chef-vault gem no longer being installed

[bleything]

Today I provisioned a new node and when Chef ran I got this:

  NameError
  ---------
  uninitialized constant ChefVaultCookbook::ChefVault

  Cookbook Trace:
  ---------------
    /var/chef/cache/cookbooks/chef-vault/libraries/helpers.rb:36:in `chef_vault_item'
    /var/chef/cache/cookbooks/orcasnet-chef-vault/libraries/env_vault_item.rb:3:in `env_vault_item'
    /var/chef/cache/cookbooks/orcasnet-appserver/recipes/envdir.rb:46:in `from_file'
    /var/chef/cache/cookbooks/orcasnet-appserver/recipes/default.rb:52:in `from_file'

  Relevant File Content:
  ----------------------
  /var/chef/cache/cookbooks/chef-vault/libraries/helpers.rb:

   29:    # +node['chef-vault']['databag_fallback']+.
   30:    # @example
   31:    # item = chef_vault_item('secrets', 'bacon')
   32:    # log 'Yeah buddy!' if item['_default']['type']
   33:    # @param [String] bag Name of the data bag to load from.
   34:    # @param [String] id Identifier of the data bag item to load.
   35:    def chef_vault_item(bag, id)
   36>>     if ChefVault::Item.vault?(bag, id)
   37:        ChefVault::Item.load(bag, id)
   38:      elsif node['chef-vault']['databag_fallback']
   39:        Chef::DataBagItem.load(bag, id)
   40:      else
   41:        raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled"
   42:      end
   43:    end
   44:  
   45:    # Helper method which provides an environment wrapper for a data bag.

I dug in a bunch and discovered that starting with version 1.3.1 of this cookbook the chef-vault gem is no longer being installed at compile time, which is why it can't find ChefVault.

I'm guessing it's this commit which was part of #19. Honestly I can't figure out why that change would have caused this but I can't figure out what else it might have been.

/cc @johnbellone, since that was his change.

[bleything]

I tried putting this into my cookbook before include_recipe 'chef-vault':

chef_gem 'chef-vault' do
  version node['chef-vault']['version']
  compile_time true
end

... but it didn't make any difference, which is surprising, and makes me wonder if it might be something other than the change I suggested above.

I've reverted to 1.3.0 for now and am back in business but I'd be really curious to figure out what's going on here.

[johnbellone]

What version of Chef Client are you running?

[bleything]

Oops, I meant to specify that before. 12.8.1.

On Wednesday, March 16, 2016, John Bellone notifications@github.com wrote:

What version of Chef Client are you running?

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/chef-cookbooks/chef-vault/issues/51#issuecomment-197295681

[JPvRiel]

Thought I had a similar issue, but turns out I simply made the mistake of not having the data bag file extension as .json. Given it triggers the same error line 36>> if ChefVault::Item.vault?(bag, id) and line of code in the stack trace, thought I'd add the comment in case someone stumbles into this issue when googling that line. When chef-vault can't find the vault item, it spits out a 404 HTTP error...

      Recipe: chef-vault::default
         * chef_gem[chef-vault] action install
           - install version ~> 2.6 of package chef-vault
...
         Net::HTTPServerException
         ------------------------
         404 "Not Found"
...
           /tmp/kitchen/cache/cookbooks/chef-vault/libraries/helpers.rb:36:in `chef_vault_item'
...

I found this out by explicitly trying to load the data_bag item when using the chef-splunk recipe.

[howdoicomputer]

Also, if you add the chef-vault cookbook after a kitchen converge and then try to reconverge a second time then you're going to get a similar error since the chef-vault gem has to be installed during the Chef compilation phase.

[bleything]

This seems to have been resolved at some point. It works correctly with version 2.1.1.

[bleything]

... just kidding, no it doesn't.

[bleything]

... just kidding, I'm an idiot.

[salimkapadia]

I am using version 2.1.1 and I'm getting the same error.

[bleything]

I'm not sure. At some point, between upgrading the gem, the cookbook, and the chef-client, it started working. Just be sure you're adding include_recipe 'chef-vault' before you try using it.

[m2rt]

Chef client 12.21.12 chef-vault cookbook 2.1.1 and the gem wont get installed. The recipe is included and depended on, but still nothing. Works if I install the gem manually.

[shapeofarchitect]

@JPvRiel I met with the same issue when I have been working with the chef splunk cookbook and I am still not able to figure out how did you pass through it. I am using this under AWS OpsWorks so it fails to pass this stage when even I additionally added data_bags folder in my cookbook , here is the error , exactly the same.

Chef Version

12.0 with chef_zero

================================================================================
Recipe Compile Error in /var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-splunk/recipes/default.rb
================================================================================

Net::HTTPServerException
------------------------
404 "Not Found"

Cookbook Trace:
---------------
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-vault/libraries/helpers.rb:38:in `chef_vault_item'
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-splunk/recipes/setup_auth.rb:21:in `from_file'
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-splunk/recipes/client.rb:81:in `from_file'
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-splunk/recipes/default.rb:29:in `from_file'

Relevant File Content:
----------------------
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-vault/libraries/helpers.rb:

31:    # +node['chef-vault']['databag_fallback']+.
32:    # @example
33:    # item = chef_vault_item('secrets', 'bacon')
34:    # log 'Yeah buddy!' if item['_default']['type']
35:    # @param [String] bag Name of the data bag to load from.
36:    # @param [String] id Identifier of the data bag item to load.
37:    def chef_vault_item(bag, id)
38>>     if ChefVault::Item.vault?(bag, id)
39:        ChefVault::Item.load(bag, id)
40:      elsif node['chef-vault']['databag_fallback']
41:        data_bag_item(bag, id)
42:      else
43:        raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled"
44:      end
45:    end
46:  
47:    # Helper method which provides an environment wrapper for a data bag.

Platform:
---------
x86_64-linux

[shapeofarchitect]

Tagging @johnbellone @nathenharvey @sethvargo

[thommay]

@shapeofarchitect that's it saying you haven't got a data bag named as you expect; entirely unrelated to this issue.

[shapeofarchitect]

Thanks @thommay for your reply , So I am facing this issue only when I use it outside of kitchen in the first place chef-splunk server recipe passes data as below which should be interpreted , I hope I am able to make a valid point here , my kitchen converge pass as in fixtures I am using data_bags/vault/ file with id and auth values.

splunk_auth_info = chef_vault_item(:vault, "splunk_#{node.chef_environment}")['auth']

[thommay]

@shapeofarchitect our forums will be a much better place to discuss this; like I say, your problem is totally unrelated to this bug. Please post to https://discourse.chef.io .