PrajaktaPurohit
Repos
10
Followers
8
Following
2

Events

closed issue
Chef server install fails at "add internal user to opensearch security plugin" on local proxmox host but not AWS

Chef Server Version

15.1.7

Platform Details

Local proxmox, 4GB RAM on each VM with 2 CPUs, newly provisioned VMs: Centos7 - Selinux disabled, FQDN configured Rocky8.6 - Selinux disabled, FQDN configured Ubuntu 22.04.1 LTS - Apparmor was disabled, FQDN configured

Configuration

VM inside proxmox, new install. /etc/opscode/chef-server.rb was not yet generated

Scenario

We are trying to install chef server in VM on-site inside proxmox and it is failing.

Steps to Reproduce

  1. Configure VM per prerequisites , verify FQDN is resolvable, disable selinux/apparmor
  2. Wget chef package
  3. Install chef package
  4. Run chef-server-ctl reconfigure as root

Expected Result

Chef server to be installed

Actual Result

In AWS, install was successful. In proxmox environment with 3 different images, we were met with failure at the following step:

execute[add internal user to opensearch security plugin] action run

/var/opt/opscode/local-mode-cache/chef-stacktrace.out

Generated at 2022-09-15 02:47:40 +0000
Mixlib::ShellOut::ShellCommandFailed: execute[add internal user to opensearch security plugin] (infra-server::opensearch line 187) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '255'
---- Begin output of export JAVA_HOME="/opt/opscode/embedded/open-jre/"; ./securityadmin.sh   -f ../securityconfig/internal_users.yml   -icl -nhnv -cert /opt/opscode/embedded/opensearch/config/admin.pem   -cacert /opt/opscode/embedded/opensearch/config/root-ca.pem   -key /opt/opscode/embedded/opensearch/config/admin-key.pem ----
STDOUT: Security Admin v7
Will connect to localhost:9300
ERR: Seems there is no OpenSearch running on localhost:9300 - Will exit
STDERR:
---- End output of export JAVA_HOME="/opt/opscode/embedded/open-jre/"; ./securityadmin.sh   -f ../securityconfig/internal_users.yml   -icl -nhnv -cert /opt/opscode/embedded/opensearch/config/admin.pem   -cacert /opt/opscode/embedded/opensearch/config/root-ca.pem   -key /opt/opscode/embedded/opensearch/config/admin-key.pem ----
Ran export JAVA_HOME="/opt/opscode/embedded/open-jre/"; ./securityadmin.sh   -f ../securityconfig/internal_users.yml   -icl -nhnv -cert /opt/opscode/embedded/opensearch/config/admin.pem   -cacert /opt/opscode/embedded/opensearch/config/root-ca.pem   -key /opt/opscode/embedded/opensearch/config/admin-key.pem returned 255
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.2.7/lib/mixlib/shellout.rb:300:in `invalid!'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.2.7/lib/mixlib/shellout.rb:287:in `error!'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.2.7/lib/mixlib/shellout/helper.rb:130:in `shell_out_compacted!'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.2.7/lib/mixlib/shellout/helper.rb:54:in `shell_out!'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider/execute.rb:52:in `block (2 levels) in <class:Execute>'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/mixin/why_run.rb:51:in `add_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider.rb:265:in `converge_by'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider/execute.rb:50:in `block in <class:Execute>'
(eval):2:in `block in action_run'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider.rb:276:in `instance_eval'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider.rb:276:in `compile_and_converge_action'
(eval):2:in `action_run'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider.rb:217:in `run_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource.rb:599:in `block in run_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource.rb:626:in `with_umask'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource.rb:598:in `run_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:74:in `run_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:108:in `block in run_all_actions'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:108:in `each'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:108:in `run_all_actions'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:132:in `block in converge'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/resource_list.rb:96:in `block in execute_each_resource'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/stepable_iterator.rb:54:in `each_with_index'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/resource_list.rb:94:in `execute_each_resource'
/opt/opscode/embedded/lib/ruby/2.7.0/forwardable.rb:235:in `execute_each_resource'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:130:in `converge'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:687:in `block in converge'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:682:in `catch'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:682:in `converge'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:706:in `converge_and_save'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:286:in `run'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application.rb:305:in `run_with_graceful_exit_option'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application.rb:281:in `block in run_chef_client'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/local_mode.rb:42:in `with_server_connectivity'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application.rb:264:in `run_chef_client'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application/base.rb:337:in `run_application'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application.rb:67:in `run'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-bin-16.17.51/bin/chef-client:25:in `<top (required)>'
/opt/opscode/embedded/bin/chef-client:23:in `load'
/opt/opscode/embedded/bin/chef-client:23:in `<main>'

>>>> Caused by Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '255'
---- Begin output of export JAVA_HOME="/opt/opscode/embedded/open-jre/"; ./securityadmin.sh   -f ../securityconfig/internal_users.yml   -icl -nhnv -cert /opt/opscode/embedded/opensearch/config/admin.pem   -cacert /opt/opscode/embedded/opensearch/config/root-ca.pem   -key /opt/opscode/embedded/opensearch/config/admin-key.pem ----
STDOUT: Security Admin v7
Will connect to localhost:9300
ERR: Seems there is no OpenSearch running on localhost:9300 - Will exit
STDERR:
---- End output of export JAVA_HOME="/opt/opscode/embedded/open-jre/"; ./securityadmin.sh   -f ../securityconfig/internal_users.yml   -icl -nhnv -cert /opt/opscode/embedded/opensearch/config/admin.pem   -cacert /opt/opscode/embedded/opensearch/config/root-ca.pem   -key /opt/opscode/embedded/opensearch/config/admin-key.pem ----
Ran export JAVA_HOME="/opt/opscode/embedded/open-jre/"; ./securityadmin.sh   -f ../securityconfig/internal_users.yml   -icl -nhnv -cert /opt/opscode/embedded/opensearch/config/admin.pem   -cacert /opt/opscode/embedded/opensearch/config/root-ca.pem   -key /opt/opscode/embedded/opensearch/config/admin-key.pem returned 255
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.2.7/lib/mixlib/shellout.rb:300:in `invalid!'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.2.7/lib/mixlib/shellout.rb:287:in `error!'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.2.7/lib/mixlib/shellout/helper.rb:130:in `shell_out_compacted!'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/mixlib-shellout-3.2.7/lib/mixlib/shellout/helper.rb:54:in `shell_out!'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider/execute.rb:52:in `block (2 levels) in <class:Execute>'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/mixin/why_run.rb:51:in `add_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider.rb:265:in `converge_by'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider/execute.rb:50:in `block in <class:Execute>'
(eval):2:in `block in action_run'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider.rb:276:in `instance_eval'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider.rb:276:in `compile_and_converge_action'
(eval):2:in `action_run'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/provider.rb:217:in `run_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource.rb:599:in `block in run_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource.rb:626:in `with_umask'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource.rb:598:in `run_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:74:in `run_action'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:108:in `block in run_all_actions'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:108:in `each'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:108:in `run_all_actions'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:132:in `block in converge'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/resource_list.rb:96:in `block in execute_each_resource'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/stepable_iterator.rb:54:in `each_with_index'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/resource_collection/resource_list.rb:94:in `execute_each_resource'
/opt/opscode/embedded/lib/ruby/2.7.0/forwardable.rb:235:in `execute_each_resource'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/runner.rb:130:in `converge'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:687:in `block in converge'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:682:in `catch'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:682:in `converge'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:706:in `converge_and_save'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/client.rb:286:in `run'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application.rb:305:in `run_with_graceful_exit_option'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application.rb:281:in `block in run_chef_client'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/local_mode.rb:42:in `with_server_connectivity'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application.rb:264:in `run_chef_client'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application/base.rb:337:in `run_application'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-16.17.51/lib/chef/application.rb:67:in `run'
/opt/opscode/embedded/lib/ruby/gems/2.7.0/gems/chef-bin-16.17.51/bin/chef-client:25:in `<top (required)>'
/opt/opscode/embedded/bin/chef-client:23:in `load'
/opt/opscode/embedded/bin/chef-client:23:in `<main>'root@chef:/var/opt/opscode/local-mode-cache# cat /etc/opscode/

[What actually happens after the reproduction steps? Include the error output or a link to a gist if possible.]

Created at 9 hours ago
issue comment
Chef server install fails at "add internal user to opensearch security plugin" on local proxmox host but not AWS

Thank you for the update! Will close the issue for now.

Created at 9 hours ago
pull request closed
testing a build with updated gems AND the whitelist changes

Signed-off-by: John McCrae john.mccrae@progress.com

just checking out to see if the recent whitelist changes AND updated gems corrects the build issues with Solaris

Description

Related Issue

Types of changes

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)
  • [ ] Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

  • [ ] I have read the CONTRIBUTING document.
  • [ ] I have run the pre-merge tests locally and they pass.
  • [ ] I have updated the documentation accordingly.
  • [ ] I have added tests to cover my changes.
  • [ ] All new and existing tests passed.
  • [ ] All commits have been signed-off for the Developer Certificate of Origin.
Created at 6 days ago
issue comment
testing a build with updated gems AND the whitelist changes

superseded by: https://github.com/chef/chef/pull/13216

Created at 6 days ago
push

Update to latest omnibus

This change adds new system libraries for solaris to the omnibus health check whitelist.

Signed-off-by: Marc A. Paradise marc.paradise@gmail.com

Merge pull request #13216 from chef/mp/INFC-268/update-omnibus-for-solaris-whitelist

Update to latest omnibus

Created at 6 days ago
delete branch
PrajaktaPurohit delete branch mp/INFC-268/update-omnibus-for-solaris-whitelist
Created at 6 days ago
pull request closed
Update to latest omnibus

This change adds new system libraries for solaris to the omnibus health check whitelist.

