New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot bootstrap a node with chef server behind HTTP basic authorization. #8111

Open
breisig opened this Issue Jan 15, 2019 · 3 comments

Comments

Projects
None yet
2 participants
@breisig
Copy link

breisig commented Jan 15, 2019

I have a chef server that is behind a loadbalancer that is protected by HTTP Basic Authentication. I have tried adding the HTTP Basic Auth credentials in my knife.rb file to both the chef_server_url and chef_server_root parameters and it won't seem to work when bootstrapping a new server. (like how it's done with curl). Any ideas?

knife .rb

chef_server_url "https://mytestusername:mytestpassword@chef.my-domain.com/organizations/myneworganization"
chef_server_root "https://mytestusername:mytestpassword@chef.my-domain.com/"

When bootstrapping the server, the following 401 Unauthorized error message happens.

Connecting to 59.5.33.6
59.5.33.6 -----> Installing Chef Omnibus (-v 14)
59.5.33.6 downloading https://omnitruck-direct.chef.io/chef/install.sh
59.5.33.6   to file /tmp/install.sh.4534/install.sh
59.5.33.6 trying wget...
59.5.33.6 el 7 x86_64
59.5.33.6 Getting information for chef stable 14 for el...
59.5.33.6 downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=14&p=el&pv=7&m=x86_64
59.5.33.6   to file /tmp/install.sh.4549/metadata.txt
59.5.33.6 trying wget...
59.5.33.6 sha1      2a3c204865e3f1ca2ea9fb432815e04cf2eda011
59.5.33.6 sha256    5523d582b8af2bfb2aa67e45ed70db4242788c18d88b6703a1c8b447292bc4bd
59.5.33.6 url       https://packages.chef.io/files/stable/chef/14.8.12/el/7/chef-14.8.12-1.el7.x86_64.rpm
59.5.33.6 version   14.8.12
59.5.33.6 downloaded metadata file looks valid...
59.5.33.6 downloading https://packages.chef.io/files/stable/chef/14.8.12/el/7/chef-14.8.12-1.el7.x86_64.rpm
59.5.33.6   to file /tmp/install.sh.4549/chef-14.8.12-1.el7.x86_64.rpm
59.5.33.6 trying wget...
59.5.33.6 Comparing checksum with sha256sum...
59.5.33.6 Installing chef 14
59.5.33.6 installing with rpm...
59.5.33.6 warning: /tmp/install.sh.4549/chef-14.8.12-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
59.5.33.6 Preparing...                          ################################# [100%]
59.5.33.6 Updating / installing...
59.5.33.6    1:chef-14.8.12-1.el7               ################################# [100%]
59.5.33.6 Thank you for installing Chef!
59.5.33.6 Starting the first Chef Client run...
59.5.33.6 Starting Chef Client, version 14.8.12
59.5.33.6 Creating a new client identity for mynewserver02.my-domain.com using the validator key.
59.5.33.6 resolving cookbooks for run list: ["baseinstall-cookbook"]
59.5.33.6 Synchronizing Cookbooks:
59.5.33.6 #<Thread:0x00000000022e8b80@/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:49 run> terminated with exception (report_on_exception is true):
59.5.33.6 Traceback (most recent call last):
59.5.33.6   7: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `block (2 levels) in process'
59.5.33.6   6: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `loop'
59.5.33.6   5: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:52:in `block (3 levels) in process'
59.5.33.6   4: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:160:in `block (2 levels) in sync_cookbooks'
59.5.33.6   3: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:272:in `sync_file'
59.5.33.6   2: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:296:in `download_file'
59.5.33.6   1: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/http.rb:237:in `streaming_request'
59.5.33.6 /opt/chef/embedded/lib/ruby/2.5.0/net/http/response.rb:122:in `error!': 401 "Unauthorized" (Net::HTTPServerException)
59.5.33.6 #<Thread:0x00000000022e77f8@/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:49 run> terminated with exception (report_on_exception is true):
59.5.33.6 Traceback (most recent call last):
59.5.33.6   7: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `block (2 levels) in process'
59.5.33.6   6: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `loop'
59.5.33.6   5: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:52:in `block (3 levels) in process'
59.5.33.6   4: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:160:in `block (2 levels) in sync_cookbooks'
59.5.33.6   3: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:272:in `sync_file'
59.5.33.6   2: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:296:in `download_file'
59.5.33.6   1: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/http.rb:237:in `streaming_request'
59.5.33.6 /opt/chef/embedded/lib/ruby/2.5.0/net/http/response.rb:122:in `error!': 401 "Unauthorized" (Net::HTTPServerException)
59.5.33.6 #<Thread:0x00000000022e8e50@/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:49 run> terminated with exception (report_on_exception is true):
59.5.33.6 Traceback (most recent call last):
59.5.33.6   7: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `block (2 levels) in process'
59.5.33.6   6: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `loop'
59.5.33.6   5: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:52:in `block (3 levels) in process'
59.5.33.6   4: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:160:in `block (2 levels) in sync_cookbooks'
59.5.33.6   3: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:272:in `sync_file'
59.5.33.6   2: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:296:in `download_file'
