AJ Christensen | 28 Aug 09:39 2015

Chef 12.4.1 systemd provider helper broken

Hi there,

Looks as though the systemd provider/helper is broken - an internal method used to determine of the unit file is available returns false during the platform supports lookup; the false return is not handled.

It would seem this is never likely to succeed on my infrastructure, with many thousands of systemd units, we have to be super careful to not iterate through them; dbus hangs, etc.



Fouts, Chris | 27 Aug 21:52 2015

knife bootstrap failing due to failed connection to opscode server?

Is the opscode server down? I’m doing a bootstrap using the default bootstrap template for chef-client v12.3.0 and I get this.


Connecting to www.opscode.com||:443... failed: Connection refused.



Alexander Skwar | 27 Aug 17:14 2015

Append text to beginning of file


With Chef 11.8.2 and FileEdit and the help of this list :), I've now
got a way to replace text in a file and use the captured text. As it
turned out, I'm not using the captured text at all… Oh, well :)

I am now replacing all old values in a config file (sshd_config, to be
exact). And when a certain config setting wasn't there at all, I
insert a line with the new setting. But it will get appended to the
file; it will be at the end of the file.

That's (maybe…) a problem, as a sshd_config file might have a "Match
…" block at the end.

Is there maybe an easy to way to add text to the BEGINNING of the file? :)

Here (or, for maybe better readability on
http://pastebin.com/1QWfsnFZ) is, what I've got now:

# SSH Parameter
{"Protocol" => "2", "LogLevel" => "INFO", "MaxAuthTries" => "4",
"IgnoreRhosts" => "yes", "HostbasedAuthentication" => "no",
"PermitRootLogin" => "no", "PermitEmptyPasswords" => "no", "Banner" =>
"/etc/issue.net"}.each do |param, value|
    cfg_file = "/etc/ssh/sshd_config"

    replace_line_re = /^#{param}.*/
    insert_line_text = replace_line_text = "#{param} #{value}"
    insert_line_re = /^#{replace_line_text}/

    ruby_block "CIS: SSHd Parameter modifizieren. " + param + " => " + value do
        block do
            fe = Chef::Util::FileEdit.new(cfg_file)

            # Alte Werte durch neue Werte ersetzen
            fe.search_file_replace_line(replace_line_re, replace_line_text)

            # Zeile mit neuem Wert am Ende der Datei einfügen - falls
nicht schon vorhanden
            fe.insert_line_if_no_match(insert_line_re, insert_line_text)

            # Datei schreiben
        end # of block do
        notifies :reload, "service[ssh]", :delayed
    end # of ruby_block "CIS: SSHd Parameter modifizieren. " + param +
" => " + value do
end # of {"Protocol" => "2", "LogLevel" => "INFO", "MaxAuthTries" =>
"4", "IgnoreRhosts" => "yes", "HostbasedAuthentication" => "no",
"PermitRootLogin" => "no", "PermitEmptyPasswords" => "no", "Banner" =>
"/etc/issue.net"}.each do |param, value|

Thanks so much again,


=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => a.skwar <at> gmail.com <==

Nico Kadel-Garcia | 27 Aug 17:09 2015

chefdk for RHEL 5 difficulties

I'm aware that chefdk for RHEL 5 or CentOS 5 is not officially supported: I've previously been able to keep it
working to use for "chef-solo" and Berkshelf built-in components by building it on a RHEL 5 instance with
ruby-1.9.3 backported. Unfortunately, with chefk 0.7.x releases, I'm no longer able to build it
Apparently it now relies on even more recent reversions of various rake components, and I'm out of luck
right now.

Is anyone out there successfully building current releases of chefdk for RHEL 5? I'm trying to migrate all
RHEL 5 or compatible systems to a newer OS, to avoid exactly this sort of backporting and compatibility
issue. But in the meantime, I'd much prefer to have a current chefdk available for those systems.

Nico Kadel-Garcia
Lead DevOps Engineer
nkadel <at> skyhookwireless.com

Tobias Unsleber | 27 Aug 16:20 2015

MySQL-cookbook: Instance restart at every chef-client run


I'm using the mysql-cookbook(Version 6.1)
to install mysql-servers:

with this statement in the recipe:

mysql_service 'default' do
  bind_address node["mysql"]["bind-address"]
  initial_root_password "mysql_root_password"
  action [:create, :start]

The effect is, that the instance mysql-default is restarted
at every chef run, which is very bad for me. (Chef version 12)

This is the output of chef-client:


Is this the intended behaviour, or did I
just use it in a wrong way?


Tobias Unsleber
INLINE  Internet Online Dienste GmbH
Kaiserstr. 80
76133 Karlsruhe

Tel +49 721 9668245, FAX +49 721 9668211

HRB 107453, Sitz Karlsruhe, Registergericht: Mannheim
Geschäftsführer: Dr. Andreas Werner, Dr. Armin Zundel

Alexander Skwar | 27 Aug 14:34 2015

FileEdit - search_file_replace_line - Replace with content found


We are using chef-solo 11.8.2 and in a recipe, I'd like to use
Chef::Util::FileEdit.search_file_replace_line to replace a line
matching some regexp and "capture" what has been found and use this in
the replacement.

How? :)

Now, in a recipe, we have got the following:

ruby_block "CIS: AutoFS start deaktivieren" do
    block do
        fe = Chef::Util::FileEdit.new("/etc/init/autofs.conf")
        # "start on" auskommentieren
        fe.search_file_replace_line(/^(start on.*)/,
            "# removed because of CIS check:\n# \1"

        # Datei schreiben
    end # of block do
end # of ruby_block "CIS: AutoFS start deaktivieren" do

This is supposed to comment any lines starting with "start on" in the
autofs.conf file. It should replace the lines with the following

# removed because of CIS check:
# start on...

With perl, I used to have this:

perl -pi -e 's/^(start on.*)/# removed because of CIS check:\n# $1/'

This works.

But this does not:

        fe.search_file_replace_line(/^(start on.*)/,
            "# removed because of CIS check:\n# \1"

It has replaced the "start on" lines just fine, but it added a \1...
It should have replaced the \1 by what's in the first "caputre"
(parentheses; ie. what's in "(" .. ")"; ie. "start on" and whatever is
following it).

How to do that?

Thanks a lot,


=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => a.skwar <at> gmail.com <==

Doug Garstang | 25 Aug 20:20 2015

Forbidden 403 after adding nodes on Chef 12

Running chef client in debug mode shows this:

HTTP 1.1 403 Forbidden

How do I go about fixing this?

I'm simply adding my node with:
knife node from file dt-ac8c940d.dev.foobar.com.json 

and then running the chef-client.

This thread seems to be related:

However, attempting to use the suggested:
knife acl add nodes dt-ac8c940d.dev.foobar.com update client dt-ac8c940d.dev.foobar.com

results in:
FATAL: ERROR: To enforce best practice, knife-acl can only add a group to an ACL.
FATAL:        See the knife-acl README for more information.

I've reproduced this multiple times after deleting both the node and the client and running the knife node from file ... command again.

I've also tried running knife bootstrap, and the problem disappears. It would seem that bootstrap is doing something magical that 'knife node from file' is not. However, I'd prefer not to use bootstrap as this needs to work with autoscaling groups.

Yoshi Spendiff | 25 Aug 20:11 2015

The dangers of prepend


As an FYI to anyone that uses the varnish cookbook >= 2.0.0, an update was just released (2.2.1) that fixes a bug in the service resource and is probably worth updating to sooner rather than later.

One of the libraries in the varnish cookbook used a prepend statement to altered the behaviour of the Provider::Service::Init and Provider::Service::Systemd classes, resulting in service resource declarations attempting starts/restarts 5 times and failing silently. Because it was in a loaded library simply including the cookbook in a dependency chain would cause this.
This was a bug (it was only supposed to affect services of a certain name) but I think it's a pretty clear demonstration of the dangers of using prepend on core Chef libraries.

Perhaps some sort of a warning should be issue if a prepend is used, as the user may be signing up for something they aren't aware of.

Yoshi Spendiff
Ops Engineer
Mobile: +1 778 952 2025
Alan Thatcher | 25 Aug 19:19 2015

upgrading opscode-manage

I just upgraded our chef-server version, and want to bring our opscode-manage and reporting up to date also.  What is the proper way to go about that?  Remove and re-install, or upgrade in place (following the install steps)?
Benzinger, Dennis | 25 Aug 16:39 2015

Is "knife cookbook upload" Atomic ?

Hello List,

we are wondering what will happen if a Chef client is starting and at the same
time new cookbooks are uploaded.

Is it guaranteed that the client will either use all old or all new cookbooks?

Or could it happen that it uses a new version of cookbook A but an old version
of cookbook B because the second one was not uploaded yet when the client
started ?



Dennis Benzinger
IT Architecture Senior Specialist
hybris Cloud Services
dennis.benzinger <at> sap.com

hybris GmbH
Nymphenburger Straße 86
80636 München, Germany
Fax +49 89 890 65 555
hybris GmbH, Nymphenburger Str. 86, 80636 München, Deutschland. 
Geschäftsführer: Ariel F. Lüdi, Carsten Thoma, Michael Zips. 
Amtsgericht München, HRB 124384.

Noah Kantrowitz | 24 Aug 23:54 2015

Poise-python and poise-ruby released

I've pushed poise-python, poise-ruby, and poise-ruby-build to both Rubygems and Supermarket. These
cookbooks manage installing Ruby/Python runtimes from a variety of sources, installing
packages/gems, and other language-specific tasks. You can find docs at
https://github.com/poise/poise-python and https://github.com/poise/poise-ruby.

As previously mentioned, the python cookbook is now deprecated in favor of poise-python. You can find a
migration guide at https://github.com/poise/poise-python#upgrading-from-the-python-cookbook.

As a quick taste of the overall style, to install Ruby 2.x and run a `bundle install`:

    ruby_runtime '2'
    bundle_install '/opt/myapp/Gemfile' do
      without 'development'
      deployment true

If anyone has questions on the new cookbooks and how they work, please don't hesitate to contact me.