Getting 404 on chef show-policy


I’m now playing around with Policyfiles. I managed to push a policy to our Chef Server and use it from a chef-client like this:

% cat first-policy.json
{ "policy_name": "my-server", "policy_group": "production" }
% sudo chef-client -j ./first-policy.json # This runs fine

But I just noticed that chef show-policy gives me 404.

% chef show-policy my-server production
Error: No policyfile lock named 'my-server' found in policy_group 'production' at https://chef.<our domain>
Reason: (Net::HTTPServerException) HTTP 404 Not Found: <!DOCTYPE html>
<html xmlns="">
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
  <title>Chef - 404 Not Found</title>
  <link media="all" rel="stylesheet" type="text/css" href="/css/all.css" />
  <!--[if lt IE 7]><link rel="stylesheet" type="text/css" href="/css/lt7.css" /><![endif]-->
  <div class="header-block">
    <div id="header">
      <strong class="logo"><a href="">Chef</a></strong>
  <div id="wrapper">
    <div id="main">
      <div class="mybox">
        <div id="content">
          <h1>404 - Not Found</h1>
          <p>Sorry, I can't find what you are looking for.</p>
  <div class="footer-block">
    <div id="footer">
      <div class="mybox">
      <div class="footer-bottom">
        <span>&copy; 2010&thinsp;&ndash;&thinsp;2017 Chef Software, Inc. All Rights Reserved</span>

My config.rb looks like this.

log_level                :info
log_location             STDOUT
node_name                'maoe'
client_key               '/home/maoe/.chef/maoe.pem'
chef_server_url          'https://chef.<our domain>'
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path %w(
ssl_verify_mode :verify_peer
use_policyfile true
policy_document_native_api false
versioned_cookbooks true

client.rb on the machine chef-client runs has the following settings:

use_policyfile true
policy_document_native_api false
versioned_cookbooks true
deployment_group 'my-server-production'

Does anyone see what’s wrong?

I’m using Chef DK 1.3.43 with Chef Server 12.15.7

Chef Development Kit Version: 1.3.43
chef-client version: 12.19.36
delivery version: master (dd319aa632c2f550c92a2172b9d1226478fea997)
berks version: 5.6.4
kitchen version: 1.16.0
% cat /opt/opscode/version-manifest.txt | grep chef-server
chef-server 12.15.7

This isn’t related but you should use the default setting of policy_document_native_api true–your server is new enough to support it and things will work better. With policy_document_native_api false policies are stored as data bags and there’s other ugly workarounds used for other features. IIRC commands like chef show-policy don’t actually support policy_document_native_api false anyway.

In addition to that, though, you have some issue with the nginx configuration–it should not be returning the html 404 page. chef-server-ctl reconfigure might clear it up, but otherwise you’ll have to dig in to the nginx logs to get some more insight into what’s going on.

Thanks for the input.

Actually if I set policy_documet_native_api true, I get 404 even for chef push. I recently did chef-server-ctl reconfigure though. I’ll dig into the nginx logs.