I am running vagrant 1.5.4. in any previous releases i could set the chef_solo provisioner configuration to reference the encrypted data bag key as it appears here, but now I receive the following message, see the snippet below:
$ vagrant --version
Vagrant 1.5.4
$ vagrant up
...
DEPRECATION: Chef encrypted_data_bag_secret has no effect anymore.
Remove this from your Vagrantfile since it'll be removed in the next
Vagrant version.
...
ERROR: Is a directory - /tmp/vagrant-chef-2/encrypted_data_bag_secret_key
FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Sometimes I receive the message
ERROR: No secret specified to load_secret and no secret found at /etc/chef/encrypted_data_bag_secret
Any idea how this issue can be resolved, or shall I downgrade?
UPDATE 1:
investigating the changes (on a different provisioner) reveals that encrypted_data_bag_secret_key_path still exist, and even though I set it to reference the correct path, I still get the deprecation message above. Besides I wonder which file is being resolved or used as the encrypted data bag file.
seems to be fixed if the attribute is changed from encrypted_data_bag_secret to encrypted_data_bag_secret_key_path. the latter is kinda misleading, it does not refer to the path, rather, it refers to the key itself.
Related
I have a file called "adm.php".
I want to transfer this to my repository, but I always get the following error message:
git
-c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks add -f --
adm.php
error: open("adm.php"): Invalid argument
error: unable to index file 'adm.php'
fatal: adding files failed
Completed with errors, see above.
I'm using Sourcetree on Windows 11.
Renaming the file would be difficult, otherwise I would have to adapt some files...
Is there a possibility to define exceptions in the Git configuration or other possibilities?
Thanks in advance!
For everyone who should have the problem and don't know what to do next:
Windows Defender and other anti-virus programs may even mistake certain files for a virus. In my case, this wonderful operating system didn't even notify me even though I activated it ...
Sometimes the solution can be so simple ... Create an exception and now everything works for me.
It's been a while since I asked this question. To simplify, I just want a lifecycle configuration in AWS SageMaker which can successfully install a private GitHub repo.
I'm trying to install a private github repo with a bash script. The script does the following:
makes sure there's an ssh agent active
adds the ssh key from a persistent portion of memory
attempts to install the github repo
This is all happening in a SageMaker AWS EC2 instance via a lifecycle configuration. The implementation looks something like this:
HOME=/home/ec2-user/
ENVPIP=$HOME/anaconda3/envs/tensorflow2_p36/bin/pip
eval "$(ssh-agent -s)"
ssh-add ${HOME}SageMaker/Setup/id_rsa
yes | $ENVPIP install git+ssh://git#github.com/...
Running this, I get the following error:
ERROR: Command errored out with exit status 128: git clone -q 'ssh://****#github.com/...' /tmp/pip-req-build-ysacff_l Check the logs for full command output.
Here's all the pertinent output from cloudwatch:
Agent pid 5146
Identity added: /home/ec2-user/SageMaker/Setup/id_rsa (/home/ec2user/SageMaker/Setup/id_rsa)
2020-09-07T17:11:00.605-04:00
Collecting git+ssh://****#github.com/********1/*****-*****Library
Cloning ssh://****#github.com/********1/*****-*****Library to /tmp/pip-req-build-ysacff_l
2020-09-07T17:11:00.605-04:00
Copy
ERROR: Command errored out with exit status 128: git clone -q 'ssh://****#github.com/********1/*****-*****Library' /tmp/pip-req-build-ysacff_l Check the logs for full command output.
looking into it, this seems like an issue with the cloning protocol, but I couldn't find anything pertinent to ssh.
P.s.
running the same few lines in the terminal works
I sanity checked the url to the repo, went right to it, so I don't think its a problem with anything after the ...
Updates:
tried updating git with yum install git. Apparently my version is up to date, so doing this resulted in the same error.
I commented out the pip install so that the EC2 Instance would start up successfully, then ran curl http://www.google.com, which resulted in a bunch of html. So it appears, at least after the EC2 instance boots, outbound traffic is allowed.
running curl http://www.google.com within the bash script (lifecycle configuration, with the problematic code commented out) results in the same html output, and the instance started up perfectly. this leads me to believe that there is, indeed, outbound traffic allowed on instance startup
a lot of people have viewed this question, and no one has answered it. I'm not married to the specific way I'm trying to install the repo, so if there are any working alternatives I'll gladly take them.
Is it possible that I'm encountering a race condition with some other system? this is happening close to when the instance starts. Are their any way to check that all dependent systems are running?
while doing some other stuff, in console I got the same error. I reinitialized the ssh agent, added the key, and it worked. I wonder if it's a race condition between eval "$(ssh-agent -s)" and yes | $ENVPIP install git+ssh://git#github.com/...?
