Audit cookbook failing to install from internal Ruby gem mirror

[smford22]

Cookbook version

2.4.0

Chef-client version

12.19.36

Platform Details

OEL 5.11

Scenario:

Running the audit::default recipe on a node fails to install latest inspec from an internal mirror

Steps to Reproduce:

Update default['audit']['inspec_gem_source'] to point to an internal mirror and converge chef-client

Expected Result:

The internal mirror has the latest version of inspec staged as well as its dependencies. When chef-client runs it should pull inspec and its dependencies from the mirror and install them on the node

Actual Result:

* chef_gem[inspec] action install[2017-03-10T10:13:21-08:00] INFO: Processing chef_gem[inspec] action install (audit::inspec line 20)
[2017-03-10T10:13:36-08:00] INFO: chef_gem[inspec] installed inspec at 1.15.0

   - install version 1.15.0 of package inspec

 ================================================================================
 Recipe Compile Error in /var/chef/cache/cookbooks/audit/recipes/default.rb
 ================================================================================

 Gem::ConflictError
 ------------------
 Unable to activate train-0.22.0, because net-ssh-4.0.1 conflicts with net-ssh (< 4.0, >= 2.9)

 Cookbook Trace:
 ---------------
   /var/chef/cache/cookbooks/audit/libraries/compliance.rb:5:in `load_inspec_libs'
   /var/chef/cache/cookbooks/audit/recipes/inspec.rb:28:in `from_file'
   /var/chef/cache/cookbooks/audit/recipes/default.rb:20:in `from_file'

 Relevant File Content:
 ----------------------
 /var/chef/cache/cookbooks/audit/libraries/compliance.rb:

   1:  # encoding: utf-8
   2:
   3:  # load all the inspec and compliance bundle requirements
   4:  def load_inspec_libs
   5>>   require 'inspec'
   6:    if Inspec::VERSION != node['audit']['inspec_version'] && node['audit']['inspec_version'] !='latest'
   7:      Chef::Log.warn "Wrong version of inspec (#{Inspec::VERSION}), please "\
   8:        'remove old versions (/opt/chef/embedded/bin/gem uninstall inspec).'
   9:    else
  10:      Chef::Log.warn "Using inspec version: (#{Inspec::VERSION})"
  11:    end
  12:    require 'bundles/inspec-compliance/api'
  13:    require 'bundles/inspec-compliance/http'
  14:    require 'bundles/inspec-compliance/configuration'

 Platform:
 ---------
 x86_64-linux

 Running handlers:
[2017-03-10T10:13:36-08:00] ERROR: Running exception handlers
 Running handlers complete
[2017-03-10T10:13:36-08:00] ERROR: Exception handlers complete
 Chef Client failed. 1 resources updated in 25 seconds
[2017-03-10T10:13:36-08:00] INFO: Sending resource update report (run-id: 565663ad-610e-4b4a-bba9-3edb4af373c7)
[2017-03-10T10:13:38-08:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2017-03-10T10:13:38-08:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-03-10T10:13:38-08:00] ERROR: Unable to activate train-0.22.0, because net-ssh-4.0.1 conflicts with net-ssh (< 4.0, >= 2.9)
[2017-03-10T10:13:38-08:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

If I logon to the host and manually install the gem everything works.

[chris-rock]

@smford22 So far I it looks like chef client 12.19.36 inspec 1.15.0 work without an issue. I have a kitchen setup with centos 5.11 in #201. Do you have any other idea that we can look into?

[chris-rock]

Here is my gem list from that machine:

[root@default-bento-centos-511 ~]# /opt/chef/embedded/bin/gem list

*** LOCAL GEMS ***

addressable (2.4.0)
appbundler (0.10.0)
ast (2.3.0)
bigdecimal (default: 1.2.8)
binding_of_caller (0.7.2)
blankslate (2.1.2.4)
builder (3.2.3)
bundler (1.12.5)
byebug (9.0.6)
chef (12.19.36)
chef-config (12.19.36)
chef-zero (5.3.0)
cheffish (4.1.1)
chefstyle (0.5.0)
coderay (1.1.1)
debug_inspector (0.0.2)
did_you_mean (1.0.0)
diff-lcs (1.3)
docile (1.1.5)
docker-api (1.33.2)
erubis (2.7.0)
excon (0.55.0)
faraday (0.11.0)
ffi (1.9.17)
ffi-yajl (2.3.0)
fuzzyurl (0.9.0)
gssapi (1.2.0)
gyoku (1.3.1)
hashie (3.5.3)
highline (1.7.8)
httpclient (2.8.3)
iniparse (1.4.2)
inspec (1.15.0)
io-console (default: 0.4.5)
ipaddress (0.8.3)
json (2.0.3, default: 1.8.3)
libyajl2 (1.2.0)
little-plugger (1.1.4)
logging (2.2.0)
method_source (0.8.2)
mini_portile2 (2.1.0)
minitest (5.8.3)
mixlib-archive (0.4.1)
mixlib-authentication (1.4.1)
mixlib-cli (1.7.0)
mixlib-config (2.2.4)
mixlib-log (1.7.1)
mixlib-shellout (2.2.7)
multi_json (1.12.1)
multipart-post (2.0.0)
net-scp (1.2.1)
net-sftp (2.1.2)
net-ssh (4.0.1)
net-ssh-gateway (1.3.0)
net-ssh-multi (1.2.1)
net-telnet (0.1.1)
nokogiri (1.7.0.1)
nori (2.6.0)
ohai (8.23.0)
parallel (1.11.1)
parser (2.4.0.0)
parslet (1.5.0)
plist (3.2.0)
power_assert (0.2.6)
powerpack (0.1.1)
proxifier (1.0.3)
pry (0.10.4)
pry-byebug (3.4.2)
pry-remote (0.1.8)
pry-stack_explorer (0.4.9.2)
psych (default: 2.0.17)
rack (2.0.1)
rainbow (2.2.1)
rake (11.3.0, 10.4.2)
rb-readline (0.5.4)
rdoc (default: 4.2.1)
rspec (3.5.0)
rspec-core (3.5.4)
rspec-expectations (3.5.0)
rspec-its (1.2.0)
rspec-mocks (3.5.0)
rspec-support (3.5.0)
rspec_junit_formatter (0.2.3)
rubocop (0.47.1)
ruby-prof (0.16.2)
ruby-progressbar (1.8.1)
ruby-shadow (2.5.0)
rubygems-update (2.6.10)
rubyntlm (0.6.1)
rubyzip (1.2.1)
serverspec (2.38.0)
sfl (2.3)
simplecov (0.13.0)
simplecov-html (0.10.0)
slop (3.6.0)
specinfra (2.66.9)
sslshake (1.0.13)
syslog-logger (1.6.8)
systemu (2.6.5)
test-unit (3.1.5)
thor (0.19.4)
toml (0.1.2)
train (0.22.1)
unicode-display_width (1.1.3)
uuidtools (2.1.5)
winrm (2.1.3)
winrm-fs (1.0.1)
wmi-lite (1.0.0)
[root@default-bento-centos-511 ~]# 

[koldrid]

Install Train 0.22.0 and then remove Train 0.22.1

[koldrid]

Train 0.22.0 was installed previously due to older chef-client/inspec versions

[koldrid]

Installing a new version of Inspec will not update Train since 0.22.0 is installed and its the minimum version required.

[chris-rock]

@koldrid Thank you for your finding. Seems like we should add some special handling here to ease the use of the new chef client.

[cheeseplus]

Resolved by https://github.com/chef-cookbooks/audit/issues/203