New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Interval setting is not working properly #101

Closed
jeremiahsnapp opened this Issue Sep 29, 2016 · 0 comments

Comments

Projects
None yet
1 participant
@jeremiahsnapp
Contributor

jeremiahsnapp commented Sep 29, 2016

Cookbook version

0.14.4

Chef-client version

Chef: 12.14.89

Platform Details

Ubuntu 14.04

Scenario:

Setting the interval attributes doesn't work. The compliance profiles are never executed.

Steps to Reproduce:

I use a wrapper cookbook to set the following attributes. I'm setting the interval to 1 minute for troubleshooting purposes.

default['audit']['profiles']['base/linux'] = true
default['audit']['profiles']['base/ssh'] = true
default['audit']['interval']['enabled'] = true
default['audit']['interval']['time'] = 1

Expected Result:

The compliance_profile should fetch AND execute properly according to the interval.

Actual Result:

Run chef-client -l debug and notice that the compliance profiles are fetched but they are not executed at all. (skipped due to only_if)

The file that is used to calculate if the interval has passed is being touched by the compliance_profile's notifies property.

The problem is the compliance_profile has both the :fetch AND :execute action. The :fetch action works and touches the interval file immediately so when the :execute action runs the only_if guard is rechecked and sees (incorrectly) that the interval has not passed.

I tested changing the notifies to a :delayed instead of :immediately and it fixed this for me. The compliance_profile fetched AND executed properly according to the interval.

Workaround

Putting the following in my audit wrapper cookbook's default.rb recipe worked for me. It creates :delayed notifications and deletes the :immediate notifications.

include_recipe 'audit'

run_context.immediate_notification_collection.each do |k,v|
  if (k =~ /^compliance_profile\[\w*\]$/) && (v.first.action == :touch)
    resources(k).notifies :touch, v.first.resource, :delayed
  end
end
run_context.immediate_notification_collection.delete_if { |k,v| (k =~ /^compliance_profile\[\w*\]$/) && (v.first.action == :touch) }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment