lib/chef/formatters/error_inspectors/api_error_formatting.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

#--
# Author:: Daniel DeLeo (<dan@chef.io>)
# Copyright:: Copyright (c) Chef Software Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require_relative "../../http/authenticator"
require_relative "../../dist"

class Chef
  module Formatters

    module APIErrorFormatting

      NETWORK_ERROR_CLASSES = [Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError].freeze

      def describe_network_errors(error_description)
        error_description.section("Networking Error:", <<~E)
          #{exception.message}

          Your chef_server_url may be misconfigured, or the network could be down.
        E
        error_description.section("Relevant Config Settings:", <<~E)
          chef_server_url  "#{server_url}"
        E
      end

      def describe_eof_error(error_description)
        error_description.section("Authentication Error:", <<~E)
          Received an EOF on transport socket.  This almost always indicates a network
          error external to #{Chef::Dist::CLIENT}.  Some causes include:

            - Blocking ICMP Dest Unreachable (breaking Path MTU Discovery)
            - IPsec or VPN tunnelling / TCP Encapsulation MTU issues
            - Jumbo frames configured only on one side (breaking Path MTU)
            - Jumbo frames configured on a LAN that does not support them
            - Proxies or Load Balancers breaking large POSTs
            - Broken TCP offload in network drivers/hardware

          Try sending large pings to the destination:

             windows:  ping server.example.com -f -l 9999
             unix:  ping server.example.com -s 9999

          Try sending large POSTs to the destination (any HTTP code returned is success):

             e.g.:  curl http://server.example.com/`printf '%*s' 9999 '' | tr ' ' 'a'`

          Try disabling TCP Offload Engines (TOE) in your ethernet drivers.

            windows:
              Disable-NetAdapterChecksumOffload * -TcpIPv4 -UdpIPv4 -IpIPv4 -NoRestart
              Disable-NetAdapterLso * -IPv4 -NoRestart
              Set-NetAdapterAdvancedProperty * -DisplayName "Large Receive Offload (IPv4)" -DisplayValue Disabled –NoRestart
              Restart-NetAdapter *
            unix(bash):
              for i in rx tx sg tso ufo gso gro lro rxvlan txvlan rxhash; do /sbin/ethtool -K eth0 $i off; done

          In some cases the underlying virtualization layer (Xen, VMware, KVM, Hyper-V, etc) may have
          broken virtual networking code.
        E
      end

      def describe_401_error(error_description)
        if clock_skew?
          error_description.section("Authentication Error:", <<~E)
            Failed to authenticate to the chef server (http 401).
            The request failed because your clock has drifted by more than 15 minutes.
            Syncing your clock to an NTP Time source should resolve the issue.
          E
        else
          error_description.section("Authentication Error:", <<~E)
            Failed to authenticate to the chef server (http 401).
          E

          error_description.section("Server Response:", format_rest_error)
          error_description.section("Relevant Config Settings:", <<~E)
            chef_server_url   "#{server_url}"
            node_name         "#{username}"
            client_key        "#{api_key}"

            If these settings are correct, your client_key may be invalid, or
            you may have a chef user with the same client name as this node.
          E
        end
      end

      def describe_400_error(error_description)
        error_description.section("Invalid Request Data:", <<~E)
          The data in your request was invalid (HTTP 400).
        E
        error_description.section("Server Response:", format_rest_error)
      end

      def describe_406_error(error_description, response)
        if response["x-ops-server-api-version"]
          version_header = Chef::JSONCompat.from_json(response["x-ops-server-api-version"])
          client_api_version = version_header["request_version"]
          min_server_version = version_header["min_version"]
          max_server_version = version_header["max_version"]

          error_description.section("Incompatible server API version:", <<~E)
            This version of the API that this request specified is not supported by the server you sent this request to.
            The server supports a min API version of #{min_server_version} and a max API version of #{max_server_version}.
            #{Chef::Dist::PRODUCT} just made a request with an API version of #{client_api_version}.
            Please either update your #{Chef::Dist::PRODUCT} or the server to be a compatible set.
          E
        else
          describe_http_error(error_description)
        end
      end

      def describe_500_error(error_description)
        error_description.section("Unknown Server Error:", <<~E)
          The server had a fatal error attempting to load the node data.
        E
        error_description.section("Server Response:", format_rest_error)
      end

      def describe_503_error(error_description)
        error_description.section("Server Unavailable", "The #{Chef::Dist::SERVER_PRODUCT} is temporarily unavailable")
        error_description.section("Server Response:", format_rest_error)
      end

      # Fallback for unexpected/uncommon http errors
      def describe_http_error(error_description)
        error_description.section("Unexpected API Request Failure:", format_rest_error)
      end

      # Parses JSON from the error response sent by Chef Server and returns the
      # error message
      def format_rest_error
        Array(Chef::JSONCompat.from_json(exception.response.body)["error"]).join("; ")
      rescue Exception
        safe_format_rest_error
      end

      def username
        config[:node_name]
      end

      def api_key
        config[:client_key]
      end

      def server_url
        config[:chef_server_url]
      end

      def clock_skew?
        exception.response.body =~ /synchronize the clock/i
      end

      def safe_format_rest_error
        # When we get 504 from the server, sometimes the response body is non-readable.
        #
        # Stack trace:
        #
        # NoMethodError: undefined method `closed?' for nil:NilClass
        # .../lib/ruby/1.9.1/net/http.rb:2789:in `stream_check'
        # .../lib/ruby/1.9.1/net/http.rb:2709:in `read_body'
        # .../lib/ruby/1.9.1/net/http.rb:2736:in `body'
        # .../lib/chef/formatters/error_inspectors/api_error_formatting.rb:91:in `rescue in format_rest_error'

        exception.response.body
      rescue Exception
        "Cannot fetch the contents of the response."
      end

    end
  end
end