Fouts, Chris | 26 Apr 01:50 2015

knife ssh executes serially?

I added cookbooks to my nodes’ run lists, and am doing a ‘knife ssh -m “node1 node2 node3” “chef-client” –x user –P pw’ and am noticing that chef-client runs on one node, then the next, then the next, rather than chef-client running in ALL nodes in parallel. Is this expected?

 

Chris

BrĂ¡ulio Bhavamitra | 24 Apr 17:18 2015
Picon

Chef Server database schema

Hello all,

I plan to run chef programatically inside a Rails app.
Basically, the rails app will tell chef to reconfigure nginx/apache server names and aliases via its own cookbook. Then the app will work on a new domain/subdomain configured by Chef.

For that to happen, I would need to store node attributes on this app, change them, and them run chef programatically via Chef gem. I wouldn't like to do this via Chef Server API, but with a simple chef solo call.

So where can I find the Chef server schema so I can replicate part of it?

best,
bráulio

--
"Lute pela sua ideologia. Seja um com sua ideologia. Viva pela sua ideologia. Morra por sua ideologia" P.R. Sarkar

EITA - Educação, Informação e Tecnologias para Autogestão
http://cirandas.net/brauliobo
http://eita.org.br

"Paramapurusha é meu pai e Parama Prakriti é minha mãe. O universo é meu lar e todos nós somos cidadãos deste cosmo. Este universo é a imaginação da Mente Macrocósmica, e todas as entidades estão sendo criadas, preservadas e destruídas nas fases de extroversão e introversão do fluxo imaginativo cósmico. No âmbito pessoal, quando uma pessoa imagina algo em sua mente, naquele momento, essa pessoa é a única proprietária daquilo que ela imagina, e ninguém mais. Quando um ser humano criado mentalmente caminha por um milharal também imaginado, a pessoa imaginada não é a propriedade desse milharal, pois ele pertence ao indivíduo que o está imaginando. Este universo foi criado na imaginação de Brahma, a Entidade Suprema, por isso a propriedade deste universo é de Brahma, e não dos microcosmos que também foram criados pela imaginação de Brahma. Nenhuma propriedade deste mundo, mutável ou imutável, pertence a um indivíduo em particular; tudo é o patrimônio comum de todos."
Restante do texto em http://cirandas.net/brauliobo/blog/a-problematica-de-hoje-em-dia



--
"Lute pela sua ideologia. Seja um com sua ideologia. Viva pela sua ideologia. Morra por sua ideologia" P.R. Sarkar

EITA - Educação, Informação e Tecnologias para Autogestão
http://cirandas.net/brauliobo
http://eita.org.br

"Paramapurusha é meu pai e Parama Prakriti é minha mãe. O universo é meu lar e todos nós somos cidadãos deste cosmo. Este universo é a imaginação da Mente Macrocósmica, e todas as entidades estão sendo criadas, preservadas e destruídas nas fases de extroversão e introversão do fluxo imaginativo cósmico. No âmbito pessoal, quando uma pessoa imagina algo em sua mente, naquele momento, essa pessoa é a única proprietária daquilo que ela imagina, e ninguém mais. Quando um ser humano criado mentalmente caminha por um milharal também imaginado, a pessoa imaginada não é a propriedade desse milharal, pois ele pertence ao indivíduo que o está imaginando. Este universo foi criado na imaginação de Brahma, a Entidade Suprema, por isso a propriedade deste universo é de Brahma, e não dos microcosmos que também foram criados pela imaginação de Brahma. Nenhuma propriedade deste mundo, mutável ou imutável, pertence a um indivíduo em particular; tudo é o patrimônio comum de todos."
Restante do texto em http://cirandas.net/brauliobo/blog/a-problematica-de-hoje-em-dia
Fouts, Chris | 24 Apr 16:19 2015

Why do I need to keep restarting Berks API

I FINALLY got my Berks API server working, and am able to do a berks install/upload. However, it seems like I have to restart it every now and then for it to respond. I assume this is NOT normal?

 

Chris

jeffty | 24 Apr 10:05 2015
Picon

Is it possible to run chef-solo with cookbook offline?

Hi there,

Our machines are behind firewall and there is no Internet access.

We prepare to auto deploy software in these machines with chef, installed chef client and prepared local yum repository and downloaded cookbooks for those packages installation.

