Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

possible incompatibility with Chef client release 12.4 #82

Closed
dupuy opened this issue Jun 29, 2015 · 2 comments
Closed

possible incompatibility with Chef client release 12.4 #82

dupuy opened this issue Jun 29, 2015 · 2 comments

Comments

@dupuy
Copy link
Contributor

dupuy commented Jun 29, 2015

Our deployments started failing after the new Chef client release last week; I am currently working on modifying our cloud-init based bootstrap to pin the version of the Chef omnibus installer (unfortunately the cloud-init Chef support doesn't provide any way to do this, so I have to do the installation manually to pin it to a particular version) so I haven't had the time to dive in deep to try to understand what changed in 12.4 to cause it to fail, but the fatal error is in the os-hardening/sysctl.rb recipe, so thought I would give you a "heads up" on this problem...

Here are the most-likely-to-be-relevant info and warnings from the logs of the initial Chef client run:

[2015-06-26T16:01:01+00:00] INFO: Loading cookbooks [publicserver-tlabs@1.1.9, apt@2.7.0, yum@3.6.1, yum-epel@0.6.2, locale@1.0.2, hostsfile@2.4.5, rsyslog@2.0.0, fail2ban@2.2.1, build-essential@2.2.3, mosh@0.4.0, postfix@3.5.0, ubuntu@1.1.8, debian@1.7.2, timezone-ii@0.2.0, apt-periodic@0.2.0, logrotate@1.9.2, cacert@0.2.0, os-hardening@1.2.0, sysctl@0.6.2, ohai@2.0.1, ssh-hardening@1.0.3, chef-client@4.3.0, cron@1.6.1, windows@1.37.0, chef_handler@1.2.0, push-jobs@2.2.0, runit@1.7.2, packagecloud@0.0.19, ssl-vault@1.1.13, chef-vault@1.0.4, sudo@2.7.1, users@1.8.2, etckeeper@1.0.4, git@4.2.2, dmg@2.2.2, bsw_gpg@0.2.3, hostname@0.3.0, bash-CVE-2014-6271@0.1.1, bash-CVE-2014-7169@0.1.0]
[2015-06-26T16:01:01+00:00] WARN: You are overriding windows_package on {:os=>"windows"} with Chef::Resource::WindowsCookbookPackage: used to be Chef::Resource::WindowsPackage. Use override: true if this is what you intended.
[2015-06-26T16:01:01+00:00] WARN: You declared a new resource Chef::Provider::GitClient::Source for resource git_client, but it comes alphabetically after Chef::Provider::GitClient::Package and has the same filters ({:os=>"linux"}), so it will not be used. Use override: true if you want to use it for git_client.
...
================================================================================
Recipe Compile Error in /var/cache/chef/cookbooks/publicserver-tlabs/recipes/default.rb
================================================================================

NoMethodError
-------------
No resource or method named `File' for `Chef::Recipe "sysctl"'

Cookbook Trace:
---------------
  /var/cache/chef/cookbooks/os-hardening/recipes/sysctl.rb:46:in `from_file'
  /var/cache/chef/cookbooks/os-hardening/recipes/default.rb:30:in `from_file'
  /var/cache/chef/cookbooks/publicserver-tlabs/recipes/default.rb:56:in `from_file'[0m

Relevant File Content:
----------------------
/var/cache/chef/cookbooks/os-hardening/recipes/sysctl.rb:

 39:  rescue
 40:    log 'WARNING: Could not properly determine the cpu vendor. Fallback to intel cpu.' do
 41:      level :warn
 42:    end
 43:  end
 44:  
 45:  # protect sysctl.conf
 46>> File '/etc/sysctl.conf' do
 47:    mode 0440
 48:    owner 'root'
 49:    group 'root'
 50:  end
 51:  
 52:  # NSA 2.2.4.1 Set Daemon umask
 53:  # do config for rhel-family
 54:  case node['platform_family']
 55:  when 'rhel', 'fedora'
[2015-06-26T16:01:48+00:00] ERROR: Running exception handlers
[2015-06-26T16:01:48+00:00] ERROR: Exception handlers complete

[0m[2015-06-26T16:01:48+00:00] FATAL: Stacktrace dumped to /var/cache/chef/chef-stacktrace.out
[2015-06-26T16:01:48+00:00] ERROR: No resource or method named `File' for `Chef::Recipe "sysctl"'
[2015-06-26T16:01:48+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
@Rockstar04
Copy link
Member

This issue was already addressed in #80 and the patch #81.

As an immediate solution until we tag a new release, you can use our master branch, which will successfully converge with the 12.4 client.

@dupuy
Copy link
Contributor Author

dupuy commented Jun 29, 2015

Thanks for the pointer to the existing fix - my apologies for opening a duplicate ticket - I should have checked the closed tickets too, but the GitHub issues UI doesn't encourage that as much as it could.

Maybe twitter and/or a blog post would be a useful way to provide notifications about these kinds of things - I noticed that there's now an Ansible os-hardening repository, would love to know when that's ready, but remembering to check every week would be unlikely.

rollbrettler pushed a commit to rollbrettler/chef-os-hardening that referenced this issue Sep 16, 2016
Update README and use OpenSSH defaults for UseDNS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants