Closed bmhughes closed 4 years ago
I’m not sure if we’re using the rule resource incorrectly or whether this is another Chef 12 issue, but while testing whether this branch fixes the Chef 12 incompatibility, we used this code:
iptables_rule 'bridge_forwarding' do
source 'iptables.erb'
cookbook_name 'iptables'
action :create
chain 'FORWARD'
match '-i brvpn -o brvpn'
target 'ACCEPT'
end
and it broke with this error:
* template[/etc/iptables/rules.v4] action nothing[2020-01-14T08:59:54+00:00] INFO: Processing template[/etc/iptables/rules.v4] action nothing (/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.21.4/lib/chef/dsl/declare_resource.rb line 158)
(skipped due to action :nothing)
[2020-01-14T08:59:54+00:00] INFO: template[/etc/iptables/rules.v4] sending create action to template[/etc/iptables/rules.v4] (delayed)
* template[/etc/iptables/rules.v4] action create[2020-01-14T08:59:54+00:00] INFO: Processing template[/etc/iptables/rules.v4] action create (/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.21.4/lib/chef/dsl/declare_resource.rb line 158)
================================================================================
Error executing action `create` on resource 'template[/etc/iptables/rules.v4]'
================================================================================
Chef::Exceptions::FileNotFound
------------------------------
Cookbook 'ch-openvpn-cluster' (0.1.0) does not contain a file at any of these locations:
templates/ubuntu-16.04/rules.v4.erb
templates/ubuntu/rules.v4.erb
templates/default/rules.v4.erb
templates/rules.v4.erb
This cookbook _does_ contain: ['/tmp/kitchen/cache/cookbooks/ch-openvpn-cluster/templates/default/bridge.erb','/tmp/kitchen/cache/cookbooks/ch-openvpn-cluster/templates/default/bridge_forwarding.erb']
Resource Declaration:
---------------------
# In /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.21.4/lib/chef/dsl/declare_resource.rb
158: declare_resource(type, name, created_at, run_context: run_context, &resource_attrs_block)
159: end
Compiled Resource:
------------------
# Declared in /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.21.4/lib/chef/dsl/declare_resource.rb:158:in `rescue in edit_resource'
template("/etc/iptables/rules.v4") do
action [:nothing]
retries 0
retry_delay 2
default_guard_interpreter :default
source "rules.v4.erb"
variables {"iptables"=>{"filter"=>{"chains"=>{"INPUT"=>"ACCEPT [0:0]", "FORWARD"=>"ACCEPT [0:0]", "OUTPUT"=>"ACCEPT [0:0]"}, "rules"=>["-A FORWARD -i brvpn -o brvpn -j ACCEPT -m comment --comment \"/etc/iptables/rules.v4\""]}}}
declared_type :template
cookbook_name "ch-openvpn-cluster"
owner nil
group nil
mode "0600"
path "/etc/iptables/rules.v4"
verifications []
end
System Info:
------------
chef_version=12.21.4
platform=ubuntu
platform_version=16.04
ruby=ruby 2.3.4p301 (2017-03-30 revision 58214) [x86_64-linux]
program_name=chef-client worker: ppid=1519;start=08:58:26;
executable=/opt/chef/bin/chef-client
We tried with cookbook
instead of cookbook_name
and with leaving out source
and cookbook_name
altogether; none of which fixed or changed that error.
Ok let me check this out in a bit, I've tested with 12.22.5 and it was working. For some reason it's trying to use the rules file path as the source template.
You shouldn't need to specific cookbook or source unless you want to use a custom template.
I can't reproduce that behaviour using Ubuntu 16.04 and that exact chef version, that resource definition works for me. (with cookbook_name
corrected to cookbook
)
There must be something in the wrapper cookbook that is affecting it, do you experience the same problem with a later Chef version? I'd presume yes from the error. You need to debug how the source is getting changed to rules.v4.erb
.
Thanks for testing. I don’t know what the wrapper cookbook could be doing to cause this, but I’m going to try to dig deeper.
In the meantime, I’m pretty sure we can reproduce this problem without using this branch (by using line
instead of target
/chain
, so I guess this is unrelated.
That's even stranger if using line
works as the template at the end is still the same, it's just how the rule_builder
helper method works that changes.
Is a sanitised version of this wrapper available for me to test with? As if there is a subtle issue I'd like to fix it, that said Chef 12 was EOL in April last year so I'd avoid making any major changes based on that.
@bmhughes Makes sense. Please see #110 for my analysis of the issue.
Closing this as there is a rewrite being done at #108
Description
Issues Resolved
103
104
107
Check List