But it seems that chef need a an Internet access even if the cookbook and chef package is in local.

Is it possible to run it offline? Or we should install private chef server for that?

Thanks.

Jordi Llonch | 23 Apr 19:07 2015
Picon

Document

I've sent you a confidential Message


Regards


Yoshi Spendiff | 23 Apr 18:02 2015

chef-server-ctl issue

Hi,

(For those of you having deja vu I realised I sent the original email with the wrong subject)

I'm trying to configure a Chef server but I'm running into this problem when adding a key to a client:

chef-server-ctl add-client-key <org> <client_name> <path_to_pub_key_file>
/opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.0.3/lib/chef/http.rb:125:in `post': wrong number of arguments (0 for 2..3) (ArgumentError)
    from /opt/opscode/embedded/service/omnibus-ctl/helpers/key_ctl_helper.rb:43:in `post_rest'
    from (eval):74:in `block (2 levels) in load_files'
    from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/omnibus-ctl-0.3.4/lib/omnibus-ctl.rb:177:in `call'
    from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/omnibus-ctl-0.3.4/lib/omnibus-ctl.rb:177:in `block in add_command_under_category'
    from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/omnibus-ctl-0.3.4/lib/omnibus-ctl.rb:566:in `run'
    from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/omnibus-ctl-0.3.4/bin/omnibus-ctl:31:in `<top (required)>'
    from /opt/opscode/embedded/bin/omnibus-ctl:23:in `load'
    from /opt/opscode/embedded/bin/omnibus-ctl:23:in `<main>'

Chef server version is the latest installed by the chef-server cookbook,  looks like 12.0.3 from the gem and like this from yum:

chef-server-core.x86_64              12.0.8-1.el6                 <at> chef_stable_

Is this a bug or a usage problem?

--
Yoshi Spendiff
Ops Engineer
Indochino
Mobile: +1 778 952 2025
Yoshi Spendiff | 23 Apr 17:25 2015

Guard based on variable defined

Hi,

I'm trying to configure a Chef server but I'm running into this problem when adding a key to a client:

chef-server-ctl add-client-key <org> <client_name> <path_to_pub_key_file>
/opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/chef-12.0.3/lib/chef/http.rb:125:in `post': wrong number of arguments (0 for 2..3) (ArgumentError)
    from /opt/opscode/embedded/service/omnibus-ctl/helpers/key_ctl_helper.rb:43:in `post_rest'
    from (eval):74:in `block (2 levels) in load_files'
    from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/omnibus-ctl-0.3.4/lib/omnibus-ctl.rb:177:in `call'
    from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/omnibus-ctl-0.3.4/lib/omnibus-ctl.rb:177:in `block in add_command_under_category'
    from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/omnibus-ctl-0.3.4/lib/omnibus-ctl.rb:566:in `run'
    from /opt/opscode/embedded/lib/ruby/gems/2.1.0/gems/omnibus-ctl-0.3.4/bin/omnibus-ctl:31:in `<top (required)>'
    from /opt/opscode/embedded/bin/omnibus-ctl:23:in `load'
    from /opt/opscode/embedded/bin/omnibus-ctl:23:in `<main>'

Chef server version is the latest installed by the chef-server cookbook, looks like 12.0.3 from the gem.

Is this a bug or a usage problem?

--
Yoshi Spendiff
Ops Engineer
Indochino
Mobile: +1 778 952 2025
Fouts, Chris | 23 Apr 16:29 2015

How to manage cookbook versions more efficiently?

I use role cookbooks to pin down versions of the specific versions of the cookbooks they use. Since I have 25 nodes in my product and each node has a role, I have at least 25 role cookbooks. I just then add my role cookbooks to my nodes’ run list. For example I have: the following. I DO want to pin a particular cookbook version in my role cookbooks.

 

cookbook_role1/metadata.rb

depends ‘cookbook1’, ‘=1.0.0’ # Don’t want ‘~> 1.0.0’

depends ‘cookbook3’, ‘=1.0.0’

depends ‘cookbook4’, ‘=1.0.0’          

 

cookbook_role2/metadata.rb

depends ‘cookbook1’, ‘=1.0.0’

depends ‘cookbook5’, ‘=1.0.0’

depends ‘cookbook6’, ‘=1.0.0’          

 

My problem is, when I update cookboo1’s version, I have to go to EACH role and update its version there. I also update the role cookbooks versions.

 

What’s a more efficient way to do this, avoiding ‘~> x.y.z’ in the role cookbooks. I was thinking that since the metadata.rb files are just ruby file, I can do

 

cookbook_role1/metadata.rb

depends ‘cookbook1’, cookbook_versions[‘cookbook1’]

depends ‘cookbook3’, cookbook_versions[‘cookbook3’]

depends ‘cookbook4’, cookbook_versison[‘cookbook4’]

 

and have a central *.rb file that has 

 

$cookbook_versions = {

  ‘cookbook1’ => ‘= 1.0.0’,

  ‘cookbook2’ => ‘= 1.0.0’,

  ‘cookbook4’ => ‘=1.0.0’

}

 

That is, I have a central location I can just update my cookbook versions, and my cookbooks’ metatdata.rb files will be updated accordingly.

 

So far I’m not able to make this hokey idea work.

 

Any ideas on how to alleviate this situation?

 

Chris

Tyler Cloke | 23 Apr 00:44 2015

Chef Client Now Floats On Master In The Chef Server

Hey all,

I just merged a PR [1] for opscode-omnibus (the project that builds the chef-server) that floats the chef-client on master.

Now, every build of the chef-server will pull chef-client down from Github and build a gem that the chef-server uses for things like chef-server-ctl (and thus reconfigure).

This is great, because now we will constantly be getting the new hotness as well as remove an annoying dance to get your client changes into the server, allow your changes to ship in the server with no further action on your part besides merging. When you (or someone else) merges code to master of the chef-client project, they are shipping that code on the server the next time it builds.

Therefore, we must now treat merging code to master of chef-client as shipping that code, so please do all the manual testing and add all the test coverage your change needs before merging :)

Let's get your amazing commits everywhere as quickly and safely as possible!

Tyler Cloke

Fabien Delpierre | 22 Apr 18:59 2015
Picon

$ berks upload keeps failing since yesterday

Hello,
I'm working on a custom cookbook; since yesterday, whenever I run $ berks upload to ship the latest version of the cookbook to my Chef server, Berkshelf goes through all the cookbook dependencies alphabetically, as normal, skips all of them since they don't require an update, again as normal, then it gets to my cookbook (it's called "srv01") and exits unexpectedly with this output (Pastebin link).

Any cookbook that would come after "srv01" alphabetically is obviously skipped since the program exits at that point. That's not a huge deal for me since they don't require any updates, but could be problematic, generally speaking.

But really my main problem is that the cookbook I'm actually working on doesn't get updated on the Chef server.
If I just do a $ knife cookbook upload srv01, it uploads fine.

I'm using the Hosted Chef service and I know from looking at status.chef.io that they've been having issues lately, but unfortunately I have no idea what the error I'm getting means, and while I can work around it, I'd like to see if I can fix it, assuming it's something I'm doing wrong.

What do you think? Please let me know if I need to provide additional information.
Thanks!
Morgan Blackthorne | 22 Apr 18:57 2015
Picon

kitchen-docker + Oracle Linux 5 converge error: closed stream

https://gist.github.com/stormerider/c92325be6cd0931f3e36

Has anyone seen this kind of thing before? I'm really not sure what's going on there. As far as I can tell, for some reason during the run, the docker container seems to just go away. I'm not sure if that's because chef-solo failed and it terminated automatically, or if TK reaped it because it lost communication, or what.

If I restart the container, I'm able to run chef-solo fine:

root <at> 433af12cc045:/tmp/kitchen# chef-solo -c solo.rb -j dna.json 
[2015-04-22T16:54:44+00:00] WARN: 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

```
  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server
  verify_api_cert true
```

To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:

```
  knife ssl check -c solo.rb
```

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Starting Chef Client, version 11.16.4
Compiling Cookbooks...
Recipe: ohai::default
  * remote_directory[/etc/chef/ohai_plugins for cookbook ohai] action create
  Recipe: <Dynamically Defined Resource>
    * cookbook_file[/etc/chef/ohai_plugins/README] action create (up to date)
     (up to date)
Recipe: ohai::default
  * ohai[custom_plugins] action reload[2015-04-22T16:54:45+00:00] WARN: Plugin Definition Error: </etc/chef/ohai_plugins/packages.rb>: collect_data already defined on platform linux

