possible incompatibility with Chef client release 12.4 #82

Closed
dupuy opened this Issue Jun 29, 2015 · 2 comments

Comments

Projects
None yet
2 participants
@dupuy
Contributor

dupuy commented Jun 29, 2015

Our deployments started failing after the new Chef client release last week; I am currently working on modifying our cloud-init based bootstrap to pin the version of the Chef omnibus installer (unfortunately the cloud-init Chef support doesn't provide any way to do this, so I have to do the installation manually to pin it to a particular version) so I haven't had the time to dive in deep to try to understand what changed in 12.4 to cause it to fail, but the fatal error is in the os-hardening/sysctl.rb recipe, so thought I would give you a "heads up" on this problem...

Here are the most-likely-to-be-relevant info and warnings from the logs of the initial Chef client run:

[2015-06-26T16:01:01+00:00] INFO: Loading cookbooks [publicserver-tlabs@1.1.9, apt@2.7.0, yum@3.6.1, yum-epel@0.6.2, locale@1.0.2, hostsfile@2.4.5, rsyslog@2.0.0, fail2ban@2.2.1, build-essential@2.2.3, mosh@0.4.0, postfix@3.5.0, ubuntu@1.1.8, debian@1.7.2, timezone-ii@0.2.0, apt-periodic@0.2.0, logrotate@1.9.2, cacert@0.2.0, os-hardening@1.2.0, sysctl@0.6.2, ohai@2.0.1, ssh-hardening@1.0.3, chef-client@4.3.0, cron@1.6.1, windows@1.37.0, chef_handler@1.2.0, push-jobs@2.2.0, runit@1.7.2, packagecloud@0.0.19, ssl-vault@1.1.13, chef-vault@1.0.4, sudo@2.7.1, users@1.8.2, etckeeper@1.0.4, git@4.2.2, dmg@2.2.2, bsw_gpg@0.2.3, hostname@0.3.0, bash-CVE-2014-6271@0.1.1, bash-CVE-2014-7169@0.1.0]
[2015-06-26T16:01:01+00:00] WARN: You are overriding windows_package on {:os=>"windows"} with Chef::Resource::WindowsCookbookPackage: used to be Chef::Resource::WindowsPackage. Use override: true if this is what you intended.
[2015-06-26T16:01:01+00:00] WARN: You declared a new resource Chef::Provider::GitClient::Source for resource git_client, but it comes alphabetically after Chef::Provider::GitClient::Package and has the same filters ({:os=>"linux"}), so it will not be used. Use override: true if you want to use it for git_client.
...
================================================================================
Recipe Compile Error in /var/cache/chef/cookbooks/publicserver-tlabs/recipes/default.rb
================================================================================

NoMethodError
-------------
No resource or method named `File' for `Chef::Recipe "sysctl"'

Cookbook Trace:
---------------
  /var/cache/chef/cookbooks/os-hardening/recipes/sysctl.rb:46:in `from_file'
  /var/cache/chef/cookbooks/os-hardening/recipes/default.rb:30:in `from_file'
  /var/cache/chef/cookbooks/publicserver-tlabs/recipes/default.rb:56:in `from_file'[0m

Relevant File Content:
----------------------
/var/cache/chef/cookbooks/os-hardening/recipes/sysctl.rb:

 39:  rescue
 40:    log 'WARNING: Could not properly determine the cpu vendor. Fallback to intel cpu.' do
 41:      level :warn
 42:    end
 43:  end
 44:  
 45:  # protect sysctl.conf
 46>> File '/etc/sysctl.conf' do
 47:    mode 0440
 48:    owner 'root'
 49:    group 'root'
 50:  end
 51:  
 52:  # NSA 2.2.4.1 Set Daemon umask
 53:  # do config for rhel-family
 54:  case node['platform_family']
 55:  when 'rhel', 'fedora'
[2015-06-26T16:01:48+00:00] ERROR: Running exception handlers
[2015-06-26T16:01:48+00:00] ERROR: Exception handlers complete

[0m[2015-06-26T16:01:48+00:00] FATAL: Stacktrace dumped to /var/cache/chef/chef-stacktrace.out
[2015-06-26T16:01:48+00:00] ERROR: No resource or method named `File' for `Chef::Recipe "sysctl"'
[2015-06-26T16:01:48+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
@Rockstar04

This comment has been minimized.

Show comment
Hide comment
@Rockstar04

Rockstar04 Jun 29, 2015

Member

This issue was already addressed in #80 and the patch #81.

As an immediate solution until we tag a new release, you can use our master branch, which will successfully converge with the 12.4 client.

Member

Rockstar04 commented Jun 29, 2015

This issue was already addressed in #80 and the patch #81.

As an immediate solution until we tag a new release, you can use our master branch, which will successfully converge with the 12.4 client.

@Rockstar04 Rockstar04 closed this Jun 29, 2015

@dupuy

This comment has been minimized.

Show comment
Hide comment
@dupuy

dupuy Jun 29, 2015

Contributor

Thanks for the pointer to the existing fix - my apologies for opening a duplicate ticket - I should have checked the closed tickets too, but the GitHub issues UI doesn't encourage that as much as it could.

Maybe twitter and/or a blog post would be a useful way to provide notifications about these kinds of things - I noticed that there's now an Ansible os-hardening repository, would love to know when that's ready, but remembering to check every week would be unlikely.

Contributor

dupuy commented Jun 29, 2015

Thanks for the pointer to the existing fix - my apologies for opening a duplicate ticket - I should have checked the closed tickets too, but the GitHub issues UI doesn't encourage that as much as it could.

Maybe twitter and/or a blog post would be a useful way to provide notifications about these kinds of things - I noticed that there's now an Ansible os-hardening repository, would love to know when that's ready, but remembering to check every week would be unlikely.

rollbrettler pushed a commit to rollbrettler/chef-os-hardening that referenced this issue Sep 16, 2016

Merge pull request #82 from aried3r/ar/update_readme
Update README and use OpenSSH defaults for UseDNS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment