docker
docker copied to clipboard
sous-chefs
Allow gem install from custom source
In a locked down environment the Internet might not be accessible, hence Rubygems cannot be reached to download gems.
chef_gem allows to specify a custom source to bypass this: https://docs.chef.io/resource_chef_gem.html#properties
To fix this, I modified _autoload.rb as follows:
docker = Chef::Resource::ChefGem.new('docker-api', run_context)
docker.version '= 1.26.2'
unless node['docker']['gem_source'].nil?
docker.source node['docker']['gem_source']
docker.clear_sources true
end
docker.run_action(:install)
But I'm not sure defining the node['docker']['gem_source'] attribute is the right way to do it, given the cookbook has no attributes at all.
I'd be happy to make a pull request if someone points me in the right direction.
Thanks
In this case, you'd want to install the gem via your wrapper cookbook. If you install gem version 1.26.2 then the auto load will not fall into the raise exception case and try to install it.
On Tuesday, March 15, 2016, Mikko Caldara [email protected] wrote:
In a locked down environment the Internet might not be accessible, hence Rubygems cannot be reached to download gems. chef_gem allows to specify a custom source to bypass this: https://docs.chef.io/resource_chef_gem.html#properties
To fix this, I modified _autoload.rb as follows:
docker = Chef::Resource::ChefGem.new('docker-api', run_context) docker.version '= 1.26.2' unless node['docker']['gem_source'].nil? docker.source node['docker']['gem_source'] docker.clear_sources true end docker.run_action(:install)
But I'm not sure defining the node['docker']['gem_source'] attribute is the right way to do it, given the cookbook has no attributes at all. I'd be happy to make a pull request if someone points me in the right direction. Thanks
— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/chef-cookbooks/docker/issues/682
hmm ok, sounds like a reasonable workaround ;) Although it's basically duplicating the code... Thanks
Ok, so, I implemented that code in my wrapper cookbook, which depends on the docker cookbook.
Problem is still there because Chef attempts to install the gem during the compilation of the docker cookbook:
Compiling Cookbooks...
[2016-03-21T15:47:40+00:00] INFO: Processing chef_gem[docker-api] action install (dynamically defined)
[2016-03-21T15:49:49+00:00] WARN: failed to find gem docker-api (= 1.26.2) from [https://rubygems.org/]
================================================================================
Recipe Compile Error in /var/chef/cache/cookbooks/docker/libraries/_autoload.rb
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
chef_gem[docker-api] (dynamically defined) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '2'
---- Begin output of /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.26.2" ----
STDOUT:
STDERR: ERROR: Could not find a valid gem 'docker-api' (= 1.26.2), here is why:
Unable to download data from https://rubygems.org/ - Errno::ETIMEDOUT: Connection timed out - connect(2) for "api.rubygems.org" port 443 (https://api.rubygems.org/specs.4.8.gz)
---- End output of /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.26.2" ----
Ran /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.26.2" returned 2
Cookbook Trace:
---------------
/var/chef/cache/cookbooks/docker/libraries/_autoload.rb:10:in `rescue in <top (required)>'
/var/chef/cache/cookbooks/docker/libraries/_autoload.rb:1:in `<top (required)>'
Relevant File Content:
----------------------
/var/chef/cache/cookbooks/docker/libraries/_autoload.rb:
3: rescue LoadError
4: run_context = Chef::RunContext.new(Chef::Node.new, {}, Chef::EventDispatch::Dispatcher.new)
5:
6: require 'chef/resource/chef_gem'
7:
8: docker = Chef::Resource::ChefGem.new('docker-api', run_context)
9: docker.version '= 1.26.2'
10>> docker.run_action(:install)
11: end
12:
can you gist how you installed the docker gem in your cookbook?
also does /opt/chef/embedded/bin/gem list output the docker gem? im thinking this is where the issue is...
I just copy pasted the code from the _autoload.rb and modified it: https://gist.github.com/mikkoc/dabb211e39a84b1e3fb1
I'm sure there's better ways of achieving it. For example, chef-vault works quite well for us:
https://github.com/chef-cookbooks/chef-vault/blob/master/recipes/default.rb
/opt/chef/embedded/bin/gem list will show the gem only after it's installed (either manually or via a forked docker cookbook that defines custom source for the gem).
I'm also having issues installing docker-api gem with this code in a locked down enterprise environment.
Normally I use an internal cookbook I created at the top of my run_list to load certs and proxy config on the system using compile time resources so that by the time it tries to install gems (including compile time like the chef-vault gem) there are no issues.
But because of how this cookbook is installing the gem (from library file that has an '_' at the beginning of the name to have it loaded/ran first) it is not working here. It really removes control of creating a run_list where I can easily have this work. First time I ran into a gem install issue in a while. 😢
So I did a little more digging because it dawned on me that this cookbook used to work fine for me actually. 😉
I found that < 2.5.7 works fine for me. It seems to me changes were made during release 2.5.7 that started causing issues for me of not being able to massage my system before attempts are made to install the docker-api gem.
Not sure if any of this helps @mikkoc though as his issue may be similar but different from mine. He seems to be trying to use his own gem source (internal gem repo/cache?) while I'm trying to configure proxy/certs on my system to use https://rubygems.org.
I'm also having problems with the docker-api gem.
I have a recipe to use my custom server instead of https://rubygems.org, but it never runs, as docker/libraries/_autoload.rb tries to install the gem at compile time, while my recipe would change the settings at converge time; if I first run chef-client with my recipe and without docker, and then run chef-client again with docker, everything works.
For me, the ideal solution would be for docker to install the gem at compile time.
Same issue.
My (custom) cookbook depends on docker, and the run tries in gem install docker at compile time! How can I specify that gems (including) docker should be installed from a custom source?
I am trying to setup .gemrc, but this code (in my cookbook), does not seem to run before docker's gem install:
FileUtils.cp('./files/default/gemrc', '/root/.gemrc')
Stdout:
10.97.150.108 Starting Chef Client, version ********[0m
10.97.150.108 resolving cookbooks for run list: ["hs_my_custom_recipe::default"][0m
10.97.150.108 Synchronizing Cookbooks:[0m
10.97.150.108 - build-essential (2.2.4)[0m
10.97.150.108 - yum-epel (1.0.1)[0m
10.97.150.108 - yum (4.0.0)[0m
10.97.150.108 - hs_my_custom_recipe (0.1.22)[0m
10.97.150.108 - python (1.4.6)[0m
10.97.150.108 - git (4.3.5)[0m
10.97.150.108 - windows (1.40.0)[0m
10.97.150.108 - chef_handler (1.2.0)[0m
10.97.150.108 - dmg (2.3.0)[0m
10.97.150.108 - hs_hsconfig (1.1.2)[0m
10.97.150.108 - java_se (8.102.1)[0m
10.97.150.108 - docker (2.9.7)[0m
10.97.150.108 - hs_jenkins_slave_unix (0.2.5)[0m
10.97.150.108 - compat_resource (12.16.1)[0m
10.97.150.108 - ssh_authorized_keys (0.3.0)[0m
10.97.150.108 - hs_jenkins_slave (0.2.3)[0m
10.97.150.108 Installing Cookbook Gems:[0m
10.97.150.108 Compiling Cookbooks...[0m
10.97.150.108 [2016-11-10T16:58:51-05:00] WARN: failed to find gem docker-api (= 1.31.0) from [https://rubygems.org/]
10.97.150.108 [0m
10.97.150.108 ================================================================================[0m
10.97.150.108 [31mRecipe Compile Error in /var/chef/cache/cookbooks/docker/libraries/_autoload.rb[0m
10.97.150.108 ================================================================================[0m
10.97.150.108
10.97.150.108 [0mMixlib::ShellOut::CommandTimeout[0m
10.97.150.108 --------------------------------[0m
10.97.150.108 chef_gem[docker-api] (dynamically defined) had an error: Mixlib::ShellOut::CommandTimeout: Command timed out after 900s:
10.97.150.108 [0mCommand exceeded allowed execution time, process terminated
10.97.150.108 [0m---- Begin output of /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.31.0" ----
10.97.150.108 [0mSTDOUT:
10.97.150.108 [0mSTDERR:
10.97.150.108 [0m---- End output of /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.31.0" ----
10.97.150.108 [0mRan /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.31.0" returned [0m
10.97.150.108
10.97.150.108 [0mCookbook Trace:[0m
10.97.150.108 ---------------[0m
10.97.150.108 /var/chef/cache/cookbooks/docker/libraries/_autoload.rb:11:in `rescue in <top (required)>'
10.97.150.108 [0m /var/chef/cache/cookbooks/docker/libraries/_autoload.rb:1:in `<top (required)>'[0m
10.97.150.108
10.97.150.108 [0mRelevant File Content:[0m
10.97.150.108 ----------------------[0m
10.97.150.108 /var/chef/cache/cookbooks/docker/libraries/_autoload.rb:
10.97.150.108 [0m
10.97.150.108 [0m 4: unless defined?(ChefSpec)
10.97.150.108 [0m 5: run_context = Chef::RunContext.new(Chef::Node.new, {}, Chef::EventDispatch::Dispatcher.new)
10.97.150.108 [0m 6:
10.97.150.108 [0m 7: require 'chef/resource/chef_gem'
10.97.150.108 [0m 8:
10.97.150.108 [0m 9: docker = Chef::Resource::ChefGem.new('docker-api', run_context)
10.97.150.108 [0m 10: docker.version '= 1.31.0'
10.97.150.108 [0m 11>> docker.run_action(:install)
10.97.150.108 [0m 12: end
10.97.150.108 [0m 13: end
10.97.150.108 [0m 14: [0m
10.97.150.108
10.97.150.108 [0mPlatform:[0m
10.97.150.108 ---------[0m
10.97.150.108 x86_64-linux[0m
10.97.150.108
10.97.150.108 [0m[0m
10.97.150.108 Running handlers:[0m
10.97.150.108 [2016-11-10T17:14:09-05:00] ERROR: Running exception handlers
10.97.150.108 Running handlers complete
10.97.150.108 [0m[2016-11-10T17:14:09-05:00] ERROR: Exception handlers complete
10.97.150.108 Chef Client failed. 0 resources updated in 26 minutes 14 seconds[0m
10.97.150.108 [2016-11-10T17:14:09-05:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
10.97.150.108 [2016-11-10T17:14:09-05:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
10.97.150.108 [2016-11-10T17:14:09-05:00] ERROR: chef_gem[docker-api] (dynamically defined) had an error: Mixlib::ShellOut::CommandTimeout: Command timed out after 900s:
10.97.150.108 Command exceeded allowed execution time, process terminated
10.97.150.108 ---- Begin output of /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.31.0" ----
10.97.150.108 STDOUT:
10.97.150.108 STDERR:
10.97.150.108 ---- End output of /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.31.0" ----
10.97.150.108 Ran /opt/chef/embedded/bin/gem install docker-api -q --no-rdoc --no-ri -v "= 1.31.0" returned
10.97.150.108 [2016-11-10T17:14:09-05:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Would appreciate any help / pointers in the right directions.
Thanks
Ajay
Earlier versions of this cookbook vendored the docker-api gem to avoid this nonsense.
Then somewhere along the line it got moved to a chef_gem install because it was causing problems for people who ran ChefDK based chef-client, where it would cause conflicts with Chef Metal and friends.
Now that kitchen-dokken is included in ChefDK, it has pulled in the docker-api gem as a dependency.
I may re-vendor it into the cookbook to avoid this again.
Thoughts?
-s
I think I've seen this fixed, in a similar manner to the way we are doing it, in other chef-cookbooks. But I could be mistaken, I saw it long ago and meant to go back to it.
We are having to jump through hoops to work around this. Would love it if we could have a good solution to this.
(PS: The custom source in our case, is an artifactory repository)
Thanks
Ajay
spent time last night browsing repos and I couldn't find what I was looking for. i remember we had issues with vendoring before because of the excon gem is both used by docker and chef.
i personally dont mind using a default recipe for the chef_gem install because i call docker from a wrapper cookbook anyways to setup the service - it isnt really that huge of an issue for me.
FWIW, we have moved away from docker cookbook. Instead, we are using the "package" directive to install docker.
FWIW, this is not a "feature request". Its a bug - this is not how docker should be installing a gem.
Also facing the same issue. Previously I used to vendor gem's in wrapper cookbooks. Now any chef cookbook that installs gems via metadata you can't do this as the gem is installed pre compile time. There's no opportunity to automate anything before this point unless you do it while bootstrapping which is also not a great solution as if the gem version updates on a long lived node the install will fail.
I think this is a much wider issue with chef and not so much this cookbook specifically as im fighting it in numerous other places (chef-vault) https://github.com/chef-cookbooks/chef-vault/issues/61
Sadly it seems like the only sure way to work around this for now is to run your own gem mirror...something else i really don't want to manage/support.
I wish I'd seen this before trying to confirm the same thing at https://serverfault.com/questions/868996/chef-13-and-inhibiting-bundler-network-requests/869604 . The final response seems to be 'suck it up, suit', [security]'s on you.
