Require SSH

[szechyjs]

I'm not sure where this got changed, but since I updated to the new cookbook that uses omnibus-toolchain openssh-clients doesn't get installed which results in git clones not working.

The following shell command exited with status 128:

    $ git ls-remote "git@git.hostname.com:repo.git" "master*"

Output:

    (nothing)

Error:

    error: cannot run ssh: No such file or directory
fatal: unable to fork

[schisamo]

/cc @scotthain

[scotthain]

@szechyjs I think I have an idea how this happened - what OS distro/version are you using?

[szechyjs]

I'm on CentOS 5/6/7

[scotthain]

@szechyjs do you happen to know which version of the cookbook you were using where this worked? I've been debugging with pre v4.0.0 and it doesn't appear to actually install the openssh-clients package.

[szechyjs]

I don't know the exact version, but my last build was on March 14th, so whatever version was published at that time.

edit: looks like that would match up with 3.2.5 ?

[scotthain]

@szechyjs I haven't been able to replicate this with minimal installs (non kickstart) of centos 6 or 7, it appears that openssh-clients of some version or other is installed by default. Were these machines provisioned via kickstart? Also just out of curiosity, when you install openssh-clients, does it work?

edit - sorry only centos 7 appears to have it built in, testing with 6 now. edit2 - replicated on 6

[scotthain]

@szechyjs ok so I'm a little stumped now. Here's what I've found, maybe you can help me fill in any blanks:

assuming omnibus ~ v3.2.5, that would mean you're likely using build-essential ~v2.3.x Here's what I did:

• installed all packages manually from build-essential
• installed all packages installed via the chef package resource from omnibus
• installed omnibus-toolchain (latest)

As you showed, it definitely doesn't work at this point, I get the same issue.

This makes me think perhaps one of the following is correct:

• the software def you're using changed from a http:// source to a git source and this is a bug that we've just managed to magically miss for a long time!
• something else may have changed in your environment with regard to base setup of the centos nodes? (worth a second look maybe. I'm sure you've already checked it out.)
• something changed with regard to the default packages on a minor/patch release of centos (unlikely but possible, I guess)

All that being said, it doesn't solve the problem you're running into. I'm leaning more towards adding the ssh client to build-essential just to ensure it's there (rather than building it into the toolchain itself).

@chef-cookbooks/engineering-services y'all have any opinions?

[szechyjs]

• My software defs have always used ssh as they authenticate with a private key.
• I'm using docker for my builds with the following base images: centos:5, centos:6, centos:7. Perhaps something has changed in these base images since March.

Here is the script that builds my docker image.

#!/bin/bash

CHEF_VERSION="12.11.18"

if [ "$BASE_VERSION" == "centos5" ]; then
    yum install -y curl
fi

if [ "$BASE_VERSION" == "centos5" ] || [ "$BASE_VERSION" == "centos7" ]; then
    cat << EOF > /etc/yum.repos.d/epel-bootstrap.repo
[epel]
name=EPEL
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-\$releasever&arch=\$basearch
failovermethod=priority
enabled=0
gpgcheck=0
EOF
    yum --enablerepo=epel -y install epel-release
    rm -f /etc/yum.repos.d/epel-bootstrap.repo
fi

curl -L https://www.chef.io/chef/install.sh | bash -s -- -v $CHEF_VERSION

mkdir /tmp/chefrepo
cd /tmp/chefrepo

cat > Cheffile << EOF
site 'https://supermarket.getchef.com/api/v1'

cookbook 'omnibus'
EOF

/opt/chef/embedded/bin/gem install librarian-chef --no-ri --no-rdoc
/opt/chef/embedded/bin/librarian-chef install

chef-client -z -o "omnibus"

yum remove -y chef
yum install -y openssh-clients

rm -rf /opt/chef /tmp/chefrepo /root/.chef