(RESOLVED)Error Unauthorized 401 with audit cookbook (version 4.1.1) and automate 1.5


#1

Hi,
My Name is Giuseppe.

My problem how to use correctly the cookbook audit 4.1.1 in my automate 1.5(installed with opsworks).

When I try to upload my cookbook I’ve get a 401. I’ve also check the time on my servers (it’s the same).

I’ve understood that the problem maybe is a token but I don’t undertand how to fix it.

this is error:
[2017-08-01T05:29:14+00:00] ERROR: 401 “Unauthorized” (Net::HTTPServerException)

the default recipe only call the audit::default. not of all,

my default attribute are:

default[‘audit’][‘fetcher’] = 'chef-server-automate’
default[‘audit’][‘reporter’] = ‘chef-server-automate’

default[‘audit’][‘profiles’] = [
{
name: ‘Linux Baseline’,
compliance: ‘admin/linux-baseline’,
},
]

I’ve tried to follow this guide

Can one some help me:slight_smile:?

PS: the problem is only with the audit cookbook. the other ones works correctly
Giuseppe


#2

someone can help me?
this my first check with audit and I dont’ know what I’m wrong


#3

I believe that this is a bug in the Opsworks and/or Marketplace version of Automate, or more probably a glitch in the upgrade process to the 1.5.46 version due at least in part due to the non standard configuration of these offerings having the Chef Server and the Automate Server consolidated onto a single EC2 Instance.

I hace a ticket open with support and can post an update once we have the resolution, but it has been a couple of days and we are still working on it.


#4

thanks
more details:

==> /var/log/delivery/nginx/delivery.access.log <==
10.0.3.123 - - [01/Aug/2017:18:06:34 +0000] “GET /organizations/default/nodes/mynode-01 HTTP/1.1” 200 “0.010” 9857 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:8443” “200” “0.010” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:34Z” “2jmj7l5rSw0yVb/vlWAYkK/YBwk=” 1087
10.0.3.123 - - [01/Aug/2017:18:06:34 +0000] “POST /organizations/default/reports/nodes/mynode-01/runs HTTP/1.1” 404 “0.002” 558 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:8443” “404” “0.001” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:34Z” “lVFdFai988IzQvotNvs6O5lM72U=” 1302
127.0.0.1 - - [01/Aug/2017:18:06:34 +0000] “POST /data-collector/v0/ HTTP/1.0” 204 “0.002” 0 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:9611” “204” “0.002” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:34Z” “SYKqkeGpYohWhLaW0PSAe5ohzuE=” 1655
10.0.3.123 - - [01/Aug/2017:18:06:34 +0000] “POST /organizations/default/data-collector HTTP/1.1” 204 “0.009” 0 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:8443” “204” “0.008” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:34Z” “SYKqkeGpYohWhLaW0PSAe5ohzuE=” 1533
10.0.3.123 - - [01/Aug/2017:18:06:34 +0000] “POST /organizations/default/environments/_default/cookbook_versions HTTP/1.1” 200 “0.037” 8767 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:8443” “200” “0.036” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:34Z” “ALmr5u8Gu87EJXdpfzyGgz5x4Kg=” 1228
10.0.3.123 - - [01/Aug/2017:18:06:34 +0000] “GET /organizations/default/required_recipe HTTP/1.1” 200 “0.006” 12042 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:8443” “200” “0.006” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:34Z” “2jmj7l5rSw0yVb/vlWAYkK/YBwk=” 1087
127.0.0.1 - - [01/Aug/2017:18:06:35 +0000] “POST /data-collector/v0/ HTTP/1.1” 401 “0.002” 26 “-” “-” “127.0.0.1:9611” “401” “0.001” “-” “-” “-” “-” “-” 33482
10.0.3.123 - - [01/Aug/2017:18:06:35 +0000] “PUT /organizations/default/nodes/mynode-01 HTTP/1.1” 200 “0.059” 9873 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:8443” “200” “0.058” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:35Z” “C+OKIKoUsWfUF9LqXsyZ0+NrnFc=” 33808
10.0.3.123 - - [01/Aug/2017:18:06:36 +0000] “GET /compliance/organizations/default/owners/admin/compliance/linux-baseline/tar HTTP/1.1” 401 “0.000” 188 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “-” “-” “-” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:36Z” “2jmj7l5rSw0yVb/vlWAYkK/YBwk=” 1125
127.0.0.1 - - [01/Aug/2017:18:06:36 +0000] “POST /data-collector/v0/ HTTP/1.0” 204 “0.002” 0 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:9611” “204” “0.002” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:36Z” “ix+u1fa4nN16kUTk38+FhJWvV/c=” 42756
10.0.3.123 - - [01/Aug/2017:18:06:36 +0000] “POST /organizations/default/data-collector HTTP/1.1” 204 “0.009” 0 “-” “Chef Client/13.2.20 (ruby-2.4.1-p111; ohai-13.2.0; x86_64-linux; +https://chef.io)” “127.0.0.1:8443” “204” “0.008” “13.2.20” “algorithm=sha1;version=1.1;” “mynode-01” “2017-08-01T18:06:36Z” “ix+u1fa4nN16kUTk38+FhJWvV/c=” 42634

==> /var/log/delivery/nginx/es_proxy.access.log <==
127.0.0.1 - - [01/Aug/2017:18:06:35 +0000] “POST /elasticsearch//_bulk HTTP/1.1” 200 “0.005” 202 “-” “Manticore 0.6.0” “127.0.0.1:9200” “200” “0.005” “-” “-” “-” “-” “-” 778
127.0.0.1 - - [01/Aug/2017:18:06:35 +0000] “POST /elasticsearch//_bulk HTTP/1.1” 200 “0.014” 201 “-” “Manticore 0.6.0” “127.0.0.1:9200” “200” “0.014” “-” “-” “-” “-” “-” 729
127.0.0.1 - - [01/Aug/2017:18:06:35 +0000] “POST /elasticsearch/_bulk HTTP/1.1” 200 “0.011” 197 “-” “-” “127.0.0.1:9200” “200” “0.011” “-” “-” “-” “-” “-” 133005
127.0.0.1 - - [01/Aug/2017:18:06:37 +0000] “POST /elasticsearch//_bulk HTTP/1.1” 200 “0.016” 202 “-” “Manticore 0.6.0” “127.0.0.1:9200” “200” “0.016” “-” “-” “-” “-” “-” 81265
127.0.0.1 - - [01/Aug/2017:18:06:37 +0000] “POST /elasticsearch//_bulk HTTP/1.1” 200 “0.015” 201 “-” “Manticore 0.6.0” “127.0.0.1:9200” “200” “0.015” “-” “-” “-” “-” “-” 39360

As you can see the 401 is for the POST
I’ve also try to change the TOKEN but nothing.

Giuseppe


#5

the aws support told me that compliance is not supported by opsworks for now. :frowning:


#6

edit:
it should be works, but is not!
https://docs.chef.io/aws_opsworks_chef_automate.html


#7

Any news?


#8

Morning,

The 1.6.99 version of Automate appears to have resolved the 401 issue, however I am still having an issue with my Marketplace Automate. I no longer am getting the 401 error but am now getting a 404 when trying to fetch the profile. I still have an open ticket with support for the issue, and will advise anything that I find, but would be interested if you encounter the same issue with your installation.


#9

Hi,
I didn’t test the 1.6.99. Have you used opsworks or the ec2 one?
Giuseppe


#10

I am using the Marketplace Automate instance, which has the same consolidation of servers (Chef and Automate on one instance) as the Opsworks offering.


#11

It worked!!!
tomorrow I will provide you more details


#12

Ok,
that’s the solution

  1. update the version

https://docs.chef.io/upgrade_chef_automate.html
I’ve also applied the point Upgrading and the automate-ctl setup command

  1. then I follow this guide ->https://docs.chef.io/aws_opsworks_chef_automate.html

now it works correctly
Giuseppe