Kitchen converge returns OpenSSL::SSL::SSLError: SSL_connect

darknight · May 16, 2016, 3:13pm

Hi,
I was trying to run kitchen converge while using test-kitchen with my role mentioned in run_list with chef_solo as my provisioner .This leads me to an error with OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed. But, If am using chef_zero as my provisioner,I don't receive that error for the same role. can any one help me understand what could I be doing wrong while using chef_solo as my provisioner, as compared to chef_zero for this error. I also checked if I have an openssl gem installed and it looks like i didn't have it. Is that something i need to install and configure before doing my testing. I was also setting ssl_verify_mode to none in my kitchen.yml.

Chef Development Kit Version: 0.12.0 chef-client version: 12.8.1 berks version: 4.3.0 kitchen version: 1.6.0

test_role:

{
  "name": "test_role",
  "json_class": "Chef::Role",
  "description": "testing roles",
  "run_list": ["recipe[JMSP_Tomcat_AppServer_Provision]", 
  "recipe[newrelic]"]
}

kitchen.yml:

  provisioner:
  name: chef_solo
  client_rb:
    ssl_verify_mode: :verify_none
    verify_api_cert: false

Logs:

2016-05-16T09:59:35.689217 #18785] INFO -- default-rhel-67: [2016-05-16T10:58:46-04:00] ERROR: remote_file[/prod/msp/mspcert/mspcert.jks] (007_JavaMSP_AppServer_Configuration::install_mspcert line 10) had an error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
I, [2016-05-16T09:59:35.743126 #18785] INFO -- default-rhel-67: [2016-05-16T10:58:46-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

jdunn · May 16, 2016, 3:39pm

Chef Solo does not use the client.rb hence your directive of ssl_verify_mode: :verify_none is being ignored.

nclemons · May 16, 2016, 4:16pm

From the sounds of it, the error is actually coming from your remote_file resource, not chef-solo / chef-zero, as they do not use a Chef server.

Nathan Clemons
DevOps Engineer
Moxie Cloud Services (MCS)

O +1.425.467.5075
M +1.360.861.6291
E nclemons@gomoxie.com
W www.gomoxie.com http://www.gomoxie.com/

darknight · May 23, 2016, 8:35pm

@jdunn, I have tried to run kitchen converge by removing the values listed under client.rb, but it still doesn’t seemed to succeed when trying to test…unfortunately.

darknight · May 23, 2016, 8:39pm

@nclemons,
Thanks for looking into it. I observed that we have an internal ssl certificate, that might be causing the kitchen converge to fail, but how do I refer the ssl file abc.pem that i have downloaded locally in my kitchen.yml . Is that to be placed under “/opt/chefdk/embedded/ssl/certs/” or a different location and refer later.please advise, this is my first time working with ssl certificates through my kitchen.yml.Thanks

darknight · May 25, 2016, 6:15pm

I was able to resolve this issue with the SSL certificate by downloading our SSL certificate and adding it to /opt/chefdk/embedded/ssl/certs/cacert.pem on an ec2 instance after kitchen create and then did kitchen converge.But, I would like to know if there is a way to set an ENV for the CERT_FILE and refer that in kitchen.yml so that we need not login to the instance every time and copy the file.Any suggestions in this approach.thanks

Topic		Replies	Views
[RESOLVED] Kitchen converge "certificate verify failed" error in chef tutorials Chef Infra (archive)	1	2787	April 12, 2017
Test Kitchen SSL error during Chef Client install Chef Infra (archive)	4	2079	November 24, 2017
Kitchen-Verify causing SSL: certificate verification failure Chef Infra (archive)	3	3105	April 14, 2016
Kitchen converge failing with ssl error Chef Infra (archive)	15	5614	April 14, 2017
OpenSSL::SSL::SSLError Chef Infra (archive)	4	1306	September 30, 2016

Kitchen converge returns OpenSSL::SSL::SSLError: SSL_connect

Related Topics