Skip to content
This repository has been archived by the owner on Jun 13, 2019. It is now read-only.

Kitchen fails to converge #7

Open
legal90 opened this issue May 12, 2016 · 3 comments
Open

Kitchen fails to converge #7

legal90 opened this issue May 12, 2016 · 3 comments

Comments

@legal90
Copy link

legal90 commented May 12, 2016

I've tried to check out how this cookbook works on CentOS 6, but kitchen converge default-centos-67 fails on early stage:

           ================================================================================
           Error executing action `create` on resource 'ssl_certificate[consul]'
           ================================================================================

           RuntimeError
           ------------
           Cannot read SSL key from chef-vault: secrets.consul[private_key]

           Cookbook Trace:
           ---------------
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_readers.rb:84:in `data_bag_read_fail'
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_readers.rb:122:in `safe_read_from_chef_vault'
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:167:in `default_key_content_from_chef_vault'
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:189:in `block in default_key_content'
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate.rb:164:in `instance_eval'
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate.rb:164:in `block in lazy_cached_variable'
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:103:in `key_content'
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/provider_ssl_certificate.rb:73:in `create_key'
           /tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/provider_ssl_certificate.rb:125:in `action_create'

           Resource Declaration:
           ---------------------
           # In /tmp/kitchen/cache/cookbooks/consul-cluster/recipes/default.rb

            23: certificate = ssl_certificate node['consul']['service_name'] do
            24:   owner node['consul']['service_user']
            25:   group node['consul']['service_group']
            26:   namespace node['consul-cluster']['tls']
            27:   notifies :reload, "consul_service[#{name}]", :delayed
            28: end
            29:

           Compiled Resource:
           ------------------
           # Declared in /tmp/kitchen/cache/cookbooks/consul-cluster/recipes/default.rb:23:in `from_file'

