Installation Problem with Proxy Server - Proxy Authentication Required
tstuber opened this issue · comments
Cookbook version
5.4.0
Chef-client version
13.4.19
Platform Details
Red Hat Enterprise Linux Server 7.4
Scenario:
[What you are trying to achieve and you can't?]
We tried to install chef-server cookbook on a new server. The compnay has a proxy server in place. The env variable has been set accordingly:
http_proxy=http://User:Password@proxy.mycompany.local:8080
https_proxy=https://User:Password@proxy.mycompany.local:8080
Steps to Reproduce:
- Use Proxy Server
- Install Chef-Server via cookbook
Expected Result:
Successful installation
Actual Result:
The installation fails with the following output:
Recipe: chef-server::default
* ruby_block[ensure node can resolve API FQDN] action run (skipped due to not_if)
* chef_ingredient[chef-server] action install
Recipe: <Dynamically Defined Resource>
* chef_gem[mixlib-install] action install (up to date)
================================================================================
Error executing action `install` on resource 'chef_ingredient[chef-server]'
================================================================================
Net::HTTPServerException
------------------------
407 "Proxy Authentication Required"
Cookbook Trace:
---------------
/root/.chef/local-mode-cache/cache/cookbooks/chef-ingredient/libraries/default_handler.rb:95:in `configure_from_channel'
/root/.chef/local-mode-cache/cache/cookbooks/chef-ingredient/libraries/default_handler.rb:46:in `configure_package'
/root/.chef/local-mode-cache/cache/cookbooks/chef-ingredient/libraries/default_handler.rb:23:in `handle_install'
/root/.chef/local-mode-cache/cache/cookbooks/chef-ingredient/libraries/chef_ingredient_provider.rb:54:in `block in <class:ChefIngredient>'
Resource Declaration:
---------------------
# In /root/.chef/local-mode-cache/cache/cookbooks/chef-server/recipes/default.rb
29: chef_ingredient 'chef-server' do
30: extend ChefServerCookbook::Helpers
31: version node['chef-server']['version'] unless node['chef-server']['version'].nil?
32: package_source node['chef-server']['package_source']
33: config <<-EOS
34: topology "#{node['chef-server']['topology']}"
35: #{"api_fqdn \"#{node['chef-server']['api_fqdn']}\"" if api_fqdn_available?}
36: #{node['chef-server']['configuration']}
37: EOS
38: action :install
39: end
40:
Compiled Resource:
------------------
# Declared in /root/.chef/local-mode-cache/cache/cookbooks/chef-server/recipes/default.rb:29:in `from_file'
chef_ingredient("chef-server") do
action [:install]
default_guard_interpreter :default
declared_type :chef_ingredient
cookbook_name "chef-server"
recipe_name "default"
package_source nil
config "topology \"standalone\"\napi_fqdn \"chefserver\"\n\n"
product_name "chef-server"
end
System Info:
------------
chef_version=13.4.19
platform=redhat
platform_version=7.4
ruby=ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux]
program_name=chef-client worker: ppid=1794;start=12:54:26;
executable=/opt/chefdk/bin/chef-client
Running handlers:
[2017-10-12T12:54:32+02:00] ERROR: Running exception handlers
[2017-10-12T12:54:32+02:00] ERROR: Running exception handlers
Running handlers complete
[2017-10-12T12:54:32+02:00] ERROR: Exception handlers complete
[2017-10-12T12:54:32+02:00] ERROR: Exception handlers complete
Chef Client failed. 2 resources updated in 06 seconds
[2017-10-12T12:54:32+02:00] FATAL: Stacktrace dumped to /root/.chef/local-mode-cache/cache/chef-stacktrace.out
[2017-10-12T12:54:32+02:00] FATAL: Stacktrace dumped to /root/.chef/local-mode-cache/cache/chef-stacktrace.out
[2017-10-12T12:54:32+02:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-10-12T12:54:32+02:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-10-12T12:54:32+02:00] ERROR: chef_ingredient[chef-server] (chef-server::default line 29) had an error: Net::HTTPServerException: 407 "Proxy Authentication Required"
[2017-10-12T12:54:32+02:00] ERROR: chef_ingredient[chef-server] (chef-server::default line 29) had an error: Net::HTTPServerException: 407 "Proxy Authentication Required"
[2017-10-12T12:54:32+02:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
[2017-10-12T12:54:32+02:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Actually, it does also not work if I specify the proxy settings in the client.rb file.
I found a nasty workaround for this problem:
The following file has to be modified:
/opt/chefdk/embedded/lib/ruby/2.4.0/net/http.rb
Then at line line 918, I inserted the proxy user/Password directly, since they are not loaded correctly from the environment/chef config.
proxy_user = 'proxyUsername'
proxy_pass = 'proxyPassword'
We faced this issue with Chef Software in multiple occations. Whenever a chef component (chef-client, chefdk, whatever) tries to establish an internet connection, the proxy needs to be specified in the client.rb (or delivery.rb / chef-server.rb).
For the client.rb, the official documentation was misleading. Instead of configuring:
http_proxy 'http://proxy.example.org:8080'
http_proxy_user 'myself'
http_proxy_pass 'Password1'
We needed to define a one-liner:
http_proxy 'http://myself:Password1@proxy.example.org:8080'
https_proxy 'http://myself:Password1@proxy.example.org:8080'
Another hint: The https_proxy is specified with an http:// URL. That was also required for us. Explanation can be found here.
However, that is finally solved for us.