ncerny / chef_stack Goto Github PK

Just had a ticket from a customer that used chef_stack to install Chef-backend but it failed.
After some digging, he found out the problem was the custom host.allow and host.deny rules he had.

Would be nice to have some preflight check or even better if the cookbook could add the necessary rules on iptables and host.* with the required ports enabled.

chef_stack leaves a validation.pem under /etc/chef after its use.

This breaks automate-ctl install-runner, because the embedded chef-client traverses up to the /etc/chef directory to find any possible validation.pem. When one is found, this doesn't fit in with install-runner's assumptions.

@ncerny, was there a reason you didn't have a chef_compliance resource?

When we run the delivery api command here:

https://github.com/ncerny/chef_stack/blob/master/resources/wf_builder.rb#L237-L241

It's standard output is not purely JSON, so we get a JSON parse error.

   * ruby_block[install job runner] action run[2017-02-01T13:48:58-06:00] INFO: Processing ruby_block[install job runner] action run (/var/chef/cache/cookbooks/chef_stack/resources/wf_builder.rb line 227)


      ================================================================================
      Error executing action `run` on resource 'ruby_block[install job runner]'
      ================================================================================

      JSON::ParserError
      -----------------
      784: unexpected token at 'Requesting Token
      token: CN20NGom2BAl6331-MNbq_ww1D5RupN6BYScWdyrMFU
      saved API token to: /root/.delivery/api-tokens
      {
        "health": {},
....

Hey there! Great repo. Thanks for all the work :)

I'd like to request that in the future and perhaps for past commits. This would help people who try to stick to stable(ish) tags, or at least who don't want the repo floating with HEAD during berkshelf updates :)

Much appreciated!

I'm getting an error when using chef_user resource after a second user is created. It then starts failing for the first one, saying it already exists. So it's trying to add the existing user. Digging in, i think I've found the issue

chef-users seems to get saved in run-state as things like this:

node.run_state['chef-users'] = "delivery\n"
node.run_state['chef-users'] = "\n"
node.run_state['chef-users'] = "delivery\nsomeother\n"
node.run_state['chef-users'] = "someother\ndelivery\n"

The current guard for that is:

not_if { node.run_state['chef-users'].index(/^#{new_resource.username}$/) }

This doesn't seem right, as the code produces the following results:

# comment shows return
node.run_state['chef-users'] = "delivery\n" # 0
node.run_state['chef-users'] = "\n" # nil
node.run_state['chef-users'] = "delivery\nsomeother\n" # 0
node.run_state['chef-users'] = "someother\ndelivery\n" # 10

I suspect this isn't what we want?

Created a fix commit here: https://github.com/patcon/chef_stack/commits/blendive/develop

Let me know if you recognize this as an issue, and happy to create a PR

cc: @mrjcleaver

We're running automate 0.8.5, and it seems they've updated the permissions for the deliver.license file. I'm currently getting license errors, and this was the only thing I could find that had changed.

From automate-ctl reconfigure

* file[/var/opt/delivery/license/delivery.license] action create[2017-05-30T20:30:44+00:00] INFO: Processing file[/var/opt/delivery/license/delivery.license] action create (delivery::license_check line 35)
[2017-05-30T20:30:44+00:00] INFO: file[/var/opt/delivery/license/delivery.license] owner changed to 999
[2017-05-30T20:30:44+00:00] INFO: file[/var/opt/delivery/license/delivery.license] mode changed to 644

    - change mode from '0600' to '0644'
    - change owner from 'root' to 'delivery'

and then when running chef-client using the chef_automate I see this

 * chef_file[/var/opt/delivery/license/delivery.license] action create
      * cookbook_file[/var/opt/delivery/license/delivery.license] action create
        - change mode from '0644' to '0600'
        - change owner from 'delivery' to 'root'

::File.write(::File.join(home_dir, '.ssh/authorized_keys'), JSON.parse(runner.stdout.gsub(/\e(B|\e[m|\e[37m/, ''))['openssh_public_key'])

When running the chef_client resource without providing an acceptable value for the :validation_pem attribute causes the chef-client run to fail with the following error:

           ================================================================================
           Error executing action `install` on resource 'chef_client[chef.services.com]'
           ================================================================================
           
           Chef::Exceptions::ValidationFailed
           ----------------------------------
           source is required
           
           Cookbook Trace:
           ---------------
           /tmp/kitchen/cache/cookbooks/chef_stack/resources/client.rb:108:in `block (2 levels) in class_from_file'
           /tmp/kitchen/cache/cookbooks/chef_stack/resources/client.rb:107:in `block in class_from_file'