RahulVenchal
commented
3 years ago Hi @grdz ,
I am also facing the similar issue. Can you let me know the resolution if the issue is fixed ?
Closed grdz closed 3 years ago
RahulVenchal
commented
3 years ago Hi @grdz ,
I am also facing the similar issue. Can you let me know the resolution if the issue is fixed ?
grdz
commented
3 years ago @RahulVenchal I figured out that this is because new versions of chef-client already contain chef_vault_secret. On my nodes, with chef-client 16.1.0, this resource is already defined here, after you have chef-client installed:
/opt/chef/embedded/lib/ruby/gems/2.7.0/gems/chef-16.1.0/lib/chef/resource/chef_vault_secret.rbAnd so, there is no need to still provide this resource in chef-vault cookbook. Because chef_vault_secret resource is defined both in chef-client and in chef-vault cookbook, that's why the error is happening. So I removed resource chef_vault_secret from chef-vault cookbook on my selfhosted Chef server, by doing on my workstation:
rm cookbooks/chef-vault/resources/secret.rb
knife upload cookbooks/chef-vaultKeep in mind that I am using chef-vault cookbook version 4.0.3 and chef-client version 16.1.0. If you have nodes with lower version of chef-client, that does not include chef_vault_secret and does not generate the error about resource being overridden, then it might be problematic. Because then removing this resource from chef-vault cookbook might break your recipes which are using vaults, on nodes with this lower version of chef-client. It could also be problematic if in future releases of chef-client someone will decide to remove chef_vault_secret resource, then we might have to restore cookbooks/chef-vault/resources/secret.rb file.
RahulVenchal
commented
3 years ago Thanks for the Update @grdz . I am trying to upgrade chef to 16.9.29 version so yeah i will have to remove secret.rb resource from chef-vault cookbook. Also i am seeing below WARN's , do you happen to came across these aswell ?
[2021-02-04T01:51:32-06:00] WARN: Resource hostname built into Chef Infra Client is being overridden by the resource from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list. [2021-02-04T01:51:32-06:00] WARN: Resource chef_client_scheduled_task built into Chef Infra Client is being overridden by the resource from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list. [2021-02-04T01:51:32-06:00] WARN: Resource user_ulimit built into Chef Infra Client is being overridden by the resource from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list. [2021-02-04T01:51:33-06:00] WARN: OS is lower than 7.4 and CPU does not support rdrand, or node is a VM, skipping rngd config.
grdz
commented
3 years ago @RahulVenchal no, unfortunately I did not found those WARNs on my nodes. Probably because I am not using cookbooks that you're using and that are causing these warns. But I would guess that the reasons of those warnings are similar. You probably have cookbooks which include resources like hostname, and chef_client_scheduled_task or user_ulimit and might try to remove those resources, because it seems like new version of chef-client already have those resources built-in.
I do not understand the last warn, about OS being lower than 7.4.
I don't understand why it is happening? During my chef-client run on a node:
I upgraded chef-vault cookbook to 4.0.3, chef-server is 13.2.0, chef-client is 16.x and this is still happening. The cookbook that is in the run_list for this node contains
depends chef-vaultin metadata.rb andinclude_recipe 'chef-vault'in a recipe. Resourcechef_vault_secretis used only in cookbookchef-vaulton mychef-server, nowhere else. How and where this resource on the client might be overriding resource from a cookbook? Seems like a bug for me.