Signed-off-by: Marc A. Paradise marc.paradise@gmail.com

Created at 6 days ago
issue comment
Allow user providers to declare no support for ruby-shadow

this is really clean! thanks!

Created at 6 days ago

InstallBuilder packager

  • Allow to build both Linux and Windows installers in single build

Signed-off-by: Przemysław Niekraś pniekras@ptc.com

DF - updating copyright to PTC's based

Base on feedback on pull request: Add Installbuilder packager(installbuilder) #908

From Tim Smith

Signed-off-by: Fries dfries@ptc.com

Remove SLES 11 check

SLES 11 is EOL. We don't need to perform this check at this point in time.

Signed-off-by: Tim Smith tsmith@chef.io

Remove duplicate software spec specs

The freebsd ones checked the same thing now and the SLES ones were a duplicate of the ubuntu one now that they both too the default values.

Signed-off-by: Tim Smith tsmith@chef.io

Merge pull request #981 from chef/remove_old_suse

Remove SLES 11 check

Bump version to 8.0.1 by Chef Expeditor

Obvious fix; these changes are the result of automation not creative thinking.

Switch from fauxhai to fauxhai-ng

fauxhai is no longer maintained

Signed-off-by: Tim Smith tsmith@chef.io

Update the specs for newer platform versions

Also let fauxhai do the heavy lifting the minor releases

Signed-off-by: Tim Smith tsmith@chef.io

Merge pull request #982 from chef/fauxhai_ng

Signed-off-by: Tim Smith tsmith@chef.io

Bump version to 8.0.2 by Chef Expeditor

Obvious fix; these changes are the result of automation not creative thinking.

Remove EOL Windows Support (pre-2012)

We have some code checks in place that just don't need to run at this point. 2008 R2 is EOL and it's not going to be built on at this point.

Signed-off-by: Tim Smith tsmith@chef.io

Update chefstyle requirement from = 1.5.0 to = 1.5.1

Updates the requirements on chefstyle to permit the latest version.

Signed-off-by: dependabot-preview[bot] support@dependabot.com

Merge pull request #984 from chef/dependabot/bundler/chefstyle-eq-1.5.1

Signed-off-by: Tim Smith tsmith@chef.io

Bump version to 8.0.3 by Chef Expeditor

Obvious fix; these changes are the result of automation not creative thinking.

Merge pull request #983 from chef/legacy_windows

Remove EOL Windows Support (pre-2012)

Bump version to 8.0.4 by Chef Expeditor

Obvious fix; these changes are the result of automation not creative thinking.

Merge branch 'master' into installbuilder-packager

Merge pull request #908 from PTC-Global/installbuilder-packager

Add Installbuilder packager(installbuilder)

Bump version to 8.0.5 by Chef Expeditor

Obvious fix; these changes are the result of automation not creative thinking.

Chefstyle fixes

Signed-off-by: Tim Smith tsmith@chef.io

Created at 6 days ago
push

point to the whitelist branch of omnibus

Signed-off-by: Prajakta Purohit prajakta@chef.io

Created at 1 week ago
create branch
PrajaktaPurohit create branch praj/INFC-268/whitelist_solaris_libs
Created at 1 week ago
create branch
PrajaktaPurohit create branch praj/INFC-268/whitelist_solaris_libs
Created at 1 week ago
push

why_run framework expects that the libraries that should not run on a platform will never be loaded onto the platform. Adding some details related to require shadow to the user provider for the AIX platform.

Signed-off-by: Prajakta Purohit prajakta@chef.io

Created at 1 week ago
push

Permit ruby 3.0 for AIX

We have not been able to build ruby 3.1 on AIX at this time. Until we are able to do so, we are leaving chef-18 on Ruby 3.0 for that platform.

Signed-off-by: Marc A. Paradise marc.paradise@gmail.com

Correcitng linting issue - extra blank line on line 31

Signed-off-by: John McCrae john.mccrae@progress.com

Merge pull request #13207 from chef/mp/aix-ruby30-exception

Permit ruby 3.0 for AIX

Created at 1 week ago
delete branch
PrajaktaPurohit delete branch mp/aix-ruby30-exception
Created at 1 week ago
pull request closed
Permit ruby 3.0 for AIX

We have not been able to build ruby 3.1 on AIX at this time. Until we are able to do so, we are leaving chef-18 on Ruby 3.0 for that platform.

Replaces #13205

Signed-off-by: Marc A. Paradise marc.paradise@gmail.com

Created at 1 week ago
issue comment
Permit ruby 3.0 for AIX

https://buildkite.com/chef/chef-chef-main-omnibus-adhoc/builds/1503

Created at 1 week ago