Serverspec and Chef 11


#1

A quick blog post because this keeps coming up, how to fix Chef 11 with Test Kitchen and Serverspec: https://coderanger.net/serverspec-chef-11/

If you are hitting issues with net-ssh, that is how to fix them. Or you could upgrade to Chef 12 and/or InSpec :slight_smile:


#2

Hello.

I’ve found that this solution works for Linux. But not for Windows. I’m using ChefDK 0.6.0 with Chef-Client 11.18.6. Using Chef-Client 12 of course works fine.

Below is the output of a kitchen verify -l debug output. I noticed that the log is complaining about an SSL Cert problem. I found this site and verified the .pem file it refered to was already in on my system

(https://gist.github.com/luislavena/f064211759ee0f806c88)

C:\chef-repo\cookbooks\nvm_win2012>kitchen verify -l debug
-----> Starting Kitchen (v1.4.0)
D      [Vagrant command] BEGIN (vagrant --version)
D      [Vagrant command] END (0m0.00s)
D      [Vagrant command] BEGIN (vagrant plugin list)
D      [Vagrant command] END (0m0.00s)
D      Berksfile found at C:/chef-repo/cookbooks/nvm_win2012/Berksfile, loading Berkshelf
C:/opscode/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.6.0.1/lib/httpclient/webagent-cookie.rb:458: warning: already initialized constant HTTPClient::CookieManager
C:/opscode/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.6.0.1/lib/httpclient/cookie.rb:8: warning: previous definition of CookieManager was here
D      Berkshelf 4.0.1 library loaded
D      Winrm Transport requested, loading WinRM::Transport gem (~> 1.0)
D      WinRM::Transport 1.0.3 library loaded
-----> Setting up <default-Windows2012>...
       Finished setting up <default-Windows2012> (0m0.00s).
-----> Verifying <default-Windows2012>...
       Preparing files for transfer
D      Creating local sandbox in C:/Users/CHRIST~1.CLA/AppData/Local/Temp/default-Windows2012-sandbox-20151222-18400-19kcl80
D      [WinRM] plaintext::http://127.0.0.1:5985/wsman<{:disable_sspi=>true, :basic_auth_only=>true, :user=>"vagrant", :pass=>"vagrant"}> (
$env:BUSSER_ROOT = "$env:TEMP\verifier"
$env:GEM_HOME = "$env:TEMP\verifier\gems"
$env:GEM_PATH = "$env:TEMP\verifier\gems"
$env:GEM_CACHE = "$env:TEMP\verifier\gems\cache"
$ruby = "$env:systemdrive\opscode\chef\embedded\bin\ruby.exe"
$gem = "$env:systemdrive\opscode\chef\embedded\bin\gem"
$version = "busser"
$gem_install_args = "busser --no-rdoc --no-ri"
$busser = "$env:TEMP\verifier\bin\busser.bat"
$plugins = "busser-serverspec"

if ((& "$ruby" "$gem" list busser -i) -ne "true") {
  Write-Host "-----> Installing Busser ($version)`n"
  & "$ruby" "$gem" install $gem_install_args.Split() 2>&1
} else {
  Write-Host "-----> Busser installation detected ($version)`n"
}

if (-Not (Test-Path "$busser")) {
  $gem_bindir = & "$ruby" -rrubygems -e "puts Gem.bindir.dup.gsub('/', '\\')"
  & "$ruby" "$gem_bindir\busser" setup --type bat 2>&1
}

Write-Host "       Installing Busser plugins: $plugins`n"
& "$busser" plugin install $plugins.Split() 2>&1
)
D      [WinRM] opening remote shell on plaintext::http://127.0.0.1:5985/wsman<{:disable_sspi=>true, :basic_auth_only=>true, :user=>"vagrant", :pass=>"vagrant"}>
D      [WinRM] remote shell 6AFB19F0-0228-4E1B-B604-F9823402B4F1 is open on plaintext::http://127.0.0.1:5985/wsman<{:disable_sspi=>true, :basic_auth_only=>true, :user=>"vagrant", :pass=>"vagrant"}>
-----> Installing Busser (busser)
       Successfully installed thor-0.19.0
       Successfully installed busser-0.7.1
       2 gems installed
-----> Setting up Busser
       Creating BUSSER_ROOT in C:\Users\vagrant\AppData\Local\Temp\verifier
       Creating busser binstub
       Installing Busser plugins: busser-serverspec
       Plugin serverspec installed (version 0.5.7)
-----> Running postinstall for serverspec plugin
D      [WinRM] plaintext::http://127.0.0.1:5985/wsman<{:disable_sspi=>true, :basic_auth_only=>true, :user=>"vagrant", :pass=>"vagrant"}> (
$env:BUSSER_ROOT = "$env:TEMP\verifier"
$env:GEM_HOME = "$env:TEMP\verifier\gems"
$env:GEM_PATH = "$env:TEMP\verifier\gems"
$env:GEM_CACHE = "$env:TEMP\verifier\gems\cache"

& $env:TEMP\verifier\bin\busser.bat suite cleanup
)
       Suite path directory C:/Users/vagrant/AppData/Local/Temp/verifier/suites does not exist, skipping.
       Transferring files to <default-Windows2012>
D      [TmpZip::C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip] Populating files
D      [TmpZip::C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip] +++ Adding suites/serverspec/Gemfile
D      [TmpZip::C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip] +++ Adding suites/serverspec/registry_spec.rb
D      [TmpZip::C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip] +++ Adding suites/serverspec/spec_helper.rb
D      [TmpZip::C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip] +++ Adding suites/serverspec/sysinternals_spec.rb
D      [TmpZip::C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip] === All files added.
D      [FileTransporter] Running check_files.ps1
D      [FileTransporter] @{
D      [FileTransporter]   "$env:TEMP\tmpzip-acc0d28e254656318730bc9b93273a3a.zip" = "acc0d28e254656318730bc9b93273a3a"
D      [FileTransporter] }
D      [FileTransporter] Uploading C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip to encoded tmpfile $env:TEMP\b64-acc0d28e254656318730bc9b93273a3a.txt
D      [FileTransporter] Finished uploading C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip to encoded tmpfile $env:TEMP\b64-acc0d28e254656318730bc9b93273a3a.txt (1.764 KB ov
er 1 chunks) in (0m0.13s)
D      [FileTransporter] Running decode_files.ps1
D      [FileTransporter] @{
D      [FileTransporter]   "$env:TEMP\b64-acc0d28e254656318730bc9b93273a3a.txt" = @{
D      [FileTransporter]     "dst" = "$env:TEMP\verifier";
D      [FileTransporter]     "tmpzip" = "$env:TEMP\tmpzip-acc0d28e254656318730bc9b93273a3a.zip"
D      [FileTransporter]   }
D      [FileTransporter] }
D      [FileTransporter] Cleaned up src_zip C:/Users/CHRIST~1.CLA/AppData/Local/Temp/tmpzip-20151222-18400-m0n9lq.zip
D      [FileTransporter] Uploaded 1 items in (0m2.10s)
D      Transfer complete
D      [WinRM] plaintext::http://127.0.0.1:5985/wsman<{:disable_sspi=>true, :basic_auth_only=>true, :user=>"vagrant", :pass=>"vagrant"}> (
$env:BUSSER_ROOT = "$env:TEMP\verifier"
$env:GEM_HOME = "$env:TEMP\verifier\gems"
$env:GEM_PATH = "$env:TEMP\verifier\gems"
$env:GEM_CACHE = "$env:TEMP\verifier\gems\cache"

& $env:TEMP\verifier\bin\busser.bat test
)
-----> Running serverspec test suite
-----> Bundle Installing..
         run  C:/opscode/chef/embedded/bin/ruby C:/Users/vagrant/AppData/Local/Temp/verifier/gems/bin/bundle install --gemfile C:/Users/vagrant/AppData/Local/Temp/verifier/suites/serverspec/Gemfile --
local || C:/opscode/chef/embedded/bin/ruby C:/Users/vagrant/AppData/Local/Temp/verifier/gems/bin/bundle install --gemfile C:/Users/vagrant/AppData/Local/Temp/verifier/suites/serverspec/Gemfile from ".
"
       Could not find gem 'specinfra (= 2.44.7) x86-mingw32' in any of the gem sources
       listed in your Gemfile or available on this machine.
       Fetching gem metadata from https://rubygems.org/.......
       Fetching version metadata from https://rubygems.org/..
       Resolving dependencies...
       Rubygems 1.8.28 is not threadsafe, so your gems will be installed one at a time. Upgrade to Rubygems 2.1.0 or higher to enable parallel gem installation.

       Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/diff-lcs-1.2.5.gem)

       Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/multi_json-1.11.2.gem)

       Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/net-ssh-2.9.2.gem)

       Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/net-telnet-0.1.1.gem)

       Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/rspec-support-3.4.1.gem)

       Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/sfl-2.2.gem)
       Using bundler 1.11.2
       An error occurred while installing diff-lcs (1.2.5), and Bundler cannot
       continue.
       Make sure that `gem install diff-lcs -v '1.2.5'` succeeds before bundling.
-----> Installing Serverspec..
$$$$$$ C:/opscode/chef/embedded/lib/ruby/site_ruby/1.9.1/rubygems/installer.rb:388:in `ensure_required_ruby_version_met': net-ssh requires Ruby version >= 2.0. (Gem::InstallError)
$$$$$$  from C:/opscode/chef/embedded/lib/ruby/site_ruby/1.9.1/rubygems/installer.rb:156:in `install'
$$$$$$  from C:/opscode/chef/embedded/lib/ruby/site_ruby/1.9.1/rubygems/dependency_installer.rb:297:in `block in install'
$$$$$$  from C:/opscode/chef/embedded/lib/ruby/site_ruby/1.9.1/rubygems/dependency_installer.rb:270:in `each'
$$$$$$  from C:/opscode/chef/embedded/lib/ruby/site_ruby/1.9.1/rubygems/dependency_installer.rb:270:in `each_with_index'
$$$$$$  from C:/opscode/chef/embedded/lib/ruby/site_ruby/1.9.1/rubygems/dependency_installer.rb:270:in `install'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/busser-0.7.1/lib/busser/rubygems.rb:44:in `install_gem'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/busser-0.7.1/lib/busser/helpers.rb:57:in `install_gem'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/busser-serverspec-0.5.7/lib/busser/runner_plugin/serverspec.rb:60:in `install_serverspec'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/busser-serverspec-0.5.7/lib/busser/runner_plugin/serverspec.rb:33:in `test'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/command.rb:27:in `run'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:126:in `invoke_command'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:133:in `block in invoke_all'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:133:in `each'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:133:in `map'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:133:in `invoke_all'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/group.rb:232:in `dispatch'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:115:in `invoke'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/busser-0.7.1/lib/busser/command/test.rb:43:in `block in perform'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/busser-0.7.1/lib/busser/command/test.rb:35:in `each'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/busser-0.7.1/lib/busser/command/test.rb:35:in `perform'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/command.rb:27:in `run'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:126:in `invoke_command'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:133:in `block in invoke_all'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:133:in `each'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:133:in `map'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:133:in `invoke_all'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/group.rb:232:in `dispatch'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:115:in `invoke'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor.rb:40:in `block in register'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/command.rb:27:in `run'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/invocation.rb:126:in `invoke_command'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor.rb:359:in `dispatch'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/thor-0.19.0/lib/thor/base.rb:440:in `start'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/gems/busser-0.7.1/bin/busser:8:in `<top (required)>'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/bin/busser:23:in `load'
$$$$$$  from C:/Users/vagrant/AppData/Local/Temp/verifier/gems/bin/busser:23:in `<main>'
D      Cleaning up local sandbox in C:/Users/CHRIST~1.CLA/AppData/Local/Temp/default-Windows2012-sandbox-20151222-18400-19kcl80
>>>>>> Verify failed on instance <default-Windows2012>.
>>>>>> Please see .kitchen/logs/default-Windows2012.log for more details
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: WinRM exited (1) for command: [
$env:BUSSER_ROOT = "$env:TEMP\verifier"
$env:GEM_HOME = "$env:TEMP\verifier\gems"
$env:GEM_PATH = "$env:TEMP\verifier\gems"
$env:GEM_CACHE = "$env:TEMP\verifier\gems\cache"

& $env:TEMP\verifier\bin\busser.bat test
]
>>>>>> ----------------------
D      Verify failed on instance <default-Windows2012>.
D      ------Exception-------
D      Class: Kitchen::InstanceFailure
D      Message: Verify failed on instance <default-Windows2012>.  Please see .kitchen/logs/default-Windows2012.log for more details
D      ---Nested Exception---
D      Class: Kitchen::ActionFailed
D      Message: WinRM exited (1) for command: [
$env:BUSSER_ROOT = "$env:TEMP\verifier"
$env:GEM_HOME = "$env:TEMP\verifier\gems"
$env:GEM_PATH = "$env:TEMP\verifier\gems"
$env:GEM_CACHE = "$env:TEMP\verifier\gems\cache"

& $env:TEMP\verifier\bin\busser.bat test
]
D      ------Backtrace-------
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/verifier/base.rb:79:in `rescue in call'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/verifier/base.rb:82:in `call'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:398:in `block in verify_action'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:488:in `call'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:488:in `synchronize_or_call'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:453:in `block in action'
D      C:/opscode/chefdk/embedded/lib/ruby/2.1.0/benchmark.rb:279:in `measure'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:452:in `action'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:394:in `verify_action'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:341:in `block in transition_to'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:340:in `each'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:340:in `transition_to'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/instance.rb:160:in `verify'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/command.rb:176:in `public_send'
D      C:/opscode/chefdk/embedded/apps/test-kitchen/lib/kitchen/command.rb:176:in `block (2 levels) in run_action'
D      C:/Users/christian.clarke/.chefdk/gem/ruby/2.1.0/gems/logging-2.0.0/lib/logging/diagnostic_context.rb:448:in `call'
D      C:/Users/christian.clarke/.chefdk/gem/ruby/2.1.0/gems/logging-2.0.0/lib/logging/diagnostic_context.rb:448:in `block in create_with_logging_context'
D      ----------------------
D      [CommandExecutor] closing remote shell 6AFB19F0-0228-4E1B-B604-F9823402B4F1 on plaintext::http://127.0.0.1:5985/wsman<{:disable_sspi=>true, :basic_auth_only=>true, :user=>"vagrant", :pass=>"vag
rant"}>
D      [CommandExecutor] remote shell 6AFB19F0-0228-4E1B-B604-F9823402B4F1 closed

#3

The relevant bit is toward the middle:

Bundler isn’t able to verify the TLS cert for rubygems.org. I’ve got no idea how to fix that, but it should give you something to work towards at least. Do you have a MITM-ing corporate proxy perhaps?


#4

Hello.

No there is no Man-In-The-Middle proxy. It’s going directly to rubygems. I did find this site

But the .pem file that it’s refering to is already deployed on my system in this directory.

Directory of C:\opscode\chefdk\embedded\lib\ruby\site_ruby\2.1.0\rubygems\ssl_certs

16/09/2015 10:04 .
16/09/2015 10:04 …
15/05/2015 02:29 1,521 AddTrustExternalCARoot-2048.pem
15/05/2015 02:29 1,952 AddTrustExternalCARoot.pem
15/05/2015 02:29 834 Class3PublicPrimaryCertificationAuthority.pem
15/05/2015 02:29 1,367 DigiCertHighAssuranceEVRootCA.pem
15/05/2015 02:29 1,740 EntrustnetSecureServerCertificationAuthority.pem
15/05/2015 02:29 1,216 GeoTrustGlobalCA.pem


#5

Try running https://raw.githubusercontent.com/mislav/ssl-tools/8b3dec4bedcc725a142fa9bc297610f8d09f5d9d/doctor.rb using Chef’s Ruby. That should give you some visibility into what OpenSSL thinks it is doing. With luck there will be some more Windows-knowledgeable people around in the morning.


#6

Thanks coderanger! I’m looking into this now. As a temporary work-around for anyone else in the community that has this same problem was change the gem source in the Gemfile.

source ‘http://rubygems.org

Instead of Https