1

I'm trying to use Berkshelf to upload a cookbook with a few dependencies to my Chef-Server. When I use chef exec berks upload I am presented with a bunch of different errors. My current setup is using the latest, or close to, ChefDK versions using a chef_repo with the following file structure. I have multiple repos for the multipe different Orgs I'm hooked into for different Chef-Servers. I don't have anything in my $HOME/.chef/, or on Windows, C:\chef\, doesn't even exist. I'm sharing the same chef_repo between my Windows, CentOS 7 VM, and my Docker container, so that hasn't changed. The chef_repo was generated by using the chef generate repo command.

https://gist.github.com/predatorian3/24ba83bd7e98ac7300bf#file-chefdk_repo_setup

The contents of my knife.rb are as follows

https://gist.github.com/predatorian3/24ba83bd7e98ac7300bf#file-00-knife-rb

I'm not sure what I'm doing wrong when I'm attempting to upload these cookbooks using Berkshelf.

On CMD, using Cmder

https://gist.github.com/predatorian3/24ba83bd7e98ac7300bf#file-chefdk_cmder_berks-rb

As you can see in this Gist, I was able to do a chef exec knife ssl check and it succeeded.

On Cygwin

https://gist.github.com/predatorian3/24ba83bd7e98ac7300bf#file-chefdk_cygwin_berks-rb

On CentOS 7,

https://gist.github.com/predatorian3/24ba83bd7e98ac7300bf#file-chefdk_centos7_berks-rb

On CentOS 7 using Docker's CentOS 7 image,

https://gist.github.com/predatorian3/24ba83bd7e98ac7300bf#file-chefdk_docker_centos7_berks-rb

Using a pure Ruby install, and the Chef RubyGem and Berkshelf gem installed, yielded the same errors, except the parts about some webagent cookie, which I suppose is good.

--EDIT 2016-02-27--

As a temporary work around, I had to use --no-ssl-verify in order for berks to upload the cookbooks. However, it seems to be a bug with ridley-4.3.2. Then berks is also not "honoring" the ENV[SSL_CERTS_DIR] or ENV[SSL_CERTS_FILE] statements in my knife.rb There's a bug submitted for it already. I guess this bug is an outstanding bug.

FilBot3
  • 3,460
  • 6
  • 33
  • 55

1 Answers1

1

Berkshelf uses its own config parsing system which might be unable to read your knife.rb successfully. This isn't super likely, but some permutation of that or not looking in the right folder is probably a contributing factor. You can make this a non-issue by creating a Berkshelf config.json with the required data.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • Would I have to modify the config.json for each chef-repo I have? I have a central spot for my cookbooks, Then each chef-repo is tied to a different Chef-Server. – FilBot3 Nov 17 '15 at 19:47
  • Yeah :-/ In theory Berkshelf should mirror Chef's own knife config loading (though with different underlying code). Can you pastebin your knife.rb? I can try to take a look if there is anything obviously at fault. – coderanger Nov 17 '15 at 20:13
  • Here is my `knife.rb`. Its in my `chef-repo/.chef/` directory, and my cookbooks are in a different directory so I don't have a bunch of copies for each repo. – FilBot3 Nov 18 '15 at 15:27
  • I don't see where you added it? – coderanger Nov 19 '15 at 03:58
  • Seems fine, nothing overly complex. I would throw a pry or puts in the knife.rb so you can see what certs_loc is while it is being loaded. Might be a relative path issue? – coderanger Nov 19 '15 at 18:28
  • It is loading my configuration correctly, in the correct directory. – FilBot3 Nov 23 '15 at 20:48
  • I've updated my Gist, https://gist.github.com/predatorian3/24ba83bd7e98ac7300bf#file-berks_upload_error-rb – FilBot3 Nov 23 '15 at 20:52
  • It's getting a different error now. Are your TLS certs self-signed? – coderanger Nov 23 '15 at 20:59
  • Yes, they're generated when I install Chef-Server. I've also already ran `chef exec knife ssl fetch` and downloaded the Certs. Which allows me to perform other actions on the Chef-Server – FilBot3 Nov 23 '15 at 21:37
  • Chef's `ssl fetch` has no effect on Berkshelf. You'll need to either disable TLS verification (very very not recommended) or handle this via old-school openssl config. Easiest option is to set the `$SSL_CERT_DIR` to point at the trusted certs dir while using Berks. – coderanger Nov 23 '15 at 21:43
  • Berks does use the knife.rb, correct? If that is the case, I could add a statement in there to make the $SSL_CERT_DIR env variable set for each knife.rb. – FilBot3 Nov 24 '15 at 18:38
  • Yep, `ENV['SSL_CERT_DIR'] = ...`. That's what I've done in the past. – coderanger Nov 24 '15 at 20:42
  • I added `ENV['SSL_CERT_DIR'] = "#{certs_loc}/trusted_certs/chefserverurl.localnet.net.crt"` However, its still not picking it up. – FilBot3 Dec 03 '15 at 19:56
  • Because `_DIR` is for a directory, and you are specifying a single file. Use `_FILE` for that. – coderanger Dec 03 '15 at 21:53
  • I receive the same error when I remove the file name and leave it just the directory `"#{certs_loc}/trusted_certs"` – FilBot3 Dec 04 '15 at 16:54
  • I'll try the FILE option this time – FilBot3 Dec 04 '15 at 16:54