2
votes

I recently updated the SSL certificate on my chef server, and now I am unable to upload cookbooks to chef server. However, I am able to upload/modify/add roles/environments to chef server, and the chef nodes client is working fine. It has no issue when downloading cookbooks, only when uploading a cookbook.

I tried restarting the chef server services and even rebooted the chef server, but the issue persists.

Below is the error I encounter while uploading cookbook using knife or exploring cookbook via Chef Server UI:

### knife cookbook upload -o . chef-client_0 -V
Uploading chef-client_0  [3.3.3]
INFO: Validating ruby files
INFO: Validating templates
INFO: Syntax OK
INFO: Saving chef-client_0
INFO: Uploading files
INFO: Uploading /private/var/root/c/chef_cookbooks/vendor_cookbooks/chef-client_0/attributes/default.rb (checksum hex = bffdd0f69ce34d915bb6695f4bd10d0a) to https://CHEF_SERVER.MYDOMAIN:443/bookshelf/organization-00000000000000000000000000000000/checksum-bffdd0f69ce34d915bb6695f4bd10d0a?AWSAccessKeyId=847c5c55c0e51749a5aa8a987537b35b46cc7159&Expires=1395409204&Signature=UORF9gdB0G0svW0HuvPEfLxY15o%3D
INFO: HTTP Request Returned 500 Internal Server Error: internal service error
ERROR: internal server error
Response: internal service error

Chef Server: 11.0.10

Chef Client: 11.8.2

The cookbook(s) I am trying to upload do not have bad syntax.

2

2 Answers

3
votes

Not sure what it could be but try the following commands if you haven't yet (from the chef server):

chef-server-ctl reconfigure

or

chef-server-ctl test

Hope this helps!

1
votes

I am running a single Chef Server in Amazon and it is shared across Amazon regions. I had to change the Chef Server SSL Certificate FQDN which also has additional FQDN's.

Public FQDN (chef-server.rb "api_fqdn"):
chef-server.publicdomain.net  A PUBLIC_IP

Regional Prviate FQDN (client.rb "chef_server_url":
chefserver-[AWS REGION].publicdomain.net A PRIVATE_IP

To resolve cookbook upload "internal service error" issue, i had to map Public FQDN to local IP on Chef Server. Public FQDN is used only for outside Amazon access or users home static ip whitelisting.

Chef Clients in different Amazon regions, always points to a Private FQDN.


Now i have another issue. When i run Chef Client on a new node, it fails to download cookbooks because in cookbook details, Chef "url" is pointing to Public FQDN even though client.rb is configured to use Private FQDN:

/etc/chef/client.rb
chef_server_url "https://chefserver-[AWS REGION].internaldomain.net"

Chef Client Run Debug Log:

[2014-03-23T07:48:47+00:00] DEBUG: Cookbooks detail: [#
<Chef::CookbookVersion:0x0000000240e0f0 @name="services", .., 
"url"=>"https://chef-server.publicdomain.net:443/bookshelf/organization-
00000000000000000000000000000000/checksum-21c2091bde685657c3d9602206cf44bb?
AWSAccessKeyId=847c5c55c0e51749a5aa8a987537b35b46cc7159&Expires=1395561826&Signature=
s/8Cr/ZWRmIaZPwzupPYDFh5jt4%3D"}], ..

As a workaround, i have to map Public FQDN to a Private IP address to run Chef Client once.

Strangely, after first Chef Client run i can remove Public FQN to Private IP mapping from the node and further on there is no issue in downloading cookbooks. Even though in the Cookbook details, url still points to Public FQN which is not accessible from node.