headers
Jorge Bianquetti | 19 Jun 2013 20:49
Picon
Gravatar

http_request head on S3 pre-signed URL gets 403 error

Ohai!

I've been reading
http://docs.opscode.com/chef/resources.html#remote-file, and
implemented something like this:

local = "some_local_file"
remote = "pre-signed_S3_url"

remote_file local  do
  source remote
  action :nothing
end

http_request "HEAD #{remote}" do
  message ""
  url remote
  action :head
  if File.exists?(local)
    headers "If-Modified-Since" => File.mtime(local).httpdate
  end
  notifies :create, "remote_file[local]", :immediately
end

I get this response from chef-client:

FATAL: Net::HTTPServerException:
http_request[HEAD
https://mybucket.s3.amazonaws.com/develop/some.war?AWSAccessKeyId=AKIXXXXXXXXXXX&Expires=1543242415&Signature=8234962346239423949ygf89w]
(some::backend line 140) had an error: Net::HTTPServerException: 403
(Continue reading)

Permalink | Reply | 0 comments |
headers
Haim Ashkenazi | 19 Jun 2013 18:18
Picon

Problems with Berkshelf 2.0.x lock mechanism

Hi

I was happy to see that berkshelf 2.0.x was released as I thought it solved the locking mechanism but it seems that something is wrong. I have a "backwards" setup in the sense that I define my dependencies directly in the berksfile and use a rake task to write all the exact versions to the metadata file.

My Berksfile is:

site :opscode

# Please see the README for dependency management.
cookbook "realiteq", path: "." # don't remove this or vagrant will fail!
cookbook "users-and-groups", github: "comns/chef_users-and-groups", ref: "v0.1.2"
cookbook "sudo", "~> 2.1.2"
cookbook "nginx", "~> 1.6.0"
cookbook "postfix", "~> 2.1.4"
cookbook "ntp", "~> 1.3.2"
cookbook "apt", "~> 1.10.0"
cookbook "chef-client", "~> 2.2.4"

And my lock file (converted from 1.x) is:

realiteq ➤ cat Berksfile.lock                                                                               git:master*
{
  "sha": "60079019c90586f0481bf0d711923b67c45d23a0",
  "sources": {
    "realiteq": {
      "path": "."
    },
    "users-and-groups": {
      "locked_version": "0.1.1",
      "ref": "ea771662e574fe502fc8418ff61c397957b4a0c0"
    },
    "sudo": {
      "locked_version": "2.1.2",
      "constraint": "~> 2.1.2"
    },
    "nginx": {
      "locked_version": "1.6.0",
      "constraint": "~> 1.6.0"
    },
    "postfix": {
      "locked_version": "2.1.4",
      "constraint": "~> 2.1.4"
    },
    "ntp": {
      "locked_version": "1.3.2",
      "constraint": "~> 1.3.2"
    },
    "apt": {
      "locked_version": "1.10.0",
      "constraint": "~> 1.10.0"
    },
    "chef-client": {
      "locked_version": "2.2.4",
      "constraint": "~> 2.2.4"
    },
    "build-essential": {
      "locked_version": "1.4.0",
      "constraint": "= 1.4.0"
    },
    "cron": {
      "locked_version": "1.2.2",
      "constraint": "= 1.2.2"
    },
    "ohai": {
      "locked_version": "1.1.8",
      "constraint": "= 1.1.8"
    },
    "runit": {
      "locked_version": "1.1.4",
      "constraint": "= 1.1.4"
    },
    "yum": {
      "locked_version": "2.2.2"
    }
  }
}

See versions for postfix (2.1.4) and yum (2.2.2).

However when I install or list dependencies I get:

realiteq ➤ be berks list                                                                                    git:master*
Cookbooks installed by your Berksfile:
  * apt (1.10.0)
  * build-essential (1.4.0)
  * chef-client (2.2.4)
  * cron (1.2.2)
  * nginx (1.6.0)
  * ntp (1.3.2)
  * ohai (1.1.8)
  * postfix (2.1.6)
  * realiteq (0.1.7)
  * runit (1.1.4)
  * sudo (2.1.2)
  * users-and-groups (0.1.1)
  * yum (2.3.0)

The Berkshelf version is:

realiteq ➤ be berks -v                                                                                      git:master*
Berkshelf (2.0.4)


It seems to completely ignore the locked version of both postfix and yum. Am I doing something wrong?

Thanks in advance

--
Haim
Permalink | Reply | 1 comment |
headers
Maxime Brugidou | 19 Jun 2013 09:28
Picon
Gravatar

Simple command to get node info when logged in on node through SSH

Ohai all,

This is a simple question, we have many many nodes with various names and we make the node name match the FQDN with a pretty standard naming convention.

However when logged in on a machine it is very very useful to know what's its Chef state. Currently multiple possibilities:

* Use the motd cookbook that will give you some last run static info when you login
* Use a command like knife node show $(hostname -f) -c /etc/chef/client.rb -u $(hostname -f)

I like the command (because it's very flexible) but I'd expect it to be simpler, I know i can do a simple alias, deploy a simple script on my nodes or anything, but this has to be something that other people need right ?

So if we go the knife way, here are my suggestions:
* Why not make knife look for a client.rb file in /etc/chef/client.rb if no configuration is available?
* Why do i have to specify the node_name conf through -u option? it should be default if none available
* Why not make knife node show without arguments show the current node if any ?

Please enlighten me if you know a better way (or if you don't care).

Cheers,
Maxime
Permalink | Reply | 1 comment |
headers
Jens Skott | 19 Jun 2013 07:02
Picon
Favicon
Gravatar

Testing cookbooks before release

Heyas, we have a setup where we develop cookbooks in a branch in git, test them in a local vagrant box. After that we push them to staging branch in git and then to prod and release it. Then its released to staging and prod at the same time, i want an additional testingstep on the staging branch before the pull request to prod.

Any tips how to start? 

Have tought about using chef_solo on all staging machines and have them pull from development branch when run, but i want chef solo to run every 30 mins like the chef client.

Or does anyone have any better suggestions?
We dont want to use environments since we havnt found a good way to automate the process of bumping versions in the prod environment when releasing cookbooks to prod.


Jens Skott 
Tel: +46-8-5142 4396
Schibsted Centralen IT

Permalink | Reply | 1 comment |
headers
Alex Kiernan | 19 Jun 2013 06:48
Picon
Gravatar

chef-client kitchen tests broken in master?

I'm looking at chef-client on master and AFAICS the tests introduced
by CHEF-3104 completely break the existing tests which were there for
CHEF-2169?

Am I just missing something? I really can't see how the test suite
could possibly have passed!

--
Alex Kiernan
Permalink | Reply | 1 comment |
headers
Michael Ward | 19 Jun 2013 05:49
Picon
Picon
Favicon

Chef question on copying files from file_cache_dir into correct location

Hi,

We have recently started looking at using Chef and I just wanted to get some community advice around the
correct 'Chef' way to copy files..

In particular, we want to be able to 'pre-load' some larger files (jar files, some other archive types, etc)
into the Chef file cache so they are already present when our image is booted, which then need to be
moved/copied out to the correct location. This is mostly to speed up initial Chef runs so we don't need to
wait for the files to download over a slow link.

We currently use the remote_file resource for this, but either we specify the correct location in which
case it ignores the file that already exists in our cache path (and re-downloads slowly), or we specify the
cache location and then use a bash block afterwards to move or copy the file to it's final location which
doesn't seem very 'elegant'.. Is there a better way ?

Regards,
Michael Ward.
Permalink | Reply | 1 comment |
headers
kallen | 19 Jun 2013 00:39
Favicon

chef-server omnibus deb for 10.x?


i'm looking to download a chef-server (omnibus) installer from
http://www.opscode.com/chef/install/ for ubuntu. I only see 11.x pkgs in the
drop-down menu. where can i get 10.x omnibus pkg? or, can i?

thanks,
kallen
Permalink | Reply | 4 comments |
headers
Jordi Llonch | 19 Jun 2013 00:23
Picon
Gravatar

Omnibus Chef Server using nginx, postgres and rabbitmq community cookbooks

Hi,

I am planning to run Chef-server and other services into a single node that use nginx, postgres and rabbitmq.

I plan to bootstrap this node with chef-solo with a runlist like:

* recipe[nginx]
* recipe[postgres]
* recipe[rabbitmq]
* recipe[whatever::customize_chef-server_rb]
* recipe[omnibus_updater]

Is that a good approach/best practice? Is there another suggestion?

Thanks,

Permalink | Reply | 4 comments |
headers
Andrew Gross | 18 Jun 2013 23:10
Gravatar

Vagrant-Chef-Zero

Hey All,

I just released the beta version of vagrant-chef-zero.  The goal is to wrap Chef-Zero around Vagrant runs in an automated, repeatable fashion, while supporting all of the artifacts that a Chef Server can normally hold.  


Check out the README for instructions and explanations of some of the current capabilities.  Feel free to submit bugs and feature requests to the Github Issues page. Just remember, this is still in beta. So while the public API should be pretty stable, it could still change, so hold off on deploying this site wide until we get some feedback.

Andrew
Permalink | Reply | 0 comments |
headers
Russ Lavoy | 18 Jun 2013 21:44
Picon
Favicon

Issue with encrypted data bags

I am having an issue with encrypted data bags with chef 11.4.4 and vagrant 1.2.2.

I was able to successfully create, show encrypted and decrypted data bags with no issue via knife.

But once I dropped it into a recipe it threw me an error.

Here is the portion of the recipe that does not error.

secret = Chef::EncryptedDataBagItem.load_secret("#{node[:production][:secretpath]}") - This
spits back the contents of the /etc/chef/encrypted_data_bag_secret

When I add the below it throws an error
pass_keys = Chef::EncryptedDataBagItem.load("production", "passwords", secret)

<error>
[2013-06-18T18:43:48+00:00] FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must
contain a Hash or Mash!

</error>

Not sure why I am getting this issue.

Any help would be good.

Thanks!
Permalink | Reply | 5 comments |
headers
Torben Knerr | 18 Jun 2013 21:34
Picon
Picon

Test Kitchen and Outside-in Acceptance Testing?

Hey guys,

I'm not up-to-date with the latest test-kitchen development - can I run Cucumber features for testing from the outside with test-kitchen?

If not, what else are you using for this kind of testing?

Cheers,
Torben
Permalink | Reply | 15 comments |

Gmane