Versions:
RHEL 7.x
opscode-push-jobs-server-1.1.6-1.x86_64
push-jobs-client-1.3.4-1.el7.x86_64
Summary:
Push jobs server is unable to startup successfully when running against a Chef Server configured to only offer TLS 1.2, so it is not possible to submit and process push jobs.
Problem:
Receiving output like this in
==> /var/log/opscode/opscode-pushy-server/current <==
2016-05-04_20:20:40.49841 16:20:40.495 [error] (Undefined:Undefined) <0.4400.0> Webmachine error at path "/organizations/jm_family/pushy/config/supermarket.jmfamily.com" : {throw,{error,{conn_failed,{error,closed}}},[{pushy_http_common,fetch_authenticated,2,[{file,"src/pushy_http_common.erl"},{line,44}]},{pushy_org,fetch_org_id,1,[{file,"src/pushy_org.erl"},{line,38}]},{pushy_object,fetch_org_id,1,[{file,"src/pushy_object.erl"},{line,45}]},{pushy_wm_base,verify_request_signature,2,[{file,"src/pushy_wm_base.erl"},{line,157}]},{pushy_wm_base,is_authorized,2,[{file,"src/pushy_wm_base.erl"},{line,135}]},{webmachine_resource,resource_call,3,[{file,"src/webmachine_..."},...]},...]}
Solution:
If you have a custom setting for TLS in your /etc/opscode/chef-server.rb file, remove or comment it out and reconfigure the chef server.
Restart the push jobs server and watch its log output to ensure that it has come up cleanly and been able to communicate with its companion Chef Server.
A potential workaround to allow you to keep the TLS 1.2 setting can be found at https://github.com/chef/opscode-pushy-server/issues/154
Comments