New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when running cookbook #109

Closed
pauldambra opened this Issue Nov 8, 2016 · 15 comments

Comments

Projects
None yet
3 participants
@pauldambra

pauldambra commented Nov 8, 2016

I'm running a set of custom cookbooks that depend on chocolatey. I've previously run them successfully.

Today with v 1.0.1 and v 1.0.3 of chocolatey I'm getting

STDERR: C:\Users\Code\AppData\Local\Temp\chef-script20161108-2552-1yf9z20.ps1 : The underlying connection was closed
: An unexpected error occurred on a receive.

The box in question

  • windows server 2012 build 9600
  • doesn't use a proxy
  • has the certs listed here installed
  • has the firewall turned off

Are there any likely other culprits or diagnosis steps I can take

The full output is...

PS D:\secret-client-cookbooks> chef-client -z -o "recipe[custom_cookbook_elasticsearch],recipe[custom_cookbook_search_management]" -j .\live-se
arch04.json
[2016-11-08T16:18:25+00:00] WARN: No config file found or specified on command line, using command line options.
Starting Chef Client, version 12.15.19
[2016-11-08T16:18:58+00:00] WARN: Run List override has been provided.
[2016-11-08T16:18:58+00:00] WARN: Original Run List: []
[2016-11-08T16:18:58+00:00] WARN: Overridden Run List: [recipe[custom_cookbook_elasticsearch], recipe[custom_cookbook_search_management]]
resolving cookbooks for run list: ["custom_cookbook_elasticsearch", "custom_cookbook_search_management"]
Synchronizing Cookbooks:
  - custom_cookbook_elasticsearch (0.4.2)
  - custom_cookbook_search_management (0.4.5)
  - windows (1.44.3)
  - chocolatey (1.0.1)
  - octopus (0.1.4)
  - iis (4.2.0)
  - chef_handler (1.4.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2016-11-08T16:19:01+00:00] WARN: Please use the package resource available in Chef Client 12.6.
windows_package will be removed in the next major version release
of the Windows cookbook.

Converging 25 resources
Recipe: chocolatey::default
  * template[C:/Users/Code\.chef\local-mode-cache\cache/install.ps1] action create (up to date)
  * powershell_script[Install Chocolatey] action run

    ================================================================================
    Error executing action `run` on resource 'powershell_script[Install Chocolatey]'
    ================================================================================

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    Expected process to exit with [0], but received '1'
    ---- Begin output of "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile
-ExecutionPolicy Bypass -InputFormat None -File "C:/Users/Code/AppData/Local/Temp/chef-script20161108-2552-1yf9z20.ps1"
----
    STDOUT:
    STDERR: C:\Users\Code\AppData\Local\Temp\chef-script20161108-2552-1yf9z20.ps1 : The underlying connection was closed
: An
    unexpected error occurred on a receive.
        + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
        + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,chef-script20161108-2552-1yf9z20.ps1

    ---- End output of "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -E
xecutionPolicy Bypass -InputFormat None -File "C:/Users/Code/AppData/Local/Temp/chef-script20161108-2552-1yf9z20.ps1" --
--
    Ran "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy
Bypass -InputFormat None -File "C:/Users/Code/AppData/Local/Temp/chef-script20161108-2552-1yf9z20.ps1" returned 1

    Resource Declaration:
    ---------------------
    # In C:/Users/Code/.chef/local-mode-cache/cache/cookbooks/chocolatey/recipes/default.rb

     36: powershell_script 'Install Chocolatey' do
     37:   environment node['chocolatey']['install_vars']
     38:   cwd Chef::Config['file_cache_path']
     39:   code install_ps1
     40:   not_if { chocolatey_installed? && (node['chocolatey']['upgrade'] == false) }
     41: end

    Compiled Resource:
    ------------------
    # Declared in C:/Users/Code/.chef/local-mode-cache/cache/cookbooks/chocolatey/recipes/default.rb:36:in `from_file'

    powershell_script("Install Chocolatey") do
      action [:run]
      retries 0
      retry_delay 2
      default_guard_interpreter :powershell_script
      command "Install Chocolatey"
      backup 5
      cwd "C:/Users/Code\\.chef\\local-mode-cache\\cache"
      environment {"chocolateyProxyLocation"=>nil, "chocolateyProxyUser"=>nil, "chocolateyProxyPassword"=>nil, "chocolat
eyVersion"=>nil, "chocolateyDownloadUrl"=>"https://chocolatey.org/api/v2/package/chocolatey", "chocolateyUseWindowsCompr
ession"=>nil}
      returns 0
      code "C:/Users/Code\\.chef\\local-mode-cache\\cache/install.ps1"
      interpreter "powershell.exe"
      declared_type :powershell_script
      cookbook_name "chocolatey"
      recipe_name "default"
      not_if { #code block }
    end

    Platform:
    ---------
    x64-mingw32


Running handlers:
[2016-11-08T16:19:29+00:00] ERROR: Running exception handlers
Running handlers complete
[2016-11-08T16:19:29+00:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 01 minutes 01 seconds
[2016-11-08T16:19:29+00:00] FATAL: Stacktrace dumped to C:/Users/Code/.chef/local-mode-cache/cache/chef-stacktrace.out
[2016-11-08T16:19:29+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2016-11-08T16:19:29+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: powershell_script[Install Chocolatey] (chocolat
ey::default line 36) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received
 '1'
---- Begin output of "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -Exe
cutionPolicy Bypass -InputFormat None -File "C:/Users/Code/AppData/Local/Temp/chef-script20161108-2552-1yf9z20.ps1" ----

STDOUT:
STDERR: C:\Users\Code\AppData\Local\Temp\chef-script20161108-2552-1yf9z20.ps1 : The underlying connection was closed: An

unexpected error occurred on a receive.
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,chef-script20161108-2552-1yf9z20.ps1
---- End output of "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -Execu
tionPolicy Bypass -InputFormat None -File "C:/Users/Code/AppData/Local/Temp/chef-script20161108-2552-1yf9z20.ps1" ----
Ran "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypa
ss -InputFormat None -File "C:/Users/Code/AppData/Local/Temp/chef-script20161108-2552-1yf9z20.ps1" returned 1
PS D:\secret-client-cookbooks>
@ferventcoder

This comment has been minimized.

Member

ferventcoder commented Nov 8, 2016

@pauldambra looks like it could be some issue connecting to the site. Do you have more details like the file that was temporarily created?

@pauldambra

This comment has been minimized.

pauldambra commented Nov 8, 2016

@ferventcoder I could hit https://chocolatey.org/ in the browser. Is there a better way to check?

this file "C:\Users\Code\AppData\Local\Temp\chef-script20161108-2552-1yf9z20.ps1"? I'm not at work now but can grab it tomorrow.

@ferventcoder

This comment has been minimized.

Member

ferventcoder commented Nov 8, 2016

@pauldambra any details you could provide here would be best.

@pauldambra

This comment has been minimized.

pauldambra commented Nov 9, 2016

I can visit https://chocolatey.org/install.ps1 in a browser but if I try iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

I get the same error:

Exception calling "DownloadString" with "1" argument(s): "The underlying connection was closed: An unexpected error
occurred on a receive."
At line:1 char:1
+ iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/in ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException
@pauldambra

This comment has been minimized.

pauldambra commented Nov 9, 2016

Hmm if I call

iex ((New-Object System.Net.WebClient).DownloadString('http://google.com'))
then it downloads and tries to execute

but if I call

iex ((New-Object System.Net.WebClient).DownloadString('https://google.com'))
then it has the same error.

Kudos if this is caused by the chef cookbook ;)

I'll close this ticket but feel free to comment here or tweet twitter.com/pauldambra if this suggests anything to you.

Thanks

@pauldambra pauldambra closed this Nov 9, 2016

@pauldambra

This comment has been minimized.

pauldambra commented Nov 9, 2016

Just to capture this here in case Google brings anyone in future. Our Windows server images had been updated to disallow TLS 1.0 because of PCI-DSS compliance.

@ferventcoder

This comment has been minimized.

Member

ferventcoder commented Nov 9, 2016

@pauldambra I will get this added to the install page, but this is roughly what you need:

$securityProtocolSettingsOriginal = [System.Net.ServicePointManager]::SecurityProtocol

try {
  # This should work in .NET 4 where .NET 4.5 is installed as an inplace upgrade
  # Set TLS1.2 (3072) then TLS1.1 (768), then TLS 1.0 (192), finally SSL3 (48)
  $securityProtocolSettings = 3072 -bor 768 -bor 192 -bor 48 
  [System.Net.ServicePointManager]::SecurityProtocol = $securityProtocolSettings
} catch {
  Write-Warning "Unable to set PowerShell to use TLS 1.2 and TLS 1.1 due to old .NET Framework installed. Please upgrade to at least .NET Framework 4.5 and PowerShell v3 for this to work appropriately."
}

iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

[System.Net.ServicePointManager]::SecurityProtocol = $securityProtocolSettingsOriginal
@ferventcoder

This comment has been minimized.

