Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ohai resource: reloading a specific plugin which is marked as "optional" is ignored #8838

Open
jharbott opened this issue Aug 22, 2019 · 4 comments

Comments

@jharbott
Copy link

commented Aug 22, 2019

Description

Running the example from https://docs.chef.io/resource_ohai.html fails with chef-client >= 14.

Chef Version

Tested with 15.2.20 and 14.13.11

Platform Version

Ubuntu 18.04

Replication Case

Create a cookbook with a recipe containing the example code from the ohai resource. On the first run, when the new user is actually created, the ruby code block fails. With 13.12.14 the code runs without error.

Client Output

  * ruby_block[just an example] action run[2019-08-22T10:41:48+00:00] INFO: Processing ruby_block[just an example] action run (xion_prometheus::test line 13)


    ================================================================================
    Error executing action `run` on resource 'ruby_block[just an example]'
    ================================================================================

    NoMethodError
    -------------
    undefined method `[]' for nil:NilClass

    Cookbook Trace:
    ---------------
    /var/chef/cache/cookbooks/tests/recipes/test.rb:16:in `block (2 levels) in from_file'

    Resource Declaration:
    ---------------------
    # In /var/chef/cache/cookbooks/tests/recipes/test.rb

     13: ruby_block 'just an example' do
     14:   block do                                                                                                                                                                
     15:     # These variables will now have the new values
     16:     puts node['etc']['passwd']['daemonuser']['uid']                                                                                                 
     17:     puts node['etc']['passwd']['daemonuser']['gid']
     18:   end
     19: end                                                                        
                                                                          
    Compiled Resource:                                                              
    ------------------
    # Declared in /var/chef/cache/cookbooks/tests/recipes/test.rb:13:in `from_file'
                 
    ruby_block("just an example") do      
      action [:run]
      default_guard_interpreter :default
      declared_type :ruby_block
      cookbook_name "tests"                                                              
      recipe_name "test"
      block #<Proc:0x0000000004c08448@/var/chef/cache/cookbooks/tests/recipes/test.rb:14>
      block_name "just an example"
    end                                                           

    System Info:                        
    ------------
    chef_version=15.2.20                                   
    platform=ubuntu                                                                                                                                          
    platform_version=18.04                                  
    ruby=ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
    program_name=/usr/bin/chef-client                                               
    executable=/opt/chef/bin/chef-client
@lamont-granquist

This comment has been minimized.

Copy link
Contributor

commented Aug 22, 2019

That looks like a glibc caching issue, this is probably not fixable without reimplementing Etc.getpwnam to bypass glibc (and thereby NSS, NIS, LDAP, etc). You can look at your NSS settings and if you're using nscd or not and try to tweak things to remove the caching, but this is probably a dup of #3552 or #3100 or related issues like #2894 or #4829.

@jharbott

This comment has been minimized.

Copy link
Author

commented Aug 23, 2019

@lamont-granquist all those other issues are pretty old and don't look related to me. Note that the code works fine with chef-client < 14, simply by downgrading the chef pkg on the same machine, so it certainly looks to be fixable within chef-client code. FWIW nsswitch.conf lists compat systemd for both passwd and group.

Finally, even if this turned out to be an unavoidable issue in what I think is a pretty common environment, IMO that should be noted in the corresponding documentation.

@jharbott

This comment has been minimized.

Copy link
Author

commented Aug 26, 2019

More debugging shows that the reload does work when I remove the plugin attribute from the ohai resource, triggering a complete reload.

After reading the code, it seems that this is caused by this patch chef/ohai@48c29a3 , which marks the passwd plugin as optional and thus not triggered by the reload action, which according to the debug output is executed with :run_all_plugins=>false. I'm not sure how plugins got selected as optionial, maybe just switch passwd back to non-optional? Or change the ohai resource in chef to set :run_all_plugins=>true?

@lamont-granquist

This comment has been minimized.

Copy link
Contributor

commented Aug 27, 2019

The passwd plugin is optional for good reasons, it walks LDAP/AD on systems that have that setup and causes horrible performance issues.

It sounds like the bug here is just that when you pass an optional plugin as the plugin to run in the ohai resource that it doesn't run that plugin, even though you've specified it.

And we wouldn't want to set run_all_plugins to true because if someone does not have the passwd plugin enabled because of AD/LDAP then a simple reload to the ohai resource should never load those plugins which are optional/disabled. That would blow up all kinds of systems to just always force that to true in the resource.

I suppose we could also raise if the plugin is currently disabled - the theory being that if someone has that disabled then you don't want to enable that plugin without some kind of positive action on the part of the user.

@lamont-granquist lamont-granquist changed the title Reload Ohai after a new user is created doesn't work with chef-client >= 14 Ohai resource: reloading a specific plugin which is marked as "optional" is ignored Aug 27, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.