0

I am installing Chef Server version 12.8.0-1 on Debian 8.5.

By downloading the .deb package files direct from the chef.io website I have successfully got the chef-server and chef-manage modules installed, configured and running.

I have got stuck trying to install the push jobs server. I used the command below...

chef-server-ctl install opscode-push-jobs-server

when the command runs I get the following errors...

Chef Client failed. 0 resources updated in 06 seconds
[2016-07-12T12:02:23+01:00] FATAL: Stacktrace dumped to /var/opt/opscode/local-mode-cache/chef-stacktrace.out
[2016-07-12T12:02:23+01:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2016-07-12T12:02:24+01:00] FATAL: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

I believe the cause of the problem is a self signed certificate used on our corporate firewall to allow the security team to decode SSL traffic.

What I need to know is how to either get Chef to accept this certificate or get it to ignore self signed certs.

I know I could manually download and install the module but this issue will affect other things like installing cookbooks from the Chef supermarket so I'd rather find a solution that lets me use the Chef tools as intended.

Can anyone advise please?

ChrisL
  • 13
  • 1
  • 5
  • Get your proxy certificate and add it to the cacert.pem file of the chef server install (`/opt/opscode/embedded/ssl/certs/cacert.pem`), you may also have to do `export SSL_CERT_FILE=/opt/opscode/embedded/ssl/certs/cacert.pem`. See [here](http://stackoverflow.com/questions/27833419/i-have-installed-chef-dk-and-started-using-berkshelf-but-berks-upload-failed/27838544#27838544) for example on how to do it. – Tensibai Jul 12 '16 at 11:55
  • Thanks for that but I'm a newbie both with Chef and with SSL certs so I could do with a more detailed explanation. The link you gave seems to show setting the server certificate on the workstation, I think I can do that. My problem is when Chef looks to an external website to download and install new components. I don't really know what you mean by 'proxy certificate', are they the corporate certificates I mentioned? Sorry if I'm being a bit slow with this but it's all new territory for me. – ChrisL Jul 12 '16 at 12:37
  • I suspect you didn't even click on the link, so here it is again: http://stackoverflow.com/questions/27833419/i-have-installed-chef-dk-and-started-using-berkshelf-but-berks-upload-failed/27838544#27838544 I let you adapt to the proper file for chef-server instead of chef-dk. – Tensibai Jul 12 '16 at 12:38
  • I definitely did click on the link! If someone goes to the trouble of giving me helpful advice I always make an effort to read it. – ChrisL Jul 12 '16 at 12:42
  • Being angry at me for not having enough knowledge to follow your advice seems contrary to what this site is for. – ChrisL Jul 12 '16 at 12:48
  • Thank you for your time Tensibai – ChrisL Jul 12 '16 at 12:49

1 Answers1

0

Tensibai gave you the path for fixing Chef Server, you'll probably need to do it for the client too which is fortunately easier. Just drop the extra root cert in /etc/chef/trusted_certs.

coderanger
  • 52,400
  • 4
  • 52
  • 75