Fix Busser and chef-client-zero.rb Gem Sandboxing #258
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 858a1f1.
This reverts commit feab960.
This reverts commit 16fb8c2. Conflicts: lib/kitchen/provisioner/chef_zero.rb
This reverts commit 291c1db. Conflicts: lib/kitchen/provisioner/chef_zero.rb
The directories that will be rejected when search for suite files include: * data/ * data_bags/ * environments/ * nodes/ * roles/
Fixes regression in 5ad2f72
To override the directory containing the `ruby` and `gem` commands
(which defaults to `/opt/chef/embedded/bin`), simply set the following
in a `driver_config` block in a kitchen.yml file:
---
driver_config:
instance_ruby_bindir: /opt/local/ruby/bin
Busser will use this path to calculate the path to `ruby`, `gem`, and
the default `GEM_PATH` environment.
Note this will be the value as reported by:
RbConfig::CONFIG["bindir"]
References 291c1db
Delegate the environment variable maintenance back to busser except when initially installing the gem and running `busser setup`. This will generate a `$BUSSER_ROOT/bin/busser` binstub that isolates its gem environment, path to `ruby`, etc. When calculating Busser's GEM_HOME, it will be set to `$BUSSER_ROOT/gems`. The GEM_PATH will be calculated by prepending the value of GEM_HOME onto the existing GEM_PATH. This means that if the Ruby being used is an Omnibus package then the Chef gem will be LOAD_PATH require'able but any gem installation made by Busser will go under its BUSSER_ROOT. This includes the initial Busser gem installation. References #242 References #225
ghost
assigned 
|
@petecheslock @fnichol this fixed it! before (on beta4): after (on branch): awesome! I believe this is the exact same use-case that @petecheslock had, so hopefully that is enough of a positive sign. Let me know if you want me to do more investigating. |
|
@eklein Sweet, thanks for the confirmation! It looks like Chef 11.8.0 introduced RSpec into the Omnibus package so this Serverspec may still have an issue loading but I have an idea for a solution to that. |
|
@fnichol, that's using serverspec and chef-zero above.. ugh, just noticed it's using chef 11.6. Let me give it a shot with 11.8. |
|
@eklein No problem, you've confirmed what I've seen as well--this is good, we're getting there! |
Currently the following values are supported: * `"busser"`, `"some-name"`: alternative name for gem * `"1.2.3"`, `"0.7.0.beta.2"`: specific RubyGems version * `"busser@0.5.0"`, `"some-name@5.0.0"`: specific gem name and version * `"/tmp/busser-0.6.0.dev.gem"`: path on remote instance to gem pkg
Previous to this commit, Test Kitchen's work directory on the instance depended on the provisioner used. For example the chef_solo provisioner worked out of `/tmp/kitchen-chef-solo` and the chef_zero provisioner worked out of `/tmp/kitchen-chef-zero`. With the addition of a `data_path` config option this made discovering the path to uploaded data more difficult. Now all provisioners will upload the contents of `data_path` to `/tmp/kitchen/data`.
Shorthand:
---
driver: dummy
Explicit:
---
driver:
name: dummy
other: stuff
Due to the way multi-YAML file merging happens, there may end up being a data structure that contains `:driver`, `:driver_plugin`, and `driver_config` all in the same location (i.e. in a platform, suite, or common). In case of current `:driver` and legacy keys, the newer `:driver` config will win in the recursive merge and take precedence over the legacy format.
This effectively will convert the following:
---
suites:
- name: foo
data_path: /my/data
data_bags_path: /my/data_bags
environments_path: /my/environments
nodes_path: /my/nodes
roles_path: /my/roles
into:
---
suites:
- name: foo
provisioner:
data_path: /my/data
data_bags_path: /my/data_bags
environments_path: /my/environments
nodes_path: /my/nodes
roles_path: /my/roles
This will be supported in the near-term for backwards compatability,
then a future release will deprecate this legacy usage with a warning
when encountered, then the legacy support will be finally removed in
another release.
Introduce default config, computed defaults for various Chef data paths, compute solo.rb and client.rb from a Hash so that settings can be overridden or added to.
This fully isolates Busser and its runner plugins to a GEM_HOME and GEM_PATH of `<busser_root_path>/gems`.
This may return in another form in the future, promise!
This preserves prior merging behavior of run_list arrarys: 1. items from a run_list on the platform will be placed first 2. items from a run_list on the suite will be placed next
To make this work, a modern version of Chef will be installed into a sandboxed path (no dependencies at all on Omnibus packages gems) and used to start chef-zero on a thread during a normal chef-client run (using your desired Chef version). This is best-effort for versions of Chef less than 11.8.0, there may be missing package dependencies needed on your specific platform. If this is the case, the chef_zero Provisioner may crash and fail the converge action. Note that versions of Chef greater than or equal to 11.8.0 will be supported out of the box with Test Kitchen running chef-client in local mode to get the desired functionality.
This can be useful in `.kitchen/logs/kitchen.log` when tracking dates, times and durations of `kitchen` command invocations.
Will be investigating Rubocop as an alternative.
Conflicts: lib/kitchen/cli.rb
fnichol
added a commit
that referenced
this pull request
Nov 26, 2013
Fix Busser and chef-client-zero.rb Gem Sandboxing
BrentOnRails
pushed a commit
to BrentOnRails/test-kitchen
that referenced
this pull request
Jul 17, 2017
This allows a user to rely on a [default] profile getting picked up in the shared credentials file (~/.aws/credentials). Fixes test-kitchen#295 Fixes test-kitchen#258
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
References #225, #240, #241, and #242