Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chef-server-ctl test in failing in FIPS enabled Amazon Linux 2 system. #3398

Open
srijitncoupa opened this issue Jul 7, 2022 · 1 comment
Open

chef-server-ctl test in failing in FIPS enabled Amazon Linux 2 system. #3398

srijitncoupa opened this issue Jul 7, 2022 · 1 comment
Labels
Type: Bug Does not work as expected.

Comments

@srijitncoupa
Copy link

Chef Server Version

Chef-server = 14.16.19

Platform Details

The new chef 14 installation is done for Amazon Linux 2 system

Configuration

It is standalone machine and doing fresh install in Amazon Linux with FIPS enabled. Please find the chef-server.rb file

chef-server.rb

postgresql['external'] = true
fips = true
api_version = '14.16.19'
postgresql['enable'] = true
postgresql['sslmode'] = 'require'
postgresql['db_superuser'] = 'postgres'
postgresql['db_superuser_password'] = ''
postgresql['vip'] = 'devchf975srv2.cyokjaytsehc.ap-southeast-2.rds.amazonaws.com'
bookshelf['enable'] = true
bookshelf['vip'] = 's3-ap-southeast-2.amazonaws.com'
#bookshelf['url'] = 'http://127.0.0.1:4321'
bookshelf['listen'] = '127.0.0.1'
bookshelf['port'] = '4321'
bookshelf['external_url'] = 'https://s3-ap-southeast-2.amazonaws.com'
bookshelf['access_key_id'] = ''
bookshelf['secret_access_key'] = ''
opscode_erchef['s3_bucket'] = 'devchf975chef.'
nginx['server_name'] = 'chef.'
nginx['ssl_company_name'] = ''
nginx['ssl_email_address'] = 'ops12@****'
nginx['ssl_locality_name'] = 'San Francisco'
nginx['ssl_state_name'] = 'CA'
nginx['url'] = 'https://127.0.0.1'
nginx['ssl_certificate'] = '/etc/ssl/certs/webserver.cert.pem'
nginx['ssl_certificate_key'] = '/etc/ssl/priv/webserver.key.pem'
nginx['ssl_protocols'] = 'TLSv1.2'
nginx['ssl_ciphers'] = 'EECDH+E

Scenario

[What you are trying to achieve and you can't?]
We are installing chef 14 in FIPS enabled in Amazon linux 2 .Post installation and running the chef-server-ctl test we are using unit test case are failing when it needs to delete cookbook from S3.

Steps to Reproduce

We need to install Chef 14 in FIPS enabled Amazon Linux 2 systmem

[If you are filing an issue what are the things we need to do in order to repro your problem? How are you using this cookbook or any resources it includes?]

Expected Result

We are expecting that chef-server-ctl test would be passing in all unit test case and also we should also be able to pust new cookbooks in remote s3 bucket(bookshelf)

Actual Result

we are not able to push new cookbooks to remote s3 location . error noticed are given below .

  1. Cookbook Artifacts API endpoint API v0 behaves like deletes cookbook artifacts DELETE /cookbook_artifacts// for existing cookbooks when deleting existent version of an existing cookbook should cleanup unused checksum data in s3/bookshelf
    Failure/Error: raise "bad response code #{response.code} in response: #{response}"

    RuntimeError:
    bad response code 500 in response: {"error":["internal service error"]}
    Shared Example Group: "deletes cookbook artifacts" called from ./spec/api/cookbook_artifacts/delete_spec.rb:196

    ./lib/pedant/rspec/common.rb:429:in `ensure_2xx'

    ./lib/pedant/rspec/cookbook_util.rb:65:in `commit_sandbox'

    ./lib/pedant/rspec/cookbook_util.rb:74:in `upload_files_to_sandbox'

    ./lib/pedant/rspec/cookbook_util.rb:287:in `make_cookbook_artifact_with_recipes'

    ./spec/api/cookbook_artifacts/delete_spec.rb:109:in `block (6 levels) in <top (required)>'

  2. Cookbook Artifacts API endpoint API v2 behaves like deletes cookbook artifacts DELETE /cookbook_artifacts// for existing cookbooks when deleting existent version of an existing cookbook should cleanup unused checksum data in s3/bookshelf
    Failure/Error: raise "bad response code #{response.code} in response: #{response}"

    RuntimeError:
    bad response code 500 in response: {"error":["internal service error"]}
    Shared Example Group: "deletes cookbook artifacts" called from ./spec/api/cookbook_artifacts/delete_spec.rb:200

    ./lib/pedant/rspec/common.rb:429:in `ensure_2xx'

    ./lib/pedant/rspec/cookbook_util.rb:65:in `commit_sandbox'

    ./lib/pedant/rspec/cookbook_util.rb:74:in `upload_files_to_sandbox'

    ./lib/pedant/rspec/cookbook_util.rb:287:in `make_cookbook_artifact_with_recipes'

    ./spec/api/cookbook_artifacts/delete_spec.rb:109:in `block (6 levels) in <top (required)>'
@srijitncoupa srijitncoupa added the Status: Untriaged An issue that has yet to be triaged. label Jul 7, 2022
srijitncoupa added a commit to srijitncoupa/chef-server that referenced this issue Jul 7, 2022
@srijitncoupa
chef#3398: Fix for FIPS enabled in bookshelf using bookshelf s3 url w…
c6713e6 
…ith localhost setting in chef-server.rb
@srijitncoupa srijitncoupa mentioned this issue Jul 8, 2022
Merged
5 tasks
srijitncoupa added a commit to srijitncoupa/chef-server that referenced this issue Jul 8, 2022
@srijitncoupa
Merge pull request #1 from srijitncoupa/snair/14.1.6.19-fipsworkaround
058367e 
chef#3398: Fix for FIPS enabled in bookshelf using bookshelf s3 url with …
@srijitncoupa srijitncoupa mentioned this issue Jul 8, 2022
Open
5 tasks
@vinay-satish vinay-satish added Type: Bug Does not work as expected. and removed Status: Untriaged An issue that has yet to be triaged. labels Jul 12, 2022
@vinay-satish
Copy link
Contributor

Thank you for bring this issue up. We currently test this on RHEL 7 and we need to test this on other platforms as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Does not work as expected.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vinay-satish @srijitncoupa