Audit mode with Vagrant only

Eric_Helgeson · April 22, 2015, 2:26pm

Hello!

I’m trying to get audit-mode to work just with vagrant and chef-client
12.2.1. Since there’s no option in Vagrant yet I tried passing it in the
chef.arguments, but get this error -

$ cat Vagrantfile | grep audit
chef.arguments = “–audit-mode enabled”

$ vagrant provision
==> default: Running provisioner: chef_zero…
==> default: Detected Chef (12.2.1) is already installed
Generating chef JSON and uploading…
==> default: Running chef-zero…
==> default: /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/mixlib-cli-1.5.0/lib/mixlib/cli.rb:191:in
parse_options' ==> default: : ==> default: invalid option: --audit-mode (OptionParser::InvalidOption) ==> default: from /opt/chef/embedded/apps/chef/lib/chef/application.rb:86:inconfigure_chef’
==> default: from
/opt/chef/embedded/apps/chef/lib/chef/application.rb:48:in
reconfigure' ==> default: from /opt/chef/embedded/apps/chef/lib/chef/application/solo.rb:190:inreconfigure’
==> default: from
/opt/chef/embedded/apps/chef/lib/chef/application.rb:58:in run' ==> default: from /opt/chef/embedded/apps/chef/bin/chef-solo:25:in<top (required)>’
==> default: from /usr/bin/chef-solo:51:in load' ==> default: from /usr/bin/chef-solo:51:in'
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

Also tried passing in a chef.custom_config_path = ‘path/to/client.rb’ with
audit_mode :enabled but those options don’t seem to get picked up.

Thanks,
-Eric Helgeson
@nulleric https://twitter.com/nulleric
https://usingchef.com

jtimberman · April 22, 2015, 2:57pm

Ohai,

I'm running audit mode via test kitchen in the audit-cis cookbook. The
.kitchen.yml has:

provisioner:
name: chef_zero
client_rb:
audit_mode: :enabled

Test Kitchen 1.4.0 is required for this - it's not released but the RC is
in ChefDK 0.5.0.

And I have some other discussion about this on my blog post here:

http://jtimberman.housepub.org/blog/2015/04/03/chef-audit-mode-introduction/

I'm not sure how to do this in vanilla Vagrant though.

On Wed, Apr 22, 2015 at 8:26 AM, Eric Helgeson erichelgeson@gmail.com
wrote:

Hello!

I'm trying to get audit-mode to work just with vagrant and chef-client
12.2.1. Since there's no option in Vagrant yet I tried passing it in the
chef.arguments, but get this error -

$ cat Vagrantfile | grep audit
chef.arguments = "--audit-mode enabled"

$ vagrant provision
==> default: Running provisioner: chef_zero...
==> default: Detected Chef (12.2.1) is already installed
Generating chef JSON and uploading...
==> default: Running chef-zero...
==> default: /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/mixlib-cli-1.5.0/lib/mixlib/cli.rb:191:in parse_options' ==> default: : ==> default: invalid option: --audit-mode (OptionParser::InvalidOption) ==> default: from /opt/chef/embedded/apps/chef/lib/chef/application.rb:86:in configure_chef'
==> default: from /opt/chef/embedded/apps/chef/lib/chef/application.rb:48:in reconfigure' ==> default: from /opt/chef/embedded/apps/chef/lib/chef/application/solo.rb:190:in reconfigure'
==> default: from /opt/chef/embedded/apps/chef/lib/chef/application.rb:58:in run' ==> default: from /opt/chef/embedded/apps/chef/bin/chef-solo:25:in <top (required)>'
==> default: from /usr/bin/chef-solo:51:in load' ==> default: from /usr/bin/chef-solo:51:in '
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

Also tried passing in a chef.custom_config_path = 'path/to/client.rb' with
audit_mode :enabled but those options don't seem to get picked up.

Thanks,
-Eric Helgeson
@nulleric https://twitter.com/nulleric
https://usingchef.com

--
Joshua Timberman

Eric_Helgeson · April 22, 2015, 4:00pm

I believe it's due to Vagrant extending the chef-solo command for
local-mode vs chef-client

github.com

hashicorp/vagrant/blob/ea8de92c59102f40f942865423a0a71ffcb6bdc9/plugins/provisioners/chef/provisioner/chef_zero.rb#L9


      
          require "log4r"
          
          require_relative "chef_solo"
          
          module VagrantPlugins
            module Chef
              module Provisioner
                # This class implements provisioning via chef-zero.
                class ChefZero < ChefSolo
                  attr_reader :node_folders
          
                  def initialize(machine, config)
                    super
                    @logger = Log4r::Logger.new("vagrant::provisioners::chef_zero")
                  end
          
                  def configure(root_config)
                    super

I'd think that should be a bug? local-mode is more akin to chef-client than
chef-solo.

*$ *chef-solo --audit-mode enabled
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/mixlib-cli-1.5.0/lib/mixlib/cli.rb:191:in
parse_options': invalid option: --audit-mode (OptionParser::InvalidOption) from /opt/chefdk/embedded/apps/chef/lib/chef/application.rb:86:in configure_chef'
from /opt/chefdk/embedded/apps/chef/lib/chef/application.rb:48:in
reconfigure' from /opt/chefdk/embedded/apps/chef/lib/chef/application/solo.rb:190:in reconfigure'
from /opt/chefdk/embedded/apps/chef/lib/chef/application.rb:58:in run' from /opt/chefdk/embedded/apps/chef/bin/chef-solo:25:in <top (required)>'
from /usr/bin/chef-solo:51:in load' from /usr/bin/chef-solo:51:in '

*$ *chef-client --audit-mode enabled

[2015-04-22T10:57:23-05:00] WARN: Chef-client has been configured to audit
after it converges. Audit mode is an experimental feature currently under
development. API changes may occur. Use at your own risk.

To enable audit mode after converge, use command line option
--audit-mode enabled or set :audit_mode = :enabled in your config file.
To disable audit mode, use command line option --audit-mode disabled or
set :audit_mode = :disabled in your config file.
To only run audit mode, use command line option --audit-mode audit-only
or set :audit_mode = :audit_only in your config file.
Audit mode is disabled by default.
Starting Chef Client, version 12.2.1

-Eric Helgeson
@nulleric https://twitter.com/nulleric
https://usingchef.com

On Wed, Apr 22, 2015 at 9:57 AM, Joshua Timberman joshua@chef.io wrote:

Ohai,

I'm running audit mode via test kitchen in the audit-cis cookbook. The
.kitchen.yml has:

provisioner:
name: chef_zero
client_rb:
audit_mode: :enabled

Test Kitchen 1.4.0 is required for this - it's not released but the RC is
in ChefDK 0.5.0.

And I have some other discussion about this on my blog post here:

http://jtimberman.housepub.org/blog/2015/04/03/chef-audit-mode-introduction/

I'm not sure how to do this in vanilla Vagrant though.

On Wed, Apr 22, 2015 at 8:26 AM, Eric Helgeson erichelgeson@gmail.com
wrote:

Hello!

I'm trying to get audit-mode to work just with vagrant and chef-client
12.2.1. Since there's no option in Vagrant yet I tried passing it in the
chef.arguments, but get this error -

$ cat Vagrantfile | grep audit
chef.arguments = "--audit-mode enabled"

$ vagrant provision
==> default: Running provisioner: chef_zero...
==> default: Detected Chef (12.2.1) is already installed
Generating chef JSON and uploading...
==> default: Running chef-zero...
==> default: /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/mixlib-cli-1.5.0/lib/mixlib/cli.rb:191:in parse_options' ==> default: : ==> default: invalid option: --audit-mode (OptionParser::InvalidOption) ==> default: from /opt/chef/embedded/apps/chef/lib/chef/application.rb:86:in configure_chef'
==> default: from /opt/chef/embedded/apps/chef/lib/chef/application.rb:48:in reconfigure' ==> default: from /opt/chef/embedded/apps/chef/lib/chef/application/solo.rb:190:in reconfigure'
==> default: from /opt/chef/embedded/apps/chef/lib/chef/application.rb:58:in run' ==> default: from /opt/chef/embedded/apps/chef/bin/chef-solo:25:in <top (required)>'
==> default: from /usr/bin/chef-solo:51:in load' ==> default: from /usr/bin/chef-solo:51:in '
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

Also tried passing in a chef.custom_config_path = 'path/to/client.rb'
with audit_mode :enabled but those options don't seem to get picked up.

Thanks,
-Eric Helgeson
@nulleric https://twitter.com/nulleric
https://usingchef.com

--
Joshua Timberman

jdunn · April 23, 2015, 1:58pm

On Wed, 22 Apr 2015, Eric Helgeson wrote:

I believe it's due to Vagrant extending the chef-solo command for
local-mode vs chef-client

https://github.com/mitchellh/vagrant/blob/ea8de92c59102f40f942865423a0a71ffcb6bdc9/plugins/provisioners/chef/provisioner/chef_zero.rb#L9

I'd think that should be a bug? local-mode is more akin to chef-client
than chef-solo.

Yeah, I would regard it as a bug in Vagrant. Solo doesn't support audit
mode... it might eventually, but there aren't any plans to right now.

Julian

[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: Julian Dunn's Blog - Commentary on media, technology, and everything in between. * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

Eric_Helgeson · April 23, 2015, 2:26pm

Looks like someone filed a bug just before I noticed the issue -

github.com/hashicorp/vagrant

config.vm.provision "chef_zero" is chef-solo not chef-client

opened 10:44PM - 21 Apr 15 UTC

closed 04:17AM - 10 Jul 15 UTC

kcd83

bug provisioner/chef

``` ==> default: [2015-04-21T23:39:30+01:00] INFO: *** Chef 12.2.1 *** ==> defau…lt: [2015-04-21T23:39:30+01:00] INFO: Chef-client pid: 3738 .. ==> default: Error expanding the run_list: ==> default: ================================================================================ ==> default: ==> default: Unexpected Error: ==> default: ----------------- ==> default: Chef::Exceptions::IllegalVersionConstraint: Environment cookbook version constraints not allowed in chef-solo ``` I would expect this to do what Kitchen does ``` sudo -E /opt/chef/bin/chef-client --local-mode --config /tmp/kitchen/client.rb --log_level auto --force-formatter --no-color --chef-zero-port 8889 --json-attributes /tmp/kitchen/dna.json` ``` I have read https://github.com/mitchellh/vagrant/issues/5072 but don't understand the use of `chef-solo` rather than `chef-client --local-mode`. What am I missing?

Thanks,

-Eric Helgeson
@nulleric https://twitter.com/nulleric
https://usingchef.com

On Thu, Apr 23, 2015 at 8:58 AM, Julian C. Dunn jdunn@aquezada.com wrote:

On Wed, 22 Apr 2015, Eric Helgeson wrote:

I believe it's due to Vagrant extending the chef-solo command for

local-mode vs chef-client

https://github.com/mitchellh/vagrant/blob/ea8de92c59102f40f942865423a0a71ffcb6bdc9/plugins/provisioners/chef/provisioner/chef_zero.rb#L9

I'd think that should be a bug? local-mode is more akin to chef-client
than chef-solo.

Yeah, I would regard it as a bug in Vagrant. Solo doesn't support audit
mode... it might eventually, but there aren't any plans to right now.

Julian

[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: Julian Dunn's Blog - Commentary on media, technology, and everything in between. * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

Topic		Replies	Views
Issues running Test Kitchen in Audit mode Chef Infra (archive)	2	867	September 9, 2015
Unexpected Audit Mode Chef Client 15.x Chef Infra (archive)	0	849	August 13, 2019
Vim problem with chef-zero and vagrant Chef Infra (archive)	6	366	January 29, 2015
Chef-Shell with local mode? Chef Infra (archive)	2	825	May 15, 2015
Question On An Error Using Vagrant & chef_client provisioner. Berkshelf issue Chef Infra (archive)	0	347	December 26, 2014

Audit mode with Vagrant only

Related Topics