Tier or HA Chef Server 12.4.1 + Reporting 1.5.6 Perms Regression

Sean Horn -

If you install a new Chef Server 12.4.1 + Reporting 1.5.6 system using the tier or HA topologies, you will run into the following error every time a chef-client tries to run against this server system and start or end a report in the Reporting service. This output will be found in the var/log/opscode/opscode-reporting/current logfile


2016-02-12_20:28:53.76692 Undefined:Undefined#Undefined [error] <0.236.0> {<<"method=POST; path=/organizations/ponyville/reports/nodes/test.lxc/runs; status=500; ">>,{error,{badmatch,{error,unknown_key}},[{chef_data_client,authn_headers,1,[{file,"src/chef_data_client.erl"},{line,131}]},{chef_data_client,fetch_org_id,1,[{file,"src/chef_data_client.erl"},{line,64}]},{timer,tc,1,[{file,"timer.erl"},{line,165}]},{stats_hero,ctime,3,[{file,"src/stats_hero.erl"},{line,131}]},{reporting_chef_api,with_caching,3,[{file,"src/reporting_chef_api.erl"},{line,154}]},{chef_rest_wm,do_malformed_request,4,[{file,"src/chef_rest_wm.erl"},{line,95}]},{webmachine_resource,resource_call,3,[{file,"src/webmachine_resource.erl"},{line,186}]},{webmachine_resource,do,3,[{file,"src/webmachine_resource.erl"},{line,142}]}]}}

Another way to see this issue easily is in the same logfile. This error makes it more obvious that the the problem is related to file permissions

2016-02-12_23:56:46.68791 Undefined:Undefined#Undefined [error]  Error reading file /etc/opscode/pivotal.pem for pivotal: {error,eacces}

Issue Workaround

You can immediately workaround this issue by changing the ownership of the pivotal.pem file in /etc/opscode on all of your frontend and in an HA system, secondary backend systems, like

Frontends first

chown opscode /etc/opscode/pivotal.pem
chef-server-ctl restart opscode-reporting

Then Secondary Backend (in an HA install)

chown opscode /etc/opscode/pivotal.pem


This issue occurred because some code was moved into a bootstrapping recipe (only applies to the bootstrap backend), out of a general section that applied to all server roles in a chef server cluster. Previously, during a reconfigure, all Chef Server cluster system type would have been reconfigured.

Have more questions? Submit a request


Powered by Zendesk