    - re-run ohai and merge results into node attributes
[2015-04-22T16:54:46+00:00] WARN: RS-DCS-Inventory::default - This recipe normally starts chef-client as a daemon. Skipping while in solo/local mode.
[2015-04-22T16:54:46+00:00] WARN: RS-DCS-Chef::hoptoad - This recipe uses Chef handlers. Skipping while in solo/local mode.
[2015-04-22T16:54:46+00:00] WARN: RS-DCS-Chef::updater - This recipe uses Chef search. Skipping while in solo/local mode.
[2015-04-22T16:54:46+00:00] WARN: RS-DCS-Base::default - Checking node['RS']['Datacenter']: ASH
[2015-04-22T16:54:46+00:00] WARN: Cloning resource attributes for package[subversion] from prior resource (CHEF-3694)
[2015-04-22T16:54:46+00:00] WARN: Previous package[subversion]: /tmp/kitchen/cookbooks/RS-DCS-Base/recipes/default.rb:134:in `block in from_file'
[2015-04-22T16:54:46+00:00] WARN: Current  package[subversion]: /tmp/kitchen/cookbooks/RS-DCS-Base/recipes/default.rb:380:in `from_file'
Recipe: RS-DCS-Base::default
  * package[subversion] action install (up to date)
  Converging 94 resources
Recipe: ohai::default
  * remote_directory[/etc/chef/ohai_plugins for cookbook ohai] action nothing (skipped due to action :nothing)
  * ohai[custom_plugins] action nothing (skipped due to action :nothing)
Recipe: RS-DCS-Ohai-Plugins::default
  * file[/etc/chef/ohai_plugins/mysql-databases.rb] action delete (up to date)
  * ohai[reload] action nothing (skipped due to action :nothing)
  * cookbook_file[/etc/chef/ohai_plugins/databases-mysql.rb] action create (up to date)
  * cookbook_file[/etc/chef/ohai_plugins/packages.rb] action create (up to date)
Recipe: logrotate::default
  * package[logrotate] action install (up to date)
  * directory[/etc/logrotate.d] action create (up to date)
Recipe: chef-client::config
  * template[/etc/logrotate.d/chef-client] action create (up to date)
  * directory[/var/run/chef] action create (up to date)
  * directory[/var/cache/chef] action create (up to date)
  * directory[/var/lib/chef] action create (up to date)
  * directory[/var/log/chef] action create (up to date)
  * directory[/etc/chef] action create (up to date)
  * file[/var/log/chef/client.log] action create (up to date)
  * template[/etc/chef/client.rb] action create (up to date)
  * directory[/etc/chef/client.d] action create (up to date)
  * ruby_block[reload_client_config] action nothing (skipped due to action :nothing)
Recipe: RS-DCS-Base::default
  * sudo[45-nagios-checks] action install
    * template[/etc/sudoers.d/45-nagios-checks] action create (up to date)
     (up to date)
  * template[/etc/sudoers.d/45-nagios-checks] action nothing (skipped due to action :nothing)
  * package[nss] action install (up to date)
  * package[pam_krb5] action install (up to date)
  * package[krb5-workstation] action install (up to date)
  * package[nss-tools] action install (up to date)
  * package[pam_passwdqc] action install (up to date)
  * package[cracklib] action install (up to date)
  * package[net-snmp] action install (up to date)
  * package[ntp] action install (up to date)
  * package[nscd] action install (up to date)
  * package[rwho] action install (up to date)
  * package[vixie-cron] action install (up to date)
  * package[anacron] action install (up to date)
  * package[crontabs] action install (up to date)
  * package[authconfig] action install (up to date)
  * package[sudo] action install (up to date)
  * package[screen] action install (up to date)
  * package[less] action install (up to date)
  * package[subversion] action install (up to date)
  * package[strace] action install (up to date)
  * package[resolvconf] action remove (up to date)
  * link[/etc/init.d/ssh] action create (up to date)
  * template[/etc/pam.d/system-auth-ac] action create (up to date)
  * template[/etc/profile.d/bashrc.sh] action create (up to date)
  * template[/etc/krb5.conf] action create (up to date)
  * template[/etc/ldap.conf] action create (up to date)
  * link[/etc/libnss-ldap.conf] action create (up to date)
  * link[/etc/pam_ldap.conf] action create (up to date)
