-
Notifications
You must be signed in to change notification settings - Fork 170
Windows: cert already in hash table #492
Comments
Does it work if you give the |
no it gives the same error. I tried a few tricks with config file. like relocate it to a different dir and ref it using -c. I did not add client.pem on purpose to see if it complains. And yes it complained about not having proper ssl. So I added pem and it resumes with cert already in hash. |
Output of using -c PS C:\Users\cshowers\git\chef-cookbooks\aar> chef provision staging --sync -n aar-staging-01 -o port=8000 -c c:\chef\client.rb PS C:\Users\cshowers\git\chef-cookbooks\aar> knife ssl check -c c:\chef\client.rb |
Thanks for that, I wanted to make sure this wasn't the same thing as a different bug where the config file simply wasn't getting loaded. This seems to be an issue with Ruby itself, where when you have active threads and are using the The answer on this SO post might help, but ChefDK patches ruby to set the |
ok I see. So since this problem only shows up on Windows I could test this out on linux until there is a chefDK release that fixes this. |
Yes, we are looking at whether Ruby 2.2 would fix it, or if we could build Ruby on Windows ourselves rather than relying on RubyInstaller/DevKit builds (this would allow us to control the build-time configuration of OpenSSL so we wouldn't need to set |
Any change on this yet? When trying to upload even a bit more complex cookbook into server, I will get the same error. Simple cookbooks are fine, but "windows" cookbook from supermarket isn't something it will digest very well. We are using valid certificate from Thawte and everything else work just fine, including "knife ssl check" is returning successful results. Currently using ChefDK on Windows 8.1 Chef Development Kit Version: 0.10.0 |
If you make a policyfile and upload it with |
Also, what chef server are you using, and have you modified its SSL configuration? |
I'm having the same problem if I do a cookbook upload with --include-dependencies and the windows cookbook is one of the dependencies. This wasn't a problem until I upgraded from Chefdk 0.4.0 and knife-windows 0.8.5. I was able to upload the windows cookbook by itself, so that got me past my immediate problem, but for automated deployments, that's not a useful work around. Currently using ChefDK on Windows Server 2008 R2 Chef Development Kit Version: 0.9.0 |
Are you specifically seeing |
I am seeing |
FWIW, I have found that using the --concurrency option, set to 1, in my 'knife cookbook upload' commands to be 100% successful at avoiding the SSL error problem described above. |
@danielsdeleo, tested "knife cookbook upload" and problem seems to be the same. Chef server is 12.3.1. Regarding SSL configuration, I let Chef to generate self-signed certificate and then replaced (crt/key) files with new (valid) certificate... so no actual modifications are made for it. Most of the modifications for any configs are for Analytics. When uploading depended cookbooks one by one, I finally managed to upload original "windows" cookbook.
|
I am also getting this error consistently . I try to the knife ssl check and fetch. Everything looks good. I get this randomly when using chef-client -o 'cookbook::recipe' -c C:\chef-repo.chef\knife.rb for provisioning virtual machines with the chef-provisioning-vsphere gem. |
This issue is still present in the latest rub gems provided with chefdk 0.11.2 |
This issue is still persistent in chefdk 0.12.0. It seems to always occur if there is a syntax error in your provisioning recipe & you try to run it again after. If I reboot that sometimes clears it up. Doing a knife ssl fetch does not fix the issue. This occurs with machine_batch paralegal provisioning of servers. |
I have started to use a Linux Chef Workstation as a work around when I provision more than one server at a time. The bug doesn't appear in the ruby gems provided with chefdk on linux. |
I am also seeing this when my Windows nodes converge - usually when I first provision them and they do the initial converge. Not on my workstation where I trigger the provisioning (although I have seen that too!) but on the nodes themselves when they converge with chef-client, as they synchronize the cookbooks from the server. It seems to happen about half of the time - frequently I just manually kick off the Chef Provisioning run again and the nodes will successfully converge. Same issue with both chef-client 12.5.1 and 12.12.5
|
Could this be a Chef manifestation of the similar issue in Puppet?
...
|
This error still occurs as of latest Chef DK release. I get this error mainly when using machine_batch on a Windows Chef Workstation provisioning multiple Virtual Machines. |
If I'm reading this Ruby issue correctly, it should be fixed in Ruby 2.4 which is used by ChefDK 2.x - can those impacted confirm? cc: @thommay @trevorghess |
My env
Windows 7
chefdk 0.7
PowerShell 4
chef-sever-core 12.1.2
I've been testing the new chefdk policyfile by following the policyfile guided tour https://www.chef.io/blog/2015/08/18/policyfiles-a-guided-tour/#more-16518 Every time I run chef provision it failes with SSL_read errors
I created the special provision cookbook as per example and ran following
chef provision staging --sync -n aar-staging-01 -o port=8000
Uploading policy to policy group staging
[2015-08-30T22:00:25-04:00] ERROR: SSL Validation failure connecting to host: server-centos-65 - SSL_read: cert already in hash table
[2015-08-30T22:00:27-04:00] ERROR: SSL Validation failure connecting to host: server-centos-65 - SSL_write: cert already in hash table
Error: Failed to upload policy to policy group staging
Reason: (OpenSSL::SSL::SSLError) SSL_write: cert already in hash table
I setup chef server with ssl. I ran knife ssl fetch and knife ssl check is good
PS C:\Users\cshowers\git\chef-cookbooks\aar> knife ssl check
Connecting to host server-centos-65:443
Successfully verified certificates from `server-centos-65'
even if I run 'chef push staging' I get the same ssl errors. Am I missing something? It's almost like chef provision command doesn't use the same ssl as knife. I am pretty new to chef and I am trying to get my head around policfiles.
My knife.rb
current_dir = File.dirname(FILE)
log_level :info
log_location STDOUT
node_name "cshowers"
client_key "#{current_dir}/cshowers.pem"
chef_server_url "https://server-centos-65/organizations/test"
cookbook_path ["#{current_dir}/../cookbooks"]
The text was updated successfully, but these errors were encountered: