New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chef-client v.12 unable to find provider private methods #10

Closed
martinb3 opened this Issue Dec 8, 2014 · 6 comments

Comments

Projects
None yet
3 participants
@martinb3
Contributor

martinb3 commented Dec 8, 2014

The LWRP in this cookbook uses the recipe DSL (source):

action :create  do
  unless ::File.exists? new_resource.name
    create_keys

    file new_resource.name do
      action :create_if_missing
      mode  new_resource.mode
      owner new_resource.owner
      group new_resource.group
      content cert.to_pem
    end

    file new_resource.key_file do
      action :create_if_missing
      mode  new_resource.mode
      owner new_resource.owner
      group new_resource.group
      content key.to_pem
    end

  end
end

With chef-client 12, the evaluation of cert.to_pem is no longer finding the correct method to call, and I'm seeing this error instead (in many of our cookbooks):

================================================================================       
    Error executing action `create` on resource 'openssl_x509[/etc/nginx/ssl/kibana.pem]'       
    ================================================================================       

    NoMethodError       
    -------------       
    undefined method `cert' for Chef::Resource::File       

           Cookbook Trace:

       ---------------
           /tmp/kitchen/cache/cookbooks/openssl/providers/x509.rb:26:in `block (2 levels) in class_from_file'
           /tmp/kitchen/cache/cookbooks/openssl/providers/x509.rb:21:in `block in class_from_file'

           Resource Declaration:

       ---------------------
           # In /tmp/kitchen/cache/cookbooks/elkstack/recipes/kibana_ssl.rb

            53: openssl_x509 cert_file do
            54:   common_name node.name

        55:   org 'Kibana'
            56:   org_unit 'Kibana'
            57:   country 'US'
            58:   key_file key_file
            59: end

           Compiled Resource:
           ------------------
           # Declared in /tmp/kitchen/cache/cookbooks/elkstack/recipes/kibana_ssl.rb:53:in `from_file'

           openssl_x509("/etc/nginx/ssl/kibana.pem") do

         action :create
             retries 0
             retry_delay 2
             default_guard_interpreter :default
             cookbook_name "elkstack"
             recipe_name "kibana_ssl"
             common_name "default-ubuntu-1404"
             org "Kibana"
             org_unit "Kibana"
             country "US"
             key_file "/etc/nginx/ssl/kibana.key"
             key_length 2048

           end

I'm assuming there's something changed about how the recipe DSL is being evaluated in chef-client v.12 that is causing this. Reading over the changelog, I don't see anything that would obviously cause this.

I can confirm that this workaround fixes it. It's very strange that the DSL resource is evaluating cert in the context of file unless I do this workaround, but there you have it:

action :create  do
  unless ::File.exists? new_resource.name
    create_keys
    cert_content = cert.to_pem
    key_content = key.to_pem

    file new_resource.name do
      action :create_if_missing
      mode  new_resource.mode
      owner new_resource.owner
      group new_resource.group
      content cert_content
    end

    file new_resource.key_file do
      action :create_if_missing
      mode  new_resource.mode
      owner new_resource.owner
      group new_resource.group
      content key_content
    end

  end
end

/CC @spheromak @jtimberman

martinb3 added a commit to racker/openssl that referenced this issue Dec 8, 2014

Call #to_pem before recipe DSL
Fixes #10, calls `#to_pem` on cert and key before passing local variables to `Chef::Resource::File`.

martinb3 added a commit to racker/openssl that referenced this issue Dec 8, 2014

Call #to_pem before recipe DSL
Fixes #10, calls `#to_pem` on cert and key before passing local variables to `Chef::Resource::File`.
@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Dec 10, 2014

Thanks i have the same issue! 👍

ghost commented Dec 10, 2014

Thanks i have the same issue! 👍

@cmalek

This comment has been minimized.

Show comment
Hide comment
@cmalek

cmalek Dec 10, 2014

I also have this same issue. Thanks for the work around in the meantime.

cmalek commented Dec 10, 2014

I also have this same issue. Thanks for the work around in the meantime.

@danielsdeleo

This comment has been minimized.

Show comment
Hide comment
@danielsdeleo

danielsdeleo Dec 29, 2014

This is a bit odd, as the provider does respond to cert and this code in the base resource class implements looking up methods on the "enclosing provider" for LWRPs: https://github.com/opscode/chef/blob/b7b7dad4e476b3fde67f0d9881e15efe7e5b60ac/lib/chef/resource.rb#L205-L214

My guess is that the upgrade to Ruby 2.0 changes how respond_to? handles protected methods, so that respond_to?(:cert) is false whereas it was true in Ruby 1.9. Assuming I'm correct, you could also fix the issue by making cert public. Whether or not this is "better" than the fix in #11 is hard to say; the method is only used in implementation and doesn't need to be part of the public API, except that the use of instance_eval in Chef's Ruby DSL means that it's the resource object calling that method and not the provider object calling the method on itself.

danielsdeleo commented Dec 29, 2014

This is a bit odd, as the provider does respond to cert and this code in the base resource class implements looking up methods on the "enclosing provider" for LWRPs: https://github.com/opscode/chef/blob/b7b7dad4e476b3fde67f0d9881e15efe7e5b60ac/lib/chef/resource.rb#L205-L214

My guess is that the upgrade to Ruby 2.0 changes how respond_to? handles protected methods, so that respond_to?(:cert) is false whereas it was true in Ruby 1.9. Assuming I'm correct, you could also fix the issue by making cert public. Whether or not this is "better" than the fix in #11 is hard to say; the method is only used in implementation and doesn't need to be part of the public API, except that the use of instance_eval in Chef's Ruby DSL means that it's the resource object calling that method and not the provider object calling the method on itself.

@martinb3

This comment has been minimized.

Show comment
Hide comment
@martinb3

martinb3 Dec 30, 2014

Contributor

@danielsdeleo Indeed, I just looked it up and Ruby 2.0+ handles respond_to? differently (no more protected methods). I don't really mind whether we fix it like #11 or by changing the cert method (in fact I'd do PRs for both), but if someone could merge and release #11, we could start using chef 12 :)

Contributor

martinb3 commented Dec 30, 2014

@danielsdeleo Indeed, I just looked it up and Ruby 2.0+ handles respond_to? differently (no more protected methods). I don't really mind whether we fix it like #11 or by changing the cert method (in fact I'd do PRs for both), but if someone could merge and release #11, we could start using chef 12 :)

@danielsdeleo

This comment has been minimized.

Show comment
Hide comment
@danielsdeleo

danielsdeleo Dec 30, 2014

I'm trying to track down some folks who can merge #11 but it looks like everyone is on holiday vacation still. So you might need to use some workaround (stay on Chef 11.x, patch cookbook, monkey patch in a wrapper cookbook) until early January.

danielsdeleo commented Dec 30, 2014

I'm trying to track down some folks who can merge #11 but it looks like everyone is on holiday vacation still. So you might need to use some workaround (stay on Chef 11.x, patch cookbook, monkey patch in a wrapper cookbook) until early January.

@someara someara closed this in #11 Dec 30, 2014

@martinb3

This comment has been minimized.

Show comment
Hide comment
@martinb3

martinb3 Dec 30, 2014

Contributor

Thanks @danielsdeleo and @someara!

Contributor

martinb3 commented Dec 30, 2014

Thanks @danielsdeleo and @someara!

frkline added a commit to frkline/openssl that referenced this issue Sep 10, 2015

Call #to_pem before recipe DSL
Fixes #10, calls `#to_pem` on cert and key before passing local variables to `Chef::Resource::File`.

chr4 added a commit to chr4-cookbooks/user that referenced this issue Mar 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment