee956e06d0e50c926bf142fe4852&redirect_uri=https%3A%2F%2Fsupermarket.internalcompany.com%2Fauth%2Fchef_oauth2%2Fcallback&response_type=code&state=ee950496273c964c24e7d9c2fee2f017150f14cee821372e

Which gives a 502 Bad Gateway openresty/1.7.10.1 error.

What should I do to track down the error?

[root@chef ~]# cat /etc/opscode/chef-server.rb 
oc_id['applications'] = {
  'supermarket' => {
    'redirect_uri' => 'https://supermarket.internalcompany.com/auth/chef_oauth2/callback'
  }
}

[root@chef ~]# cat /etc/opscode/oc-id-applications/supermarket.json 
{
  "name": "supermarket",
  "uid": "3b4d28436d2702606b65f0d568957a777815ee956e06d0e50c926bf142fe4852",
  "secret": "ZZZf938b281XXXXeee7b3467YYY",
  "redirect_uri": "https://supermarket.internalcompany.com/auth/chef_oauth2/callback"
}

[root@supermarket ~]$  cat  /etc/supermarket/supermarket.json
{
  "github_key": "KEYBAR",
  "github_secret": "FOBARBAZ",
  "chef_server_url": "https://chef.internalcompany.com",
  "chef_oauth2_url": "https://chef.internalcompany.com",
  "chef_oauth2_app_id": "3b4d28436d2702606b65f0d568957a777815ee956e06d0e50c926bf142fe4852",
  "chef_oauth2_secret": "FOOBARBAZ",
  "chef_oauth2_verify_ssl": false
}

hh avatar Aug 05 '15 19:08 hh

That is very likely due to a known bug with oc-id and IPv6.

Could you run this command on your chef server (not your supermarket server)? $ss -ontap | grep 9090

And check out whether it is bound to ::1 rather than 127.0.0.1?

If it is, you can either

  1. remove the localhost entry for the IPv6 address
  2. (this is what I would recommend) You can set oc_id['vip'] = 'localhost' in your chef-server.rb then run chef-server-ctl reconfigure

Please let me know if this helps!

nellshamrell avatar Aug 05 '15 23:08 nellshamrell

Here's a full write up of the work around :)

https://gist.github.com/nellshamrell/c4236446b41943a5ea41

nellshamrell avatar Aug 06 '15 20:08 nellshamrell

Closing this for now, let us know if the problem persists.

nellshamrell avatar Aug 10 '15 18:08 nellshamrell

I have the 502 bad gateway error for my supermarket-chef server integration. When I click sign in on supermarket page, it goes to chef server and displays the error.

ss -ontap | grep 9090 ESTAB 0 0 127.0.0.1:11002 127.0.0.1:49090
ESTAB 0 0 127.0.0.1:49090 127.0.0.1:11002

Any idea how to fix this error?

snowtigger avatar Nov 17 '16 00:11 snowtigger

Reopening this so we can take a look :)

nellshamrell avatar Nov 18 '16 18:11 nellshamrell

Hi @snowtigger - what version of Chef server and what version of Supermarket are you running?

nellshamrell avatar Nov 21 '16 18:11 nellshamrell