Chef-Vault and 160+ nodes gives errors via Terraform Creation

almcculloch · May 23, 2018, 2:41pm

So we’ve got a terraform that bootstraps up 160+ nodes, those nodes get added to a chef-vault client list. The nodes have admin access to the vault. However we get the following error intermittently during the run.
ERROR: Chef::EncryptedDataBagItem::DecryptionFailure: Error decrypting data bag value:

But when we say taint one node, or just a few nodes it works. Has anyone dealt with something similar and solved? Its been a head scratcher for awhile.

Thanks in advance

thommay · May 23, 2018, 3:14pm

You can get race conditions if many nodes are being bootstrapped (and hence all writing to the data bag) at once. Chef Vault sparse mode would solve this but I’m not sure terraform has implemented that yet.

almcculloch · May 23, 2018, 3:16pm

I’ll do some digging on that right now and see. Thank you for the info, I’ll keep you posted.

Topic		Replies	Views
Chef vault creation Chef Infra (archive)	10	1275	November 16, 2017
chef12 encrypted data bags - any changes / benefits against chef11? Chef Infra (archive)	2	560	February 8, 2016
Knife vault create works, but getting Chef::EncryptedDataBagItem::DecryptionFailure Chef Infra (archive)	2	747	June 15, 2020
Data Bag Secret Key Strategy with Chef-Solo Feedback Chef Infra (archive)	0	278	February 13, 2014
Databag Encryption Chef Infra (archive)	6	478	July 11, 2018

Chef-Vault and 160+ nodes gives errors via Terraform Creation

Related Topics