  * cookbook_file[/etc/nsswitch.conf] action create (up to date)
  * template[/etc/resolv.conf] action create (up to date)
  * execute[nssupdate] action nothing (skipped due to action :nothing)
  * template[/etc/snmp/snmpd.conf] action create (up to date)
  * template[/etc/default/snmpd] action create (up to date)
  * service[snmpd] action enable (up to date)
  * cron[ntpdate] action create (up to date)
  * directory[/usr/local/scripts] action create (up to date)
  * package[subversion] action nothing (skipped due to action :nothing)
  * bash[rehome-sysadmin-svn-if-needed] action run
    - execute "bash"  "/tmp/chef-script20150422-29-nh1w2k"
  * subversion[SysAdmin] action sync (up to date)
  * ruby_block[svn_config_fix] action run
    - execute the ruby block svn_config_fix
  * group[cacti] action create (up to date)
  * user[cacti] action create (up to date)
  * directory[/home/cacti/.ssh/] action create (up to date)
  * cookbook_file[/home/cacti/.ssh/authorized_keys] action create (up to date)
  * cookbook_file[/etc/ssh/sshd_config] action create (skipped due to only_if)
  * service[ssh] action nothing (skipped due to action :nothing)
  * execute[delete_ssh_keys_if_needed] action run (skipped due to only_if)
  * execute[generate_new_ssh_host_keys] action nothing (skipped due to action :nothing)
  * file[/etc/RosettaStone/FRESH_CLONE] action delete (skipped due to only_if)
  * cookbook_file[/etc/update-motd.d/98-chef-role] action create (skipped due to only_if)
  * directory[/etc/cron.scripts] action create (up to date)
  * cookbook_file[/etc/cron.scripts/logerror] action create (up to date)
  * service[nscd] action restart
    - restart service service[nscd]
  * service[nscd] action enable (up to date)
  * cookbook_file[/usr/local/bin/chef-boot] action create (up to date)
  * cookbook_file[/usr/local/bin/chef-dryrun] action create (up to date)
  * cookbook_file[/usr/local/bin/chef-run] action create (up to date)
  * cookbook_file[/usr/local/bin/jq] action create (up to date)
Recipe: RS-DCS-Base::oracle_linux_all_versions
  * cookbook_file[/etc/sudoers] action create (up to date)
  * link[/usr/bin/vi] action create (up to date)
Recipe: RS-DCS-Base::oracle_linux_5
  * package[gpm] action remove (up to date)
  * package[vim-enhanced] action remove (up to date)
  * package[bluez-gnome] action remove (up to date)
  * package[bluez-libs] action remove (up to date)
  * package[bluez-utils] action remove (up to date)
  * package[xorg-x11-utils] action install (up to date)
  * package[xorg-x11-xinit] action install (up to date)
  * package[xorg-x11-xauth] action install (up to date)
  * package[xorg-x11-apps] action install (up to date)
  * cookbook_file[/etc/modprobe.d/disable-ipv6.conf] action create (up to date)
  * ruby_block[append_special_oracle_ldap_auth_string] action run
    - execute the ruby block append_special_oracle_ldap_auth_string
  * file[/etc/openldap/ldap.conf] action delete (skipped due to not_if)
  * link[/etc/openldap/ldap.conf-link] action create (up to date)
  * service[ip6tables] action stop (up to date)
  * service[ip6tables] action disable (up to date)
  * ruby_block[disable-ipv6] action run
    - execute the ruby block disable-ipv6
  * cookbook_file[/etc/selinux/config] action create (up to date)
  * service[iptables] action stop (up to date)
  * service[iptables] action disable (up to date)
Recipe: RS-DCS-Base::default
  * execute[nssupdate] action run (skipped due to only_if)
  * service[nscd] action restart
    - restart service service[nscd]

Running handlers:
Running handlers complete
Chef Client finished, 8/90 resources updated in 5.434002998 seconds
root <at> 433af12cc045:/tmp/kitchen# 

Any thoughts appreciated, I'm very much at a loss as to what's occurring here.

--
~*~ StormeRider ~*~

"Every world needs its heroes [...] They inspire us to be better than we are. And they protect from the darkness that's just around the corner."

(from Smallville Season 6x1: "Zod")

On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS

Gmane