Chef-2944


#1

Sending on behalf of Joan Touzet:

Hey everyone, long time listener, first time caller here. :wink:

I’ve been stymied by this issue for a while:http://tickets.opscode.com/browse/CHEF-2944 Long story short, a pernicious Ruby bug means that if you talk to chef-server via SSL, you can end up hanging chef-client forever. The gory details are in the ticket.

Thoughts I have heard for fixing it include a monkey-patch (but what about Ruby 2.0?) and “not running chef over https” which is, unfortunately, not an option.

What else could be done, if anything?


Joshua Timberman


#2

If I understand the issue correctly – it sounds like the blocking issue
is caused by insufficient entropy in /dev/random.

Despite the security implications – Is it possible to force use of
urandom on Linux?

-Ryan H.

On 05/24/2013 10:06 AM, Joshua Timberman wrote:

Sending on behalf of Joan Touzet:

Hey everyone, long time listener, first time caller here. :wink:

I’ve been stymied by this issue for a
while:http://tickets.opscode.com/browse/CHEF-2944 Long story short, a
pernicious Ruby bug means that if you talk to chef-server via SSL, you
can end up hanging chef-client forever. The gory details are in the
ticket.

Thoughts I have heard for fixing it include a monkey-patch (but what
about Ruby 2.0?) and “not running chef over https” which is,
unfortunately, not an option.

What else could be done, if anything?


Joshua Timberman

This electronic message contains information which may be confidential or privileged. The information is intended for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us by e-mail at (postmaster@rapid7.com) immediately.