59.5.33.6   1: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/http.rb:237:in `streaming_request'
59.5.33.6 /opt/chef/embedded/lib/ruby/2.5.0/net/http/response.rb:122:in `error!': 401 "Unauthorized" (Net::HTTPServerException)
59.5.33.6 #<Thread:0x00000000022ea840@/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:49 run> terminated with exception (report_on_exception is true):
59.5.33.6 Traceback (most recent call last):
59.5.33.6   7: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `block (2 levels) in process'
59.5.33.6   6: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `loop'
59.5.33.6   5: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:52:in `block (3 levels) in process'
59.5.33.6   4: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:160:in `block (2 levels) in sync_cookbooks'
59.5.33.6   3: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:272:in `sync_file'
59.5.33.6   2: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:296:in `download_file'
59.5.33.6   1: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/http.rb:237:in `streaming_request'
59.5.33.6 /opt/chef/embedded/lib/ruby/2.5.0/net/http/response.rb:122:in `error!': 401 "Unauthorized" (Net::HTTPServerException)
59.5.33.6 #<Thread:0x00000000022eb358@/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:49 run> terminated with exception (report_on_exception is true):
59.5.33.6 Traceback (most recent call last):
59.5.33.6   7: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `block (2 levels) in process'
59.5.33.6   6: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:50:in `loop'
59.5.33.6   5: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/util/threaded_job_queue.rb:52:in `block (3 levels) in process'
59.5.33.6   4: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:160:in `block (2 levels) in sync_cookbooks'
59.5.33.6   3: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:272:in `sync_file'
59.5.33.6   2: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/cookbook/synchronizer.rb:296:in `download_file'
59.5.33.6   1: from /opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.8.12/lib/chef/http.rb:237:in `streaming_request'
59.5.33.6 /opt/chef/embedded/lib/ruby/2.5.0/net/http/response.rb:122:in `error!': 401 "Unauthorized" (Net::HTTPServerException)
59.5.33.6
59.5.33.6   ================================================================================
59.5.33.6   Error Syncing Cookbooks:
59.5.33.6   ================================================================================
59.5.33.6
59.5.33.6   Authentication Error:
59.5.33.6   ---------------------
59.5.33.6   Failed to authenticate to the chef server (http 401).
59.5.33.6
59.5.33.6   Server Response:
59.5.33.6   ----------------
59.5.33.6   <html><body><h1>401 Unauthorized</h1>
59.5.33.6   You need a valid user and password to access this content.
59.5.33.6   </body></html>
59.5.33.6
59.5.33.6   Relevant Config Settings:
59.5.33.6   -------------------------
59.5.33.6   chef_server_url   "https://mytestusername:mytestpassword@chef.my-domain.com/organizations/myneworganization"
59.5.33.6   node_name         "mynewserver02.my-domain.com"
59.5.33.6   client_key        "/etc/chef/client.pem"
59.5.33.6
59.5.33.6   If these settings are correct, your client_key may be invalid, or
59.5.33.6   you may have a chef user with the same client name as this node.
59.5.33.6
59.5.33.6   System Info:
59.5.33.6   ------------
59.5.33.6   chef_version=14.8.12
59.5.33.6   platform=centos
59.5.33.6   platform_version=7.6.1810
59.5.33.6   ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
59.5.33.6   program_name=/bin/chef-client
59.5.33.6   executable=/opt/chef/bin/chef-client
59.5.33.6
59.5.33.6
59.5.33.6   Running handlers:
59.5.33.6 [2019-01-15T13:34:48-06:00] ERROR: Running exception handlers
59.5.33.6   Running handlers complete
59.5.33.6 [2019-01-15T13:34:48-06:00] ERROR: Exception handlers complete
59.5.33.6   Chef Client failed. 0 resources updated in 04 seconds
59.5.33.6 [2019-01-15T13:34:48-06:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
59.5.33.6 [2019-01-15T13:34:48-06:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
59.5.33.6 [2019-01-15T13:34:48-06:00] FATAL: Net::HTTPServerException: 401 "Unauthorized"

@vsingh-msys

This comment has been minimized.

Copy link
Contributor

vsingh-msys commented Jan 16, 2019

@breisig could you please try http_proxy for chef server HTTP basic authentication as mentioned in doc https://docs.chef.io/config_rb.html
e.g.

chef_server_url "https://chef.my-domain.com/organizations/myneworganization"
http_proxy nil
http_proxy_user "username"
http_proxy_pass "password"
@breisig

This comment has been minimized.

Copy link
Author

breisig commented Jan 16, 2019

@vsingh-msys

I have added to my .chef/config.rb

http_proxy nil
http_proxy_user "mytestusername"
http_proxy_pass "mytestpassword"

and tried again but it didn't work.

I also tried

https_proxy nil
https_proxy_user "mytestusername"
https_proxy_pass "mytestpassword"

but that didn't work either.

@vsingh-msys

This comment has been minimized.

Copy link
Contributor

vsingh-msys commented Jan 21, 2019

Hi @breisig could you please provide the more detail about your hosted chef server architecture info As I am unable to reproduce the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment