BackSlasher
commented
8 years ago Hi Thanks for reporting an issue. Could you provide a complete recipe that causes breakage? Also, if you have a fix it'll be better to open a PR than an issue. Thanks!
Closed atward closed 7 years ago
BackSlasher
commented
8 years ago Hi Thanks for reporting an issue. Could you provide a complete recipe that causes breakage? Also, if you have a fix it'll be better to open a PR than an issue. Thanks!
atward
commented
7 years ago Usecase:
[root@ip-10-211-255-80 /]# cat /tmp/run
printf '=%.0s' {1..80}; echo chef-run-1; chef-client -o 'example::selinux'
printf '=%.0s' {1..80}; echo chef-run-2; chef-client -o 'example::selinux'
printf '=%.0s' {1..80}; echo undo ; /tmp/undo
printf '=%.0s' {1..80}; echo chef-run-3; chef-client -o 'example::selinux'
[root@ip-10-211-255-80 /]# cat /tmp/undo
#!/bin/bash -x
semanage fcontext -d '/mnt/path/to/content/(/.*)?'
rm -rf /mnt/path/
[root@ip-10-211-255-80 /]# cat /var/lib/chef/current/cookbooks/example/recipes/selinux.rb
include_recipe 'selinux_policy::install'
path = '/mnt/path/to/content'
selinux_policy_fcontext ::File.join(path, '(/.*)?') do
secontext 'user_home_t'
end
directory path do
recursive true
end
file ::File.join(path, 'my_thing') do
content 'stuff'
end
[root@ip-10-211-255-80 /]# /tmp/run
================================================================================chef-run-1
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- selinux_policy (1.1.0)
- example (0.0.0)
- yum (3.13.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-add] action run
- execute /usr/sbin/semanage fcontext -a -f a -t user_home_t '/mnt/path/to/content/(/.*)?'
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action relabel
* execute[selinux-fcontext-relabel-user_home_t] action run (skipped due to not_if)
(up to date)
================================================================================
Error executing action `addormodify` on resource 'selinux_policy_fcontext[/mnt/path/to/content/(/.*)?]'
================================================================================
NoMethodError
-------------
undefined method `updated' for nil:NilClass
Cookbook Trace:
---------------
/var/cache/chef/cookbooks/selinux_policy/providers/fcontext.rb:99:in `block in class_from_file'
Resource Declaration:
---------------------
# In /var/cache/chef/cookbooks/example/recipes/selinux.rb
4: selinux_policy_fcontext ::File.join(path, '(/.*)?') do
5: secontext 'user_home_t'
6: end
7:
Compiled Resource:
------------------
# Declared in /var/cache/chef/cookbooks/example/recipes/selinux.rb:4:in `from_file'
selinux_policy_fcontext("/mnt/path/to/content/(/.*)?") do
action [:addormodify]
updated true
updated_by_last_action true
retries 0
retry_delay 2
default_guard_interpreter :default
declared_type :selinux_policy_fcontext
cookbook_name "example"
recipe_name "selinux"
secontext "user_home_t"
file_spec "/mnt/path/to/content/(/.*)?"
file_type "a"
end
Platform:
---------
x86_64-linux
Running handlers:
Running handlers complete
Chef Client failed. 2 resources updated in 08 seconds
================================================================================chef-run-2
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- selinux_policy (1.1.0)
- yum (3.13.0)
- example (0.0.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-add] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
(up to date)
* execute[selinux-fcontext-user_home_t-modify] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
(up to date)
(up to date)
* directory[/mnt/path/to/content] action create
- create new directory /mnt/path/to/content
- restore selinux security context
* file[/mnt/path/to/content/my_thing] action create
- create new file /mnt/path/to/content/my_thing
- update content in file /mnt/path/to/content/my_thing from none to 35bafb
--- /mnt/path/to/content/my_thing 2016-11-13 17:51:07.022842446 -0500
+++ /mnt/path/to/content/.chef-my_thing20161113-18344-exr9xq 2016-11-13 17:51:07.022842446 -0500
@@ -1 +1,2 @@
+stuff
- restore selinux security context
Running handlers:
Running handlers complete
Chef Client finished, 2/11 resources updated in 07 seconds
================================================================================undo
+ semanage fcontext -d '/mnt/path/to/content/(/.*)?'
+ rm -rf /mnt/path/
================================================================================chef-run-3
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- example (0.0.0)
- selinux_policy (1.1.0)
- yum (3.13.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-add] action run
- execute /usr/sbin/semanage fcontext -a -f a -t user_home_t '/mnt/path/to/content/(/.*)?'
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action relabel
* execute[selinux-fcontext-relabel-user_home_t] action run (skipped due to not_if)
(up to date)
================================================================================
Error executing action `addormodify` on resource 'selinux_policy_fcontext[/mnt/path/to/content/(/.*)?]'
================================================================================
NoMethodError
-------------
undefined method `updated' for nil:NilClass
Cookbook Trace:
---------------
/var/cache/chef/cookbooks/selinux_policy/providers/fcontext.rb:99:in `block in class_from_file'
Resource Declaration:
---------------------
# In /var/cache/chef/cookbooks/example/recipes/selinux.rb
4: selinux_policy_fcontext ::File.join(path, '(/.*)?') do
5: secontext 'user_home_t'
6: end
7:
Compiled Resource:
------------------
# Declared in /var/cache/chef/cookbooks/example/recipes/selinux.rb:4:in `from_file'
selinux_policy_fcontext("/mnt/path/to/content/(/.*)?") do
action [:addormodify]
updated true
updated_by_last_action true
retries 0
retry_delay 2
default_guard_interpreter :default
declared_type :selinux_policy_fcontext
cookbook_name "example"
recipe_name "selinux"
secontext "user_home_t"
file_spec "/mnt/path/to/content/(/.*)?"
file_type "a"
end
Platform:
---------
x86_64-linux
Running handlers:
Running handlers complete
Chef Client failed. 2 resources updated in 07 secondsFirst chef run fails with error from original report. Second passes due to not running both resources. Running undo to delete fcontext + change file will cause the 3rd chef run to fail in same manner as first run.
atward
commented
7 years ago Output post #57 for comparison (I understand you're not actively developing/might not have a test server).
[root@ip-10-211-255-80 /]# /tmp/run
================================================================================chef-run-1
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- selinux_policy (1.1.0)
- example (0.0.0)
- yum (3.13.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-add] action run
- execute /usr/sbin/semanage fcontext -a -f a -t user_home_t '/mnt/path/to/content/(/.*)?'
* execute[selinux-fcontext-user_home_t-relabel] action run
- execute restorecon -iR /mnt
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-modify] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
* directory[/mnt/path/to/content] action create
- create new directory /mnt/path/to/content
- restore selinux security context
* file[/mnt/path/to/content/my_thing] action create
- create new file /mnt/path/to/content/my_thing
- update content in file /mnt/path/to/content/my_thing from none to 35bafb
--- /mnt/path/to/content/my_thing 2016-11-13 18:05:10.964842446 -0500
+++ /mnt/path/to/content/.chef-my_thing20161113-23312-py0qqo 2016-11-13 18:05:10.964842446 -0500
@@ -1 +1,2 @@
+stuff
- restore selinux security context
Running handlers:
Running handlers complete
Chef Client finished, 7/14 resources updated in 10 seconds
================================================================================chef-run-2
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- selinux_policy (1.1.0)
- example (0.0.0)
- yum (3.13.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-add] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
(up to date)
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-modify] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
(up to date)
(up to date)
* directory[/mnt/path/to/content] action create (up to date)
* file[/mnt/path/to/content/my_thing] action create (up to date)
Running handlers:
Running handlers complete
Chef Client finished, 0/13 resources updated in 07 seconds
================================================================================undo
+ semanage fcontext -d '/mnt/path/to/content/(/.*)?'
+ rm -rf /mnt/path/
================================================================================chef-run-3
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- example (0.0.0)
- selinux_policy (1.1.0)
- yum (3.13.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-add] action run
- execute /usr/sbin/semanage fcontext -a -f a -t user_home_t '/mnt/path/to/content/(/.*)?'
* execute[selinux-fcontext-user_home_t-relabel] action run
- execute restorecon -iR /mnt
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-modify] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
* directory[/mnt/path/to/content] action create
- create new directory /mnt/path/to/content
- restore selinux security context
* file[/mnt/path/to/content/my_thing] action create
- create new file /mnt/path/to/content/my_thing
- update content in file /mnt/path/to/content/my_thing from none to 35bafb
--- /mnt/path/to/content/my_thing 2016-11-13 18:05:33.809842446 -0500
+++ /mnt/path/to/content/.chef-my_thing20161113-23940-1u401vu 2016-11-13 18:05:33.809842446 -0500
@@ -1 +1,2 @@
+stuff
- restore selinux security context
Running handlers:
Running handlers complete
Chef Client finished, 7/14 resources updated in 10 secondsRestorecon runs on first & third run as expected via notifies.
atward
commented
7 years ago Re: #57. relabel action restored.
[root@ip-10-211-255-80 /]# cat /var/lib/chef/current/cookbooks/example/recipes/selinux.rb
include_recipe 'selinux_policy::install'
path = '/mnt/path/to/content'
fcontext = ::File.join(path, '(/.*)?')
selinux_policy_fcontext fcontext do
secontext 'user_home_t'
end
directory path do
recursive true
end
file ::File.join(path, 'my_thing') do
content 'stuff'
notifies :relabel, "selinux_policy_fcontext[#{fcontext}]", :immediate
end
[root@ip-10-211-255-80 /]# /tmp/run
================================================================================chef-run-1
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- example (0.0.0)
- selinux_policy (1.1.0)
- yum (3.13.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-add] action run
- execute /usr/sbin/semanage fcontext -a -f a -t user_home_t '/mnt/path/to/content/(/.*)?'
* execute[selinux-fcontext-user_home_t-relabel] action run
- execute restorecon -iR /mnt
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-modify] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
* directory[/mnt/path/to/content] action create
- create new directory /mnt/path/to/content
- restore selinux security context
* file[/mnt/path/to/content/my_thing] action create
- create new file /mnt/path/to/content/my_thing
- update content in file /mnt/path/to/content/my_thing from none to 35bafb
--- /mnt/path/to/content/my_thing 2016-11-13 18:18:54.283842446 -0500
+++ /mnt/path/to/content/.chef-my_thing20161113-32358-157xvdx 2016-11-13 18:18:54.282842446 -0500
@@ -1 +1,2 @@
+stuff
- restore selinux security context
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action relabel
* execute[selinux-fcontext-user_home_t-relabel] action run
- execute restorecon -iR /mnt/path/to/content
Running handlers:
Running handlers complete
Chef Client finished, 9/16 resources updated in 10 seconds
================================================================================chef-run-2
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- example (0.0.0)
- selinux_policy (1.1.0)
- yum (3.13.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-add] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
(up to date)
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-modify] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
(up to date)
(up to date)
* directory[/mnt/path/to/content] action create (up to date)
* file[/mnt/path/to/content/my_thing] action create (up to date)
Running handlers:
Running handlers complete
Chef Client finished, 0/13 resources updated in 07 seconds
================================================================================undo
+ semanage fcontext -d '/mnt/path/to/content/(/.*)?'
+ rm -rf /mnt/path/
================================================================================chef-run-3
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: ["example::selinux"]
Synchronizing Cookbooks:
- example (0.0.0)
- selinux_policy (1.1.0)
- yum (3.13.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 7 resources
Recipe: selinux_policy::install
* yum_package[policycoreutils-python] action install (up to date)
* yum_package[selinux-policy-devel] action install (up to date)
* yum_package[setools-console] action install (up to date)
* yum_package[make] action install (up to date)
Recipe: example::selinux
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action addormodify
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-add] action run
- execute /usr/sbin/semanage fcontext -a -f a -t user_home_t '/mnt/path/to/content/(/.*)?'
* execute[selinux-fcontext-user_home_t-relabel] action run
- execute restorecon -iR /mnt
* execute[selinux-fcontext-user_home_t-relabel] action nothing (skipped due to action :nothing)
* execute[selinux-fcontext-user_home_t-modify] action run/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
/mnt/path/to/content/(/.*)? all files system_u:object_r:user_home_t:s0
(skipped due to not_if)
* directory[/mnt/path/to/content] action create
- create new directory /mnt/path/to/content
- restore selinux security context
* file[/mnt/path/to/content/my_thing] action create
- create new file /mnt/path/to/content/my_thing
- update content in file /mnt/path/to/content/my_thing from none to 35bafb
--- /mnt/path/to/content/my_thing 2016-11-13 18:19:16.557842446 -0500
+++ /mnt/path/to/content/.chef-my_thing20161113-553-119ldk6 2016-11-13 18:19:16.557842446 -0500
@@ -1 +1,2 @@
+stuff
- restore selinux security context
* selinux_policy_fcontext[/mnt/path/to/content/(/.*)?] action relabel
* execute[selinux-fcontext-user_home_t-relabel] action run
- execute restorecon -iR /mnt/path/to/content
Running handlers:
Running handlers complete
Chef Client finished, 9/16 resources updated in 10 secondsSo I'm not sure what's going on here. There is nothing of interest now in providers/fcontext.rb:99
shortdudey123
commented
7 years ago Still seeing this w/ v1.1.1
* execute[selinux-fcontext-procd_var_lib_t-add] action run[2017-01-30T06:28:40+00:00] INFO: Processing execute[selinux-fcontext-procd_var_lib_t-add] action run (/var/chef/cache/cookbooks/selinux_policy/providers/fcontext.rb line 52)
Enforcing
[2017-01-30T06:28:40+00:00] DEBUG: Resources for generic execute resource enabled on node include: [Chef::Resource::Execute]
[2017-01-30T06:28:40+00:00] DEBUG: Resource for execute is Chef::Resource::Execute
[2017-01-30T06:28:40+00:00] INFO: Processing execute[Guard resource] action run (dynamically defined)
[2017-01-30T06:28:40+00:00] DEBUG: Providers for generic execute resource enabled on node include: [Chef::Provider::Execute]
[2017-01-30T06:28:40+00:00] DEBUG: Provider for action run on resource execute[Guard resource] is Chef::Provider::Execute
[2017-01-30T06:28:41+00:00] DEBUG: Providers for generic execute resource enabled on node include: [Chef::Provider::Execute]
[2017-01-30T06:28:41+00:00] DEBUG: Provider for action run on resource execute[selinux-fcontext-procd_var_lib_t-add] is Chef::Provider::Execute
[2017-01-30T06:28:44+00:00] INFO: execute[selinux-fcontext-procd_var_lib_t-add] ran successfully
- execute /usr/sbin/semanage fcontext -a -f a -t procd_var_lib_t '/data(/.*)?'
[2017-01-30T06:28:44+00:00] INFO: execute[selinux-fcontext-procd_var_lib_t-add] sending relabel action to selinux_policy_fcontext[/data(/.*)?] (immediate)
* selinux_policy_fcontext[/data(/.*)?] action relabel[2017-01-30T06:28:44+00:00] INFO: Processing selinux_policy_fcontext[/data(/.*)?] action relabel (sample_cookbook::security line 32)
[2017-01-30T06:28:44+00:00] DEBUG: Providers for generic selinux_policy_fcontext resource enabled on node include: [LWRP provider selinux_policy_fcontext from cookbook selinux_policy]
[2017-01-30T06:28:44+00:00] DEBUG: Provider for action relabel on resource selinux_policy_fcontext[/data(/.*)?] is LWRP provider selinux_policy_fcontext from cookbook selinux_policy
(up to date)
================================================================================
Error executing action `addormodify` on resource 'selinux_policy_fcontext[/data(/.*)?]'
================================================================================
NoMethodError
-------------
undefined method `updated' for nil:NilClass
Cookbook Trace:
---------------
/var/chef/cache/cookbooks/selinux_policy/providers/fcontext.rb:82:in `block in class_from_file'
Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/sample_cookbook/recipes/security.rb
32: selinux_policy_fcontext '/data(/.*)?' do
33: secontext 'procd_var_lib_t'
34: end
35:
Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/sample_cookbook/recipes/security.rb:32:in `from_file'
selinux_policy_fcontext("/data(/.*)?") do
action [:addormodify]
updated true
updated_by_last_action true
retries 0
retry_delay 2
default_guard_interpreter :default
declared_type :selinux_policy_fcontext
cookbook_name "sample_cookbook"
recipe_name "security"
secontext "procd_var_lib_t"
file_spec "/data(/.*)?"
file_type "a"
end
Platform:
---------
x86_64-linux
>>>> Caused by NoMethodError: undefined method `updated' for nil:NilClass
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/data_collector.rb:202:in `resource_updated'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/event_dispatch/dispatcher.rb:43:in `call'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/event_dispatch/dispatcher.rb:43:in `block in call_subscribers'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/event_dispatch/dispatcher.rb:34:in `each'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/event_dispatch/dispatcher.rb:34:in `call_subscribers'
(eval):2:in `resource_updated'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/provider.rb:166:in `set_updated_status'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/provider.rb:148:in `run_action'
/var/chef/cache/cookbooks/selinux_policy/providers/fcontext.rb:82:in `block in class_from_file'
(eval):2:in `block in action_addormodify'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/provider.rb:361:in `instance_eval'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/provider.rb:361:in `compile_and_converge_action'
(eval):2:in `action_addormodify'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/provider.rb:145:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/resource.rb:622:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/runner.rb:69:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/runner.rb:97:in `block (2 levels) in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/runner.rb:97:in `each'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/runner.rb:97:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/resource_collection/resource_list.rb:94:in `block in execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/resource_collection/resource_list.rb:92:in `execute_each_resource'
/opt/chef/embedded/lib/ruby/2.3.0/forwardable.rb:189:in `execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/runner.rb:96:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/client.rb:669:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/client.rb:664:in `catch'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/client.rb:664:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/client.rb:703:in `converge_and_save'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/client.rb:283:in `run'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application.rb:294:in `block in fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application.rb:282:in `fork'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application.rb:282:in `fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application.rb:247:in `block in run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/local_mode.rb:44:in `with_server_connectivity'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application.rb:235:in `run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application/client.rb:451:in `block in interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application/client.rb:450:in `loop'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application/client.rb:450:in `interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application/client.rb:434:in `run_application'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/application.rb:59:in `run'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/bin/chef-client:26:in `<top (required)>'
/bin/chef-client:54:in `load'
/bin/chef-client:54:in `<main>'I wonder what's the actual trigger for this. You don't seem to be explicitly relabeling the resource. I think that a first step would be to add a test recipe that actually triggers this and then drill down on the root cause. BTW, this is line 82 that supposedly fails: https://github.com/sous-chefs/selinux_policy/blob/v1.1.1/providers/fcontext.rb#L82 Not very informative
shortdudey123
commented
7 years ago yeah, thats on the todo list when i have a chance :)
atward
commented
7 years ago @shortdudey123 #57 is the fix for this. Feel free to update that for the latest HEAD
shortdudey123
commented
7 years ago ah, that removes the resource action conflict. Let me try that out
shortdudey123
commented
7 years ago I have not had time to dig into why, but https://github.com/sous-chefs/selinux_policy/pull/57 does fix the issue
@atward can you rebase that PR on master? you will also need to add the restorecon method back in or work around it
BackSlasher
commented
7 years ago @shortdudey123 Did you manage to understand where new_resource is null?
shortdudey123
commented
7 years ago No, i haven't been able to track that down yet :( The code in master should work based my understanding of it, but it doesn't
shortdudey123
commented
7 years ago Just a theory, but it might have to do w/ resource cloning since its the same resource name. When you are inside the resource code, the clone probably is not done.
shortdudey123
commented
7 years ago Released this in 2.0.1 with https://github.com/sous-chefs/selinux_policy/pull/67 and it still does not actually fix the issue
@daften FYI
$ sudo cat /var/chef/cache/cookbooks/selinux_policy/metadata.json | grep \"version\"
"version": "2.0.1",
$================================================================================
Error executing action `addormodify` on resource 'selinux_policy_fcontext[/mnt/data(/.*)?]'
================================================================================
NoMethodError
-------------
undefined method `updated' for nil:NilClass
Cookbook Trace:
---------------
/var/chef/cache/cookbooks/selinux_policy/providers/fcontext.rb:76:in `block in class_from_file'
Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/a_cookbook/recipes/selinux.rb
32: selinux_policy_fcontext '/mnt/data(/.*)?' do
33: secontext 'example_var_lib_t'
34: end
35: 
daften
commented
7 years ago Hmmm, I'll take a look at this tomorrow then!
daften
commented
7 years ago @shortdudey123 Do you think the error could be related to the faulty use of run_action. It is meant for actions to run during compile phase: https://docs.chef.io/resource_common.html#run-action? I've run kitchen test again. The same thing as in your code sample basically happens, and no errors there
shortdudey123
commented
7 years ago Possibly? I got our production code running in test kitchen and can't reproduce the error at all there. However i can reproduce it 100% in prod. Let me dig a bit more and see if i can figure out why.
BackSlasher
commented
7 years ago chef version diff?
On Apr 22, 2017 23:24, "Grant Ridder" notifications@github.com wrote:
Possibly? I got our production code running in test kitchen and can't reproduce the error at all there. However i can reproduce it 100% in prod. Let me dig a bit more and see if i can figure out why.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sous-chefs/selinux_policy/issues/55#issuecomment-296399194, or mute the thread https://github.com/notifications/unsubscribe-auth/AG3He-Yx-NJME0E2K_drBu-6l4JH1ZXPks5rymIPgaJpZM4Kve-O .
shortdudey123
commented
7 years ago I changed the kitchen tests here to match the chef version (12.16.something) and they still passed (with exception for the huge amount of resource cloning which i will put a PR in for in a sec)
daften
commented
7 years ago I'm not saying you're lying or anything, just that the kitchen tests don't show this errors, so they need to be adapted. The case in kitchen test is the same basically as your snippet, so I can't find how to reproduce unfortunately. :s
shortdudey123
commented
7 years ago So i did a bit more digging and this issue might actually be a chef bug (https://github.com/chef/chef/issues/5593) involving the data collector
>>>> Caused by NoMethodError: undefined method `updated' for nil:NilClass
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/data_collector.rb:202:in `resource_updated'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/event_dispatch/dispatcher.rb:43:in `call'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/event_dispatch/dispatcher.rb:43:in `block in call_subscribers'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/event_dispatch/dispatcher.rb:34:in `each'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.16.42/lib/chef/event_dispatch/dispatcher.rb:34:in `call_subscribers'
...bug was fixed in 12.17.44 and i am on 12.16.42 in prod Going to test 12.17 when i have a change
shortdudey123
commented
7 years ago Confirmed that this is a bug in chef core. Using Chef 12.19.x does not produce the error seen above.
Don't know why the PR i rebased and fixed up doesn't trigger the bug, but whatever. @BackSlasher so we have a decision... 1) merge https://github.com/sous-chefs/selinux_policy/pull/68 to support 12.16.42 2) leave master as is and not support 12.16.42
BackSlasher
commented
7 years ago Is this bug specific to 12.16.42, so that later versions don't have it?
shortdudey123
commented
7 years ago Correct, from a official releases of Chef standpoint, 12.16.42 is the only version w/ the bug
BackSlasher
commented
7 years ago Let's avoid giving it special treatment by merging this.
We can keep this handy in case 12.16.42 becomes abnormally popular (e.g. the version distributed by Debian, AWS etc). WDYT?
shortdudey123
commented
7 years ago 👍 let me add quick note to the readme about it for reference
shortdudey123
commented
7 years ago Closing as a Chef 12.16.42 core bug that we will not work around
daften
commented
7 years ago Many thanks @shortdudey123 for researching this so thoroughly!
lock[bot]
commented
6 years ago This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
This is breaking whenever
notifies :relabel, new_resourceexecutes and the:relabelexecutes . Doing so causes the resource to be updated in two places, which then throws an exception.Second compile does not cause issues
Chef output with
-l debugchef-stacktrace.out
Moving the
:relabelexecute inside the:adddoes not cause an issue. I think instead you want an action_class to remove the resource definition duplication.