?Hello all. I’m fairly new to chef, so it’s possible that I’m overlooking something obvious. We have just finished installing and configuring a new chef 12 server version 12.2.1. Initially we were going to upgrade an existing Open Source Chef 11 server, but ran into issues that made upgrade or migration problematic. That’s another story for another time.
We have uploaded the cookbooks from our 11 server to the 12 server and are in the process of testing one of them on a test node. Everything appears to be working as expected except for a problem creating a certificate from an encrypted data bag.
The problem occurs when trying to apply this recipe:
cookbook_file ‘/etc/chef/encrypted_data_bag_secret’ do
owner 'root’
group 'root’
mode 00600
end
certificate_manage ‘wildcard’ do
cert_path "#{node[‘mumail’][‘sysconf’]}/ssl"
cert_file 'wildcard.pem’
key_file 'wildcard.key’
chain_file 'wildcard-bundle.crt’
action :create
not_if { node[‘virtualization’][‘role’] == ‘guest’ && (node[‘virtualization’][‘system’] == ‘lxc’ || node[‘virtualization’][‘system’] == ‘vbox’) }
end
On the chef run we get this:
================================================================================
Error executing action `create` on resource 'certificate_manage[wildcard]'
================================================================================
Net::HTTPServerException
------------------------
401 "Unauthorized"
Cookbook Trace:
---------------
/var/chef/cache/cookbooks/certificate/providers/manage.rb:26:in `block in class_from_file'
Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/mu-mail/recipes/certificate.rb
26: certificate_manage 'wildcard' do
27: cert_path "#{node['mumail']['sysconf']}/ssl"
28: cert_file 'wildcard.pem'
29: key_file 'wildcard.key'
30: chain_file 'wildcard-bundle.crt'
31: action :create
32: not_if { node['virtualization']['role'] == 'guest' && (node['virtualization']['system'] == 'lxc' || node['virtualization']['system'] == 'vbox') }
33: end
Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/mu-mail/recipes/certificate.rb:26:in `from_file'
certificate_manage("wildcard") do
action [:create]
retries 0
retry_delay 2
default_guard_interpreter :default
declared_type :certificate_manage
cookbook_name "mu-mail"
recipe_name "certificate"
cert_path "/etc/postfix/ssl"
cert_file "wildcard.pem"
key_file "wildcard.key"
chain_file "wildcard-bundle.crt"
data_bag_secret "/etc/chef/encrypted_data_bag_secret"
data_bag "certificates"
search_id "wildcard"
not_if { #code block }
end
Any idea what I’m doing wrong?
?
Michael McDade
IT Associate Senior
Marshall University Information Technology
Drinko Library 428K, 1 John Marshall Dr., Huntington, WV 25755
Phone: 304.696.6127