I'm running a provisioning setup using vagrant and chef-solo to install the gitlab cookbook (however, this problem does not seem to be specific to the gitlab cookbook).
The run-list is simple:
{
"run_list": [
"recipe[ohai::default]"
]
}
The chef-solo run (chef-solo -c solo.rb -j dna.json) results in the following error:
Error executing action create on resource 'cookbook_file[/etc/chef/ohai_plugins/README]'
The file IS there:
# ls -l /tmp/vagrant-chef/e939c8a8cabcf9cdd72f5d7c3a98d728/cookbooks/ohai-2.0.1/files/default/plugins/README
-rwxrwxrwx. 1 vagrant vagrant 49 Oct 21 13:16 /tmp/vagrant-chef/e939c8a8cabcf9cdd72f5d7c3a98d728/cookbooks/ohai-2.0.1/files/default/plugins/README
When I check the process with 'strace' it looks like I can see the error source:
10444 0.000210 stat("/tmp/vagrant-chef/cookbooks/cookbooks/ohai/files/default/plugins/README", 0x7ffff0570bb0) = -1 ENOENT (No such file or directory)
If you notice, the cookbook is named 'ohai-2.0.1' however the process is trying to access the cookbook 'ohai' (i.e., without the version number).
Has anyone else encountered this before? I've seen one other post related to the issue that suggested putting ohai::default first in the run-list, which I've done (see dna.json above)
This happened to me while using Berkshelf. It names all of the cookbooks name-version instead of just name. To solve this, I did berks vendor and added that directory to my cookbooks path. Now everything works!
Related
I have generated a Yocto image to be used on all my target devices. When that image is running on target devices, it must be able to be updated using a rpm remote repository through https protocol.
To try doing that, I have added a dnf bbappend to my custom layer:
$ cat recipes-devtools/dnf/dnf_%.bbappend
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI += " \
file://yocto-adv-rpm.repo \
"
do_install_append () {
install -d ${D}/etc/yum.repos.d
install -m 0600 ${WORKDIR}/yocto-adv-rpm.repo ${D}/etc/yum.repos.d/yocto-adv-rpm.repo
}
FILES_${PN} += "/etc/yum.repos.d"
This is the content of repository configuration file included by dnf bbappend recipe:
$ cat recipes-devtools/dnf/files/yocto-adv-rpm.repo
[yocto-adv-rpm]
name=Rocko Yocto Repo
baseurl=https://storage.googleapis.com/my_repo/
gpgkey=https://storage.googleapis.com/my_repo/PACKAGEFEED-GPG-KEY-rocko
enabled=1
gpgcheck=1
This repository configuration breaks the build process of the image. When I try to build myimage recipe, I always get this error:
ERROR: myimage-1.0-r0 do_rootfs: [log_check] myimage: found 1 error message in the logfile:
[log_check] Failed to synchronize cache for repo 'yocto-adv-rpm', disabling.
ERROR: myimage-1.0-r0 do_rootfs: Function failed: do_rootfs
ERROR: Logfile of failure stored in: /home/yocto/yocto/build/tmp/work/machine-poky-linux/myimage/1.0-r0/temp/log.do_rootfs.731
ERROR: Task (/home/yocto/yocto/sources/meta-mylayer/recipes-images/myimage.bb:do_rootfs) failed with exit code '1'
However, when I replace the "https" by "http" in "baseurl" variable:
baseurl=http://storage.googleapis.com/my_repo/
Then the myimage recipe is built fine.
The host machine can download files from the https repository using wget:
$ wget https://storage.googleapis.com/my_repo/PACKAGEFEED-GPG-KEY-rocko
Previous commands works fine, so the problem is not related with the host machine, I think it must be something related with google certificates and yocto stuff.
I found some relevant information inside this file:
yocto/build/tmp/work/machine-poky-linux/myimage/1.0-r0/temp/dnf.librepo.log
The relevant part:
15:56:41 lr_download: Downloading started
15:56:41 check_transfer_statuses: Transfer finished: repodata/repomd.xml (Effective url: https://storage.googleapis.com/my_repo/repodata/repomd.xml)
15:56:41 check_finished_transfer_status: Fatal error - Curl code (77): Problem with the SSL CA cert (path? access rights?) for https://storage.googleapis.com/my_repo/repodata/repomd.xml [error setting certificate verify locations:
CAfile: /home/yocto/yocto/build/tmp/work/x86_64-linux/curl-native/7.54.1-r0/recipe-sysroot-native/etc/ssl/certs/ca-certificates.crt
CApath: none]
15:56:41 lr_yum_download_repomd: repomd.xml download was unsuccessful
Can some of you provide any useful advice to try to fix this?
Thank you in advance for your time! :-)
I finally fixed my issue removing completely my dnf bbappend recipe from my custom layer and adding this variable to my distro.conf file:
PACKAGE_FEED_URIS = "https://storage.googleapis.com/my_repo/"
After that, at the end of the build process the image contains a valid /etc/yum.d/oe-remote-repo file and all the necesary stuff to manage it. There is no need to copy "ca-certificates.crt" manually at all.
