Chef-vault 4.0.1 require Ruby >= 2.4


My chef is running on 12.21.31 version, and my ruby version is:
/opt/chef/embedded/bin/ruby -v
ruby 2.3.5p376 (2017-09-14 revision 59905) [x86_64-linux]

Last monday was realease new chef vault (4.0.1), and it requires ruby >= 2.4.

I would like to keep running on the current version, but my run_list force an automatic gem update, and it breaks.

Fetching gem metadata from rubygems .org /............
Fetching version metadata from rubygems . org/...
Fetching dependency metadata from rubygems . org/..
Resolving dependencies...
Installing chef-vault 4.0.1

Gem::InstallError: chef-vault requires Ruby version >= 2.4.
Using ruby-dbus 0.16.0
Using bundler 1.12.5
An error occurred while installing chef-vault (4.0.1), and Bundler cannot
Make sure that `gem install chef-vault -v '4.0.1'` succeeds before bundling.
---- End output of bundle install ----

I've already tried to set the version 3.4.3 in the attribute ['chef-vault']['version'] in the chef-vault cookbook, but it didn't work.

How can I fix this without upgrade my chef ? Any else is facing the same issue ?

Yes - we have tens of deployments on chef12 and vault 3.x that all stopped working on the 31st of December with this exact issue :frowning:

I put the 3.4.3 version in gemfile, but it didn't work as expected either :frowning:

@lundsten Its working again :slight_smile:
Try to put in your chef-vault/metadata.json
"gems":[["chef-vault","= 3.4.3"]]

What we did while waiting for a global fix;

  • in the chef-vault/metadata.json file - set the gem version:
    "gems":[["chef-vault","= 3.4.3"]],

And now we can run chef-client successfully

Hey there, folks!

Yes, the latest version of chef-vault is incompatible with chef-client 12 (EOL'd April 2018) which uses Ruby 2.3 (EOL'd March 2019). Your options are to pin the version of the chef-vault as described in this thread or to upgrade chef-client.

I put the 3.4.3 version in gemfile, but it didn't work as expected either.

That can be a bit confusing. A Gemfile in a project only takes effect in development and test environments. Gems used at runtime by chef-client itself are only affected by cookbook metadata declarations or chef_gem resources in the runlist.

1 Like

Hello again everyone,

We’ve released 2 new versions of the chef-vault cookbook today to help folks get to the latest releases of Chef Infra Client. The first release, 3.1.2, restores compatibility with Chef Infra Client 12.x by installing an older version of the chef-vault gem and removing code from a helper library that was not supported by Ruby 2.3. We also released the chef-vault cookbook 4.0, which skips the gem installation entirely. The 4.0 cookbook instead requires Chef Infra Client 13.4 or later, which ships with the chef-vault gem out of the box.

If you’re on Chef Infra Client 12 it is beyond time to upgrade and we hope that the 3.1.2 release makes it possible for you to upgrade to a newer client. Chef Infra Client 12 went EOL April 2018 and includes Ruby 2.3 which went EOL March 2019. Since that time multiple CVEs have come out in Ruby, openSSL, and several other libraries that are used by the chef-client. If you or your business value security then it’s time to upgrade.


@tas50 thanks for your reply

I am having this exact same error. I am new to chef and I need more information on how to pin the version of the chef-vault. the current version of chef-vault I have in my Chef server is 3.1.0 and when chef-client is run on the server it is trying to install chef-vault 4.0.1 and I get the same error as above Gem::InstallError: chef-vault requires Ruby version >= 2.4. Do I download the latest chef-vault cookbook from git and update the chef-vault/metadata.rb with the "gems":[["chef-vault","= 3.4.3"]], ?

I was able to figure it out, thanks again.

Fix for metadata.rb

depends 'chef-vault', '< 3'
gem 'chef-vault', '< 4'

@Roman513 If you depend on chef-vault cookbook version 3.1.2 it will handle installing the correct version of the chef-vault gem and then you can remove the gem install from your metadata.

depennds 'chef-vault', '~> 3.1.2'

I'd highly recommend upgrading to a supported release of Chef Infra Client, which will ship with the chef-vault gem built in. That way you can avoid all of this.