Hello
After successfull chef installation on AWS Ubuntu 12.04 (default instance), chef version chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
When I run
sudo chef-server-ctl test
Receive error <Errno::ECONNRESET: Connection reset by peer - SSL_connect> (full error listing: https://gist.github.com/Houdini/5868356)
I noticed that error is in file
/opt/chef-server/embedded/service/chef-pedant/lib/pedant/opensource/platform.rb:81:in `create_client’
I added puts there, and url is “https://ip-10-0-1-86/clients” that actually is localhost.
And really:
curl https://ip-10-0-1-86/clients
curl: (35) Unknown SSL protocol error in connection to ip-10-0-1-86:443
Any ideas how to fix it?
Thanks
Try openssl s_client -connect ip-10-0-1-86:443 and curl http://ip-10-0-1-86:443/clients' to see if it's actually just serving HTTP (non-TLS/SSL traffic) on port 443.
On Thursday, June 27, 2013 at 12:49 AM, Dmitrii Golub wrote:
Hello
After successfull chef installation on AWS Ubuntu 12.04 (default instance), chef version chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
When I run
sudo chef-server-ctl test
Receive error <Errno::ECONNRESET: Connection reset by peer - SSL_connect> (full error listing: run_chef_test.sh · GitHub)
I noticed that error is in file
/opt/chef-server/embedded/service/chef-pedant/lib/pedant/opensource/platform.rb:81:in `create_client'
I added puts there, and url is "https://ip-10-0-1-86/clients" that actually is localhost.
And really:
curl https://ip-10-0-1-86/clients
curl: (35) Unknown SSL protocol error in connection to ip-10-0-1-86:443
Any ideas how to fix it?
Thanks
Really there are no certificates installed
ubuntu@ip-10-0-1-86:~$ openssl s_client -connect ip-10-0-1-86:443
CONNECTED(00000003)
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 226 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
Nginx config use two:
ssl_certificate /var/opt/chef-server/nginx/ca/ip-10-0-1-86.crt;
ssl_certificate_key /var/opt/chef-server/nginx/ca/ip-10-0-1-86.key;
I am not good in certificates, really. As I understand openssl can't find peer certificate. Where it's locates and how to make linux use it by default. Moreover, other clients should use that custom certificate. Right?
Things become hard
On Jun 27, 2013, at 9:41 PM, Daniel Condomitti daniel@condomitti.com wrote:
Try openssl s_client -connect ip-10-0-1-86:443 and curl http://ip-10-0-1-86:443/clients' to see if it's actually just serving HTTP (non-TLS/SSL traffic) on port 443.
On Thursday, June 27, 2013 at 12:49 AM, Dmitrii Golub wrote:
Hello
After successfull chef installation on AWS Ubuntu 12.04 (default instance), chef version chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
When I run
sudo chef-server-ctl test
Receive error <Errno::ECONNRESET: Connection reset by peer - SSL_connect> (full error listing: run_chef_test.sh · GitHub)
I noticed that error is in file
/opt/chef-server/embedded/service/chef-pedant/lib/pedant/opensource/platform.rb:81:in `create_client'
I added puts there, and url is "https://ip-10-0-1-86/clients" that actually is localhost.
And really:
curl https://ip-10-0-1-86/clients
curl: (35) Unknown SSL protocol error in connection to ip-10-0-1-86:443
Any ideas how to fix it?
Thanks
Funny thing
ubuntu@ip-10-0-1-86:/etc$ ps ax | grep nginx
7352 ? Ss 1:18 runsv nginx
7353 ? S 0:26 svlogd -tt /var/log/chef-server/nginx
26862 pts/0 T 0:00 sudo vim /var/opt/chef-server/nginx/etc/chef_https_lb.conf
26863 pts/0 T 0:00 vim /var/opt/chef-server/nginx/etc/chef_https_lb.conf
32048 ? Ss 0:00 /opt/chef-server/embedded/sbin/nginx -c /var/opt/chef-server/nginx/etc/nginx.conf
32050 pts/0 S+ 0:00 grep --color=auto nginx
As you can see there are no master nginx process. I didm' t notice this as problem, however, when I reboot instance everything works again:
ubuntu@ip-10-0-1-86:~$ ps ax | grep nginx
755 ? Ss 0:00 runsv nginx
766 ? S 0:00 svlogd -tt /var/log/chef-server/nginx
768 ? Ss 0:00 nginx: master process /opt/chef-server/embedded/sbin/nginx -c /var/opt/chef-server/nginx/etc/nginx.conf
814 ? S 0:03 nginx: worker process
815 ? S 0:00 nginx: cache manager process
1577 pts/1 S+ 0:00 grep --color=auto nginx
So I suppose, that it's error in initial chef recipe, in nginx section, it doesn't start nginx.
Any way thanks for help
On Jun 28, 2013, at 1:46 PM, Dmitrii Golub dmitrii.golub@me.com wrote:
Really there are no certificates installed
ubuntu@ip-10-0-1-86:~$ openssl s_client -connect ip-10-0-1-86:443
CONNECTED(00000003)
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 226 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
Nginx config use two:
ssl_certificate /var/opt/chef-server/nginx/ca/ip-10-0-1-86.crt;
ssl_certificate_key /var/opt/chef-server/nginx/ca/ip-10-0-1-86.key;
I am not good in certificates, really. As I understand openssl can't find peer certificate. Where it's locates and how to make linux use it by default. Moreover, other clients should use that custom certificate. Right?
Things become hard
On Jun 27, 2013, at 9:41 PM, Daniel Condomitti daniel@condomitti.com wrote:
Try openssl s_client -connect ip-10-0-1-86:443 and curl http://ip-10-0-1-86:443/clients' to see if it's actually just serving HTTP (non-TLS/SSL traffic) on port 443.
On Thursday, June 27, 2013 at 12:49 AM, Dmitrii Golub wrote:
Hello
After successfull chef installation on AWS Ubuntu 12.04 (default instance), chef version chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
When I run
sudo chef-server-ctl test
Receive error <Errno::ECONNRESET: Connection reset by peer - SSL_connect> (full error listing: run_chef_test.sh · GitHub)
I noticed that error is in file
/opt/chef-server/embedded/service/chef-pedant/lib/pedant/opensource/platform.rb:81:in `create_client'
I added puts there, and url is "https://ip-10-0-1-86/clients" that actually is localhost.
And really:
curl https://ip-10-0-1-86/clients
curl: (35) Unknown SSL protocol error in connection to ip-10-0-1-86:443
Any ideas how to fix it?
Thanks