API problem after upgrade


#1

Ohai,

I was using Chef 12.0, and I have several app who interacts with Chef
Server.

After the upgrade to Chef 12.2, all of them stopped to work.

  • First question: Is possible to do rollback?

I did one backup using “knife backup export” before the upgrade, but I’m
not sure about the several changes in database.

  • Second question: Is this issue related to API v1 from Chef 12.1?

Changelog says:
API v1 now available / API v0 deprecated

The error is:

Caused by: org.jclouds.http.HttpResponseException:
java.lang.RuntimeException: Could not generate DH keypair connecting to GET
https://chef.org.com/organizations/myorg/users/myuser HTTP/1.1

java.security.InvalidAlgorithmParameterException: Prime size must be
multiple of 64, and can only range from 512 to 1024

In the practice mode, what should I change to work with Chef 12.2?

Thanks a lot!


– Tiago Cruz


#2

Tiago,

From the error message, it appears that your client library is
incompatible with the 2048 bit dhparam that we now generate in Chef
Server. You can get around this by either providing your own dhapram
file:

nginx['ssl_dhparam'] = /path/to/file

or by deleting

/var/opt/opscode/nginx/ca/dhparams.pem

setting

nginx['dhparam_key_length'] = 1024

and running chef-server-ctl reconfigure.

Cheers,

Steven

On Fri, Sep 18, 2015 at 9:48 PM, Tiago Cruz tiago.tuxkiller@gmail.com wrote:

Ohai,

I was using Chef 12.0, and I have several app who interacts with Chef
Server.

After the upgrade to Chef 12.2, all of them stopped to work.

  • First question: Is possible to do rollback?

I did one backup using “knife backup export” before the upgrade, but I’m not
sure about the several changes in database.

  • Second question: Is this issue related to API v1 from Chef 12.1?

Changelog says:
API v1 now available / API v0 deprecated

The error is:

Caused by: org.jclouds.http.HttpResponseException:
java.lang.RuntimeException: Could not generate DH keypair connecting to GET
https://chef.org.com/organizations/myorg/users/myuser HTTP/1.1

java.security.InvalidAlgorithmParameterException: Prime size must be
multiple of 64, and can only range from 512 to 1024

In the practice mode, what should I change to work with Chef 12.2?

Thanks a lot!


– Tiago Cruz


#3

Hello Steven,

Very accurate tip, as always. Many thanks, this solved my problem with Java
1.6 legacy apps. This problem does not occur with Java 1.7+ and Python 2.6+.

To help future guys, the correct file is now /etc/opscode/chef-server.rb
and NOT /etc/chef-server/chef-server.rb :slight_smile:

Thanks a lot!

On Sun, Sep 20, 2015 at 2:38 PM, Steven Danna steve@chef.io wrote:

Tiago,

From the error message, it appears that your client library is
incompatible with the 2048 bit dhparam that we now generate in Chef
Server. You can get around this by either providing your own dhapram
file:

nginx['ssl_dhparam'] = /path/to/file

or by deleting

/var/opt/opscode/nginx/ca/dhparams.pem

setting

nginx['dhparam_key_length'] = 1024

and running chef-server-ctl reconfigure.

Cheers,

Steven

On Fri, Sep 18, 2015 at 9:48 PM, Tiago Cruz tiago.tuxkiller@gmail.com
wrote:

Ohai,

I was using Chef 12.0, and I have several app who interacts with Chef
Server.

After the upgrade to Chef 12.2, all of them stopped to work.

  • First question: Is possible to do rollback?

I did one backup using “knife backup export” before the upgrade, but I’m
not
sure about the several changes in database.

  • Second question: Is this issue related to API v1 from Chef 12.1?

Changelog says:
API v1 now available / API v0 deprecated

The error is:

Caused by: org.jclouds.http.HttpResponseException:
java.lang.RuntimeException: Could not generate DH keypair connecting to
GET
https://chef.org.com/organizations/myorg/users/myuser HTTP/1.1

java.security.InvalidAlgorithmParameterException: Prime size must be
multiple of 64, and can only range from 512 to 1024

In the practice mode, what should I change to work with Chef 12.2?

Thanks a lot!


– Tiago Cruz


– Tiago Cruz