Member

ferventcoder commented Nov 9, 2016

Fixed that - logic was a bit off

@ferventcoder

This comment has been minimized.

Member

ferventcoder commented Nov 9, 2016

@mwrock can we add that logic to this cookbook?

@ferventcoder ferventcoder reopened this Nov 9, 2016

@pauldambra

This comment has been minimized.

pauldambra commented Nov 9, 2016

That's awesome, thanks

P

On Wed, 9 Nov 2016, 17:14 Rob Reynolds, notifications@github.com wrote:

Fixed that - logic was a bit off


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#109 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA8G8WvrVNRRrXq8JC91GJOmmts-Zqjhks5q8f-MgaJpZM4Ksn75
.

@ferventcoder

This comment has been minimized.

Member

ferventcoder commented Nov 9, 2016

@pauldambra you should also consider using Chocolatey completely internally - including hosting the Chocolatey package internally. I'm almost sure this cookbook will support that. Good find though! (Reference: https://gitter.im/chocolatey/choco?at=582343c878ec59ab05518ffc)

@ferventcoder

This comment has been minimized.

Member

ferventcoder commented Nov 9, 2016

I've just added this to the install page - https://github.com/chocolatey/choco/wiki/Installation#installing-with-restricted-tls (it will end up on https://chocolatey.org/install after a bit).

@mwrock

This comment has been minimized.

Member

mwrock commented Nov 26, 2016

I'm catching up on old issues I originally missed and so apologies for the late response.

I'm a bit uneasy toggling the system wide Security protocol settings here. This is clearly an edge case and in such a case, the policy settings were intentionally set this way. I think in these cases, its best for the cookbook consumer to adjust the policy themselves rather than the cookbook doing it behind the scenes.

I know its a pain and not very discoverable at all, but leaving this logic to the cookbook user clearly states the consumer is cognizant of the policy change. Fortunately the wiki verbage added to the chocolatey website should help to lead googlers looking to fix this scenario to the right place!

I'm closing for now but feel free to reopen with concerns or objections.

@mwrock mwrock closed this Nov 26, 2016

@ferventcoder

This comment has been minimized.

Member

ferventcoder commented Dec 29, 2016

I'm a bit uneasy toggling the system wide Security protocol settings here.

? This would strictly be for the current running process.

@mwrock

This comment has been minimized.

Member

mwrock commented Dec 30, 2016

Yeah thats true.

@mwrock mwrock reopened this Dec 30, 2016

docwhat added a commit to docwhat/chocolatey-cookbook that referenced this issue Jan 4, 2017

Enable TLS1.2 and TLS1.1
This will prevent this error:

    The request was aborted: Could not create SSL/TLS secure channel.

Closes chocolatey#109

@ferventcoder ferventcoder referenced this issue Jan 4, 2017

Closed

Bring Install.ps1 ERB up to date #112

0 of 4 tasks complete

docwhat added a commit to docwhat/chocolatey-cookbook that referenced this issue Jan 5, 2017

Use the official install.ps1
This uses the `remote_file` resource to fetch the `install.ps1` from
chocolatey.org

This should allow improvements from the "official" copy to be matched
in the chocolatey version.

Closes chocolatey#111
Closes chocolatey#112
Closes chocolatey#109

docwhat added a commit to docwhat/chocolatey-cookbook that referenced this issue Jan 6, 2017

Use the official install.ps1
This uses the `remote_file` resource to fetch the `install.ps1` from
chocolatey.org

This should allow improvements from the "official" copy to be matched
in the chocolatey version.

Closes chocolatey#111
Closes chocolatey#112
Closes chocolatey#109

docwhat added a commit to docwhat/chocolatey-cookbook that referenced this issue Jan 6, 2017

Use the official install.ps1
This uses the `remote_file` resource to fetch the `install.ps1` from
chocolatey.org.  The url to fetch `install.ps1` from is configurable in
case someone wants to run entirely detached from the internet.

This should allow improvements from the "official" copy to be matched
in the chocolatey version.

Closes chocolatey#111
Closes chocolatey#112
Closes chocolatey#109

docwhat added a commit to docwhat/chocolatey-cookbook that referenced this issue Jan 6, 2017

Use the official install.ps1
This uses the `remote_file` resource to fetch the `install.ps1` from
chocolatey.org.  The url to fetch `install.ps1` from is configurable in
case someone wants to run entirely detached from the internet.

This should allow improvements from the "official" copy to be matched
in the chocolatey version.

Closes chocolatey#111
Closes chocolatey#112
Closes chocolatey#109

@mwrock mwrock closed this in 4e74867 Jan 9, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment