search

chef-boneyard / audit

Audit Cookbook for Chef Compliance
https://supermarket.chef.io/cookbooks/audit
Apache License 2.0
57 stars 59 forks source link

chef-client audit-mode exception when the audit cookbook is used #34

Closed alexpop closed 5 years ago

alexpop commented 8 years ago

Cookbook version

audit 0.5.0

Chef-client version

12.5.1, 12.9.38

Platform Details

CentOS 6

Steps to Reproduce:

Run chef-client in audit mode with the audit::default in the runlist. The failure is not impacting in any way the chef-client run.

[root@vagrant-local-linux ~]# chef-client --audit-mode enabled
Starting Chef Client, version 12.5.1
resolving cookbooks for run list: ["audit::default"]
Synchronizing Cookbooks:
  - audit (0.5.0)
Compiling Cookbooks...
Converging 2 resources
Recipe: audit::default
  * compliance_profile[mylinux] action fetch
    * chef_gem[inspec] action install (up to date)
[2016-04-26T18:13:30+00:00] WARN: Using inspec version: (0.19.3)
    - install/update inspec
    * directory[/var/chef/cache/compliance] action create (up to date)
    - fetch compliance profile
    * chef_gem[inspec] action install (up to date)
    * directory[/var/chef/cache/compliance] action create (up to date)

  * compliance_profile[mylinux] action execute
    * chef_gem[inspec] action install (up to date)
[2016-04-26T18:13:30+00:00] WARN: Using inspec version: (0.19.3)
    - install/update inspec..F

Failures:

  1) Service iptables should be running
     Failure/Error: Unable to find admin/mylinux/controls/services_spec.rb to read failed line
       expected that `Service iptables` is running
     # admin/mylinux/controls/services_spec.rb:12:in `block (3 levels) in load'
     # /var/chef/cache/cookbooks/audit/libraries/profile.rb:112:in `block (2 levels) in <class:ComplianceProfile>'
     # /var/chef/cache/cookbooks/audit/libraries/profile.rb:93:in `block in <class:ComplianceProfile>'

Finished in 0.09885 seconds (files took 0.78511 seconds to load)
3 examples, 1 failure

Failed examples:

rspec  # Service iptables should be running

    - execute compliance profile
    * chef_gem[inspec] action install (up to date)
    * file[/var/chef/cache/compliance/admin_mylinux_report.json] action create
      - update content in file /var/chef/cache/compliance/admin_mylinux_report.json from 6f5303 to de6456
      - suppressed sensitive resource
      - restore selinux security context

  * compliance_report[chef-server] action execute
    - report compliance profiles' results
Starting audit phase
RSpec's reporter has already been initialized with #<IO:<STDOUT>> as the output stream, so your change to `output_stream` will be ignored. You should configure it earlier for it to take effect. (Called from /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/audit/runner.rb:120:in `set_streams')

[2016-04-26T18:13:31+00:00] ERROR: Audit phase failed with error message: undefined method `split' for nil:NilClass

Audit phase exception:
  undefined method `split' for nil:NilClass
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/audit/audit_event_proxy.rb:63:in `build_control_from'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/audit/audit_event_proxy.rb:48:in `block in stop'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/audit/audit_event_proxy.rb:47:in `each'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/audit/audit_event_proxy.rb:47:in `stop'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/reporter.rb:184:in `block in notify'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/reporter.rb:183:in `each'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/reporter.rb:183:in `notify'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/reporter.rb:178:in `stop'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/reporter.rb:152:in `block in finish'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/reporter.rb:170:in `close_after'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/reporter.rb:151:in `finish'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/reporter.rb:79:in `report'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/rspec-core-3.3.2/lib/rspec/core/runner.rb:113:in `run_specs'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/audit/runner.rb:189:in `do_run'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/audit/runner.rb:35:in `run'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/client.rb:721:in `run_audits'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/client.rb:276:in `run'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application.rb:270:in `block in fork_chef_client'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application.rb:258:in `fork'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application.rb:258:in `fork_chef_client'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application.rb:224:in `block in run_chef_client'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/local_mode.rb:44:in `with_server_connectivity'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application.rb:212:in `run_chef_client'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application/client.rb:408:in `block in interval_run_chef_client'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application/client.rb:398:in `loop'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application/client.rb:398:in `interval_run_chef_client'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application/client.rb:388:in `run_application'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/lib/chef/application.rb:60:in `run'
  /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/chef-12.5.1/bin/chef-client:26:in `<top (required)>'
  /usr/bin/chef-client:54:in `load'
  /usr/bin/chef-client:54:in `<main>'

  Running handlers:
  Running handlers complete
  Chef Client finished, 4/10 resources updated in 05 seconds
[2016-04-26T18:13:31+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2016-04-26T18:13:31+00:00] ERROR: Found 1 errors, they are stored in the backtrace
[2016-04-26T18:13:32+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
[root@vagrant-local-linux ~]#
chris-rock commented 8 years ago

@alexpop Thanks for bringing this up. This is a result of using Serverspec and InSpec within the same run. The problem here is RSpec. It uses a global world and configuration. I assume we need to destroy our configuration in a inspec teardown phase.

lamont-granquist commented 5 years ago

chef-client's audit mode is deprecated and is due to be removed in chef-client 15.

that audit mode and this audit cookbook are strictly incompatible and this isn't a bug in this cookbook.