I am trying to build HAProxy-1.9 with USE_LUA=1 flag to enable lua support. This the make command I am using:
sudo make TARGET=linux USE_DL=1 USE_CRYPT_H=1 USE_LUA=1 LUA_LIB=/usr/bin/lua5.3 LUA_INC=/usr/include/lua5.3/ LUA_LIB_NAME=lua53
When I execute the make command I receive the following error:
LD haproxy
/usr/lib64/gcc/x86_64-suse-linux/8/../../../../x86_64-suse-linux/bin/ld: cannot find -llua53
collect2: error: ld returned 1 exit status
make: *** [Makefile:976: haproxy] Error 1
From what I have gathered it seems that a one of the library file (guessing a socket file) is either missing or, I have provided a wrong directory. I am using OpenSuse Tumbleweed.
EDIT 1
I was able to make haproxy from source by changing TARGET=linux to TARGET=generic. After the make file stopped, no errors were reported on stdout. However, haproxy.service was not installed.
I previously had haproxy installed using zypper. The only reason I removed it was to reinstall it with USE_LUA=1 flag because I was not sure whether it was possible to edit haproxy post compilation to change a compile time configuration.
After reinstalling, it is working. However, I believe there is an error with lua-load. When I try lua-load /usr/share/haproxy/auth-request.lua I get the following error from running journalctl -xe: error in lua file '/tmp/auth-request.lua': cannot open /tmp/auth-request.lua: Permission denied
. The permission set on the file was haproxy:haproxy as in the haproxy.cfg file. I have tried also tried modifying user root group root in haproxy.cfg and chown /tmp/auth-request.lua root:root. The error is still there.
I may have deviated somewhat from the original question. I would appreciate it is still possible to solve this problem. If more information or context is required, it can be provided.
EDIT 2
Most recently I tried adding read and execute permissions for all users on /tmp/auth-request.lua. ls -l output:
-rwxr-xr-x 1 root root 3957 Feb 25 02:24 /tmp/auth-request.lua
Okay after some painstaking hours, I was able to fix the permission issue as per EDIT 2 in the post. I moved my Lua script to the haproxy config directory and that seemed to have worked. Although, I am not too sure whether /etc/haproxy is a good location to keep Lua scripts but, for now it has worked.
I feel silly asking this question as it seems to work flawlessly for most people but I couldn't solve the following problem I encountered after setting up a Chef server 12 on RHEL 6 and the ChefDK 0.6.0 on my mac.
The chef server setup went through like charm as describeb on the documentation, no errors at all. When I wanted to use my machine as workstation to push cookbooks to the server I always get the error "The object you are looking for could not be found". According to other stackoverlfow posts (0, 1, 2) this is likely due to a configuration issue in knife.rb. Nevertheless, I used "knife configure" to setup the knife.rb file and double checked for any typos in the path. In addition, according to the knife.rb documentation page I used the attributes properly.
Anyone have an idea what could cause the problem?
log_level :info
log_location STDOUT
node_name "nodermatt"
client_key "/Users/odermatt/chef-repo/.chef/nodermatt.pem"
validation_client_name "Adobe-validator.pem"
validation_key "/Users/odermatt/chef-repo/.chef/Adobe-validator.pem"
chef_server_url "https://sj1010005158157.corp.adobe.com:443/organizations/Adobe"
syntax_check_cache_path "/Users/odermatt/chef-repo/.chef/syntax_check_cache"
cookbook_path [ "/Users/odermatt/chef-repo/cookbooks" ]
You need to do perform knife commands under .chef directory. I too had same problem for change I tried under .chef directory, it was working. Try "knife client check" and "knife cookbook upload yourcookbook".
In knife.rb file, give chef_server_url as with your orgs name means which org you need to upload the cookbook. Typically be like "https://api.chef.io/organizations/orgname" and give path to your cookbooks directory.
I had this same issue, could not run
knife node run_list add nodename 'recipe[cron-delvalidate::default]' - cron-delvalidator recipe to the node named: chefnode
I found out, after reading this that it's Chefnode, not chefnode, capital "C". This solved my issue.
The response was:
Chefnode:
run_list: recipe[cron-delvalidate::default]
I'm looking for the correct way to set chef-client's log level when creating a server using knife ec2.
My initial thought was setting the log level configuration in my knife.rb file like this:
log_level :debug
This didn't result in any visible change in the log level.
I also tried turning on the -VV option in knife ec2, but that just results in verbose output from knife ec2 itself.
When I run chef-client directly after logging onto the server, I can get debug information with no problems using:
sudo chef-client -l debug
That would be sufficient, but I'm investigating an underlying problem that only occurs on the initial server bootstrap.
Here is a simple hack/work-around that I discovered to control the log level. In knife.rb, include
a line like the following, for example:
chef_client_path 'chef-client -l debug'
You can see why this works by looking at
this line
of the Chef source code. I confirmed that this works in Chef 11.6.
It may work in other versions.
Currently the default bootstrap templates always set the default :auto log level to the node. There is at least one ticket that seems to be related.
So your only option now is to create your own bootstrap template that adds log_level :debug to /etc/chef/client.rb. You can copy and modify e.g. the default "chef-full" template and then pass it as a parameter to knife.