Comments (4)
echohack
commented on September 23, 2024
2
Workaround:
You can append your RootCA to this file in the studio:
/hab/pkgs/core/cacerts/2018.12.05/20190115014206/ssl/certs/cacert.pem
to work around this issue.
It's clear that we need to provide some mechanism in the studio / in effortless for handling this issue better, along with giving better error messages for what the user is encountering.
from effortless.
dmccown
commented on September 23, 2024
2
We will have some changes coming soon with Habitat and how it handles Certs. This may help you out. Here's the issue we have in flight: habitat-sh/habitat#6759
from effortless.
sam1el
commented on September 23, 2024
Adding information as requested.
http_proxy
https_proxy
SSL_CERT_FILE
The above environments variables have been set. Corporate cert gets through all other proxy settings until scaffolding tries to reach supermarket.
We need a feature for hab pkgs to utilize the hab cert chain.
Chef-dk currently cannot reach through a corporate proxy due to it not seeing the valid certs. Hab itself is functioning as expected.
This is the current error
Installing cloudcli 1.2.0
[2019-07-26T14:29:30+00:00] ERROR: SSL Validation failure connecting to host: s3.amazonaws.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed
Error: Failed to generate Policyfile.lock
Reason: (OpenSSL::SSL::SSLError) SSL Error connecting to https://supermarket.chef.io/api/v1/cookbooks/cloudcli/versions/1.2.0/download - SSL Error connecting to https://s3.amazonaws.com/community-files.opscode.com/cookbook_versions/tarballs/21168/original/cloudcli.tgz?1493505782 - SSL_connect returned=1 errno=0 state=error: certificate verify failed
from effortless.
echohack
commented on September 23, 2024
Here's a more detailed log showing chef install --debug occuring within the scaffolding.
[2019-07-26T15:14:52+00:00] ERROR: SSL Validation failure connecting to host: s3.amazonaws.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed
Error: Failed to generate Policyfile.lock
Reason: (OpenSSL::SSL::SSLError) SSL Error connecting to https://supermarket.chef.io/api/v1/cookbooks/cloudcli/versions/1.2.0/download - SSL Error connecting to https://s3.amazonaws.com/community-files.opscode.com/cookbook_versions/tarballs/21168/original/cloudcli.tgz?1493505782 - SSL_connect returned=1 errno=0 state=error: certificate verify failed
/hab/pkgs/chef/chef-dk/3.0.38/20180525172209/ruby/2.4.0/gems/chef-14.1.12/lib/chef/http.rb:451:in `rescue in retrying_http_errors'
/hab/pkgs/chef/chef-dk/3.0.38/20180525172209/ruby/2.4.0/gems/chef-14.1.12/lib/chef/http.rb:408:in `retrying_http_errors'
/hab/pkgs/chef/chef-dk/3.0.38/20180525172209/ruby/2.4.0/gems/chef-14.1.12/lib/chef/http.rb:365:in `send_http_request'
/hab/pkgs/chef/chef-dk/3.0.38/20180525172209/ruby/2.4.0/gems/chef-14.1.12/lib/chef/http.rb:```
from effortless.
Related Issues (20)
- SSL cacerts wrapper HOT 1
- Support Private GIT Repos HOT 3
- Support running Effortless package on same host as older Chef Client version HOT 1
- Fix the examples and use them to test scaffolding builds.
- When using chef-client-detox, full client is still being called as dependency
- When hab sup term is supported on windows fix windows test scripts
- Add a test to validate data_bags and attributes on windows and linux
- Make inspec and chef-client binary paths more explicit HOT 2
- scaffolding-chef-inspec: Path is not set properly for Inspec bins when specifying alternate scaffold_inspec_client HOT 5
- Cannot run Chef Infra on Windows HOT 7
- Effortless chef-client on windows conflicting with legacy client
- Change the kitchen files in the examples and docs to use `kitchen-habitat` plugin
- Bash-style string comparison causes acceptance check to fail HOT 3
- Ensure that all run hooks are using the bash shipped with habitat
- Support pulling token from secrets management for service overrides.
- Chef Infra and Inspec should share the same ruby dependency HOT 1
- Inspec scaffolding not working on linux when fetching profiles from Automate HOT 2
- Effortless packages fail to build on Linux with Chef Infra 17 release due to Ruby dependency
- rubygems_url Broken on Windows HOT 1
- environment setup of React-Automation-studio with docker-compose up
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from effortless.