Also, it's important to execute this command after finishing the build of the image:
$ bitbake package-index
This command generates a "repodata" directory within the package feed needed by the target device once it uses the repo to update packages using dnf client.
I found a temporal hack to fix my issue:
$ cp /etc/ssl/certs/ca-certificates.crt /home/yocto/yocto/build/tmp/work/x86_64-linux/curl-native/7.54.1-r0/recipe-sysroot-native/etc/ssl/certs/
After that, I was finally able to build the image using the "https" repo.
Now I am in the process of fixing this issue in the right way. I'll come back with the final solution.
I am trying to install logstash with yum on a red hat vm, I already have the logstash.repo file setup according to the guide and i ran
yum install logstash
but I get the following error after it downloads everything
...
logstash-2.3.2-1.noarch.rpm | 72 MB 00:52
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
groupadd: Can't get unique system GID (no more available GIDs)
useradd: group 'logstash' does not exist
error: %pre(logstash-1:2.3.2-1.noarch) scriptlet failed, exit status 6
Error in PREIN scriptlet in rpm package 1:logstash-2.3.2-1.noarch
error: install: %pre scriptlet failed (2), skipping logstash-1:2.3.2-1
Verifying : 1:logstash-2.3.2-1.noarch 1/1
Failed:
logstash.noarch 1:2.3.2-1
Complete!
I can't find much information about this. Any suggestions?
groupadd determines gids for the creation of regular groups from the /etc/login.defs file.
In my centos 6 box. /etc/login.defs contains following two lines:
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500
GID_MAX 60000
For system accounts add these two lines to your /etc/login.defs
# System accounts
SYS_GID_MIN 100
SYS_GID_MAX 499
I updated the SYS_GID_MAX Value and it worked for me.
I am having some problems trying to bootstrap a windows node for Chef. This node was initially able to be partially bootstrapped, it was getting through most of the process but however, failing near the end - on the windows client itself I can see a number of expected files under C:\Chef
However since upgrading my Ruby and Knife-Windows to remedy the original issue - I am now not able to bootstrap at all, I get the error below:
chefadmin#AUK-CHEFMGT1:~$ knife bootstrap windows winrm 10.28.154.61 -x chefadmin -P xxxxxx
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/mixin/path_sanity.rb:25:
warning: Insecure world writable dir /usr/local/bin in PATH, mode 040777
Waiting for remote response before bootstrap.10.28.154.61 .
10.28.154.61 Response received.
Remote node responded after 0.01 minutes.
Bootstrapping Chef on 10.28.154.61
ERROR: RuntimeError: Knife-Windows < 1.0 does not support validatorless bootstraps
I've tried a few different versions of knife-windows, initially 1.1.1, and most recently the pre-release version of 1.0.0 rc1, however, they are all giving me this error.
I am not sure why this is a problem, as the validation.pem does exist on the windows client in C:\Chef\
In case it matters, here is my knife.rb config file:
chefadmin#AUK-CHEFMGT1:~$
GNU nano 2.2.6 File: /home/chefadmin/chef-repo/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "chefadmin"
client_key "#{current_dir}/ChefRSA.pem"
validation_client_name "company"
validation_key "#{current_dir}/companyvalidator"
chef_server_url "https://10.28.253.101/organizations/company"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]
"#{current_dir}/companyvalidator" Does that file exist? Usually that would be something ending in .pem. If that path isn't a thing, it would fall back to new-style bootstrapping which I don't think works on Windows yet.
I'm trying to use chef to check out a git repo to a windows client node.
This seems simple enough and I've got the following resource definition:
git "C:\\pathtocheckout" do
repo "https://gitserver/repo.git"
action [ :checkout, :sync]
end
But when this is reached by chef-client I get:
Errno::EIO: git[C:\pathtocheckout] (cookbook_name::test line 21) had an error: Errno::EIO: Input/output error - CreateProcessW
I've had a look at the stacktrace produced and it appears to be something to do with creating a process to run the git command - but this is the limit of my knowledge.
I've made sure git is installed on on Path, removed all other recipes from the run list, running as a different admin user and I've tried different repositories but all with the same error.
So I'm pretty stumped - anyone got a way I can dig into this error and see what is going on?
I have this run list: recipe-A, my-recipe.
recipe-A creates /etc/A directory.
my-recipe has these codes:
...
// create '/etc/A/file-1'
...
File.symlink('/etc/A/file-1', '/etc/A/file-2')
...
So, when my-recipe runs, there should be /etc/A directory already, which was created by recipe-A. But I got this error at very first of the chef run:
================================================================================
Recipe Compile Error in ...
================================================================================
Errno::ENOENT
-------------
No such file or directory - (/etc/A/file-1, /etc/A/file-2)
I am sure that recipe-A has not been run when this error message is shown up. But isn't it supposed for recipe-A to run first? Why is Chef checking the existence of /etc/A, which is created by recipe-A while it has not been run? How can I solve this?
Don't run it as ruby code, use the link resource to create the symlink.
link "/etc/A/file-2" do
to "/etc/A/file-1"
end
I'm pretty sure that your Ruby code is already executed during the compilation phase of the chef run, that's why the code from the second recipe seems to be executed first.