           ssl_certificate("consul") do
             provider Chef::Provider::SslCertificate
             action :create
             updated true
             updated_by_last_action true
             retries 0
             retry_delay 2
             default_guard_interpreter :default
             namespace {"ssl_key"=>{"path"=>"/etc/consul/ssl/private/consul.key", "source"=>"chef-vault", "bag"=>"secrets", "item"=>"consul", "item_key"=>"private_key"}, "ssl_cert"=>{"path"=>"/etc/consul/ssl/certs/consul.crt", "source"=>"chef-vault", "bag"=>"secrets", "item"=>"consul", "item_key"=>"certificate"}, "ssl_chain"=>{"path"=>"/etc/consul/ssl/certs/chain.crt", "source"=>"chef-vault", "bag"=>"secrets", "item"=>"consul", "item_key"=>"ca_certificate"}}
             key_name "consul.key"
             key_dir "/etc/pki/tls/private"
             key_path #<Chef::DelayedEvaluator:0x00000003e3ab40@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate.rb:161>
             key_source #<Chef::DelayedEvaluator:0x00000003e3a9d8@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:123>
             key_bag #<Chef::DelayedEvaluator:0x00000003e3a780@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:130>
             key_item #<Chef::DelayedEvaluator:0x00000003e3a500@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:134>
             key_item_key #<Chef::DelayedEvaluator:0x00000003e3a348@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:138>
             key_encrypted #<Chef::DelayedEvaluator:0x00000003e3a1e0@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:142>
             key_secret_file #<Chef::DelayedEvaluator:0x00000003e38ed0@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_key.rb:148>
             key_content #<Chef::DelayedEvaluator:0x00000003e38c28@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate.rb:161>
             cert_name "consul.pem"
             cert_dir "/etc/pki/tls/certs"
             cert_path #<Chef::DelayedEvaluator:0x00000003e38520@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate.rb:161>
             cert_source #<Chef::DelayedEvaluator:0x00000003e382c8@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:143>
             cert_bag #<Chef::DelayedEvaluator:0x00000003e38110@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:150>
             cert_item #<Chef::DelayedEvaluator:0x00000003e27e78@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:154>
             cert_item_key #<Chef::DelayedEvaluator:0x00000003e27bd0@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:158>
             cert_encrypted #<Chef::DelayedEvaluator:0x00000003e27130@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:162>
             cert_secret_file #<Chef::DelayedEvaluator:0x00000003e268c0@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:169>
             cert_content #<Chef::DelayedEvaluator:0x00000003e26410@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate.rb:161>
             subject_alternate_names #<Chef::DelayedEvaluator:0x00000003e25b28@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:176>
             ca_cert_path #<Chef::DelayedEvaluator:0x00000003e25808@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:268>
             ca_key_path #<Chef::DelayedEvaluator:0x00000003e24e58@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_cert.rb:272>
             chain_path #<Chef::DelayedEvaluator:0x00000003e24a20@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate.rb:161>
             chain_name #<Chef::DelayedEvaluator:0x00000003e24778@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:134>
             chain_dir "/etc/pki/tls/certs"
             chain_source #<Chef::DelayedEvaluator:0x00000003e24228@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:142>
             chain_bag #<Chef::DelayedEvaluator:0x00000003e24048@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:149>
             chain_item #<Chef::DelayedEvaluator:0x00000003e1fe30@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:153>
             chain_item_key #<Chef::DelayedEvaluator:0x00000003e1fae8@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:157>
             chain_encrypted #<Chef::DelayedEvaluator:0x00000003e1f7f0@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:161>
             chain_secret_file #<Chef::DelayedEvaluator:0x00000003e1f3e0@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:168>
             chain_content #<Chef::DelayedEvaluator:0x00000003e1ecd8@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate.rb:161>
             chain_combined_path #<Chef::DelayedEvaluator:0x00000003e1e8f0@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:207>
             chain_combined_name #<Chef::DelayedEvaluator:0x00000003e1e620@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_chain.rb:214>
             common_name #<Chef::DelayedEvaluator:0x00000003e1e3c8@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_subject.rb:85>
             country #<Chef::DelayedEvaluator:0x00000003e1e008@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_subject.rb:89>
             city #<Chef::DelayedEvaluator:0x00000003e1da18@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_subject.rb:93>
             state #<Chef::DelayedEvaluator:0x00000003e1d888@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_subject.rb:97>
             organization #<Chef::DelayedEvaluator:0x00000003e1d658@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_subject.rb:101>
             department #<Chef::DelayedEvaluator:0x00000003e1d428@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_subject.rb:105>
             email #<Chef::DelayedEvaluator:0x00000003e1d298@/tmp/kitchen/cache/cookbooks/ssl_certificate/libraries/resource_ssl_certificate_subject.rb:109>
             declared_type :ssl_certificate
             cookbook_name "consul-cluster"
             recipe_name "default"
             owner "consul"
             group "consul"
             default_cert_path "/etc/consul/ssl/certs/consul.crt"
             default_key_path "/etc/consul/ssl/private/consul.key"
           end

           Platform:
           ---------
           x86_64-linux

Probably it was fixed by https://github.com/zuazo/ssl_certificate-cookbook/pull/25/files
@Vasencheg
Copy link

It was fixed by adding to test/fixtures/policies/default.rb file:

...
override['vault-cluster']['tls']['ssl_key']['source']    = 'data-bag'
override['vault-cluster']['tls']['ssl_cert']['source']   = 'data-bag'
override['vault-cluster']['tls']['ssl_chain']['source']  = 'data-bag'
override['consul-cluster']['tls']['ssl_key']['source']   = 'data-bag'
override['consul-cluster']['tls']['ssl_cert']['source']  = 'data-bag'
override['consul-cluster']['tls']['ssl_chain']['source'] = 'data-bag'

@johnbellone
Copy link
Contributor

Ah nice, thanks for debugging! I'll add this and merge.

@legal90
Copy link
Author

legal90 commented Dec 7, 2016

@johnbellone Maybe it makes sense to set "data-bag" as default values for these attributes in attributes/default.rb ? Because it looks confusing (especially for people new to Chef) that Chef Vault is expected by default.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johnbellone @Vasencheg @legal90