amazon linux chef-client 13 platform_family issue

Stromweld commented 7 years ago

Cookbook version

2.6.1

Chef-client version

13.0.118

Platform Details

System Info:

chef_version=13.0.118
platform=amazon
platform_version=2017.03
ruby=ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-linux]
program_name=chef-client worker: ppid=4377;start=16:58:48;
executable=/opt/chef/bin/chef-client

Scenario:

disable OS specific firewall

Steps to Reproduce:

create amazon linux instance with firewall::disable_firewall in it's runlist.

Expected Result:

iptables service disabled

Actual Result:

Recipe: firewall::disable_firewall
  * firewall[default] action disable

    ================================================================================
    Error executing action `disable` on resource 'firewall[default]'
    ================================================================================

    Chef::Exceptions::ProviderNotFound
    ----------------------------------
    Cannot find a provider for firewall[default] on amazon version 2017.03

    Resource Declaration:
    ---------------------
    # In /var/chef/cache/cookbooks/firewall/recipes/disable_firewall.rb

     21: firewall 'default' do
     22:   action :disable
     23: end

    Compiled Resource:
    ------------------
    # Declared in /var/chef/cache/cookbooks/firewall/recipes/disable_firewall.rb:21:in `from_file'

    firewall("default") do
      action [:disable]
      default_guard_interpreter :default
      declared_type :firewall
      cookbook_name "firewall"
      recipe_name "disable_firewall"
    end

    System Info:
    ------------
    chef_version=13.0.118
    platform=amazon
    platform_version=2017.03
    ruby=ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-linux]
    program_name=chef-client worker: ppid=4377;start=16:58:48;
    executable=/opt/chef/bin/chef-client

Running handlers:
[2017-04-21T16:58:53-05:00] ERROR: Running exception handlers
Running handlers complete
[2017-04-21T16:58:53-05:00] ERROR: Exception handlers complete
Chef Client failed. 3 resources updated in 04 seconds
[2017-04-21T16:58:53-05:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2017-04-21T16:58:53-05:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-04-21T16:58:53-05:00] ERROR: firewall[default] (firewall::disable_firewall line 21) had an error: Chef::Exceptions::ProviderNotFound: Cannot find a provider for firewall[default] on amazon version 2017.03
[2017-04-21T16:58:53-05:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

Generated at 2017-04-21 16:58:53 -0500
Chef::Exceptions::ProviderNotFound: firewall[default] (firewall::disable_firewall line 21) had an error: Chef::Exceptions::ProviderNotFound: Cannot find a provider for firewall[default] on amazon version 2017.03
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/provider_resolver.rb:63:in `resolve'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource.rb:1398:in `provider_for_action'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource.rb:591:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:69:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:97:in `block (2 levels) in converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:97:in `each'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:97:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/resource_list.rb:94:in `block in execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/resource_list.rb:92:in `execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:96:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:715:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:710:in `catch'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:710:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:749:in `converge_and_save'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:286:in `run'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:291:in `block in fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:279:in `fork'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:279:in `fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:244:in `block in run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/local_mode.rb:44:in `with_server_connectivity'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:232:in `run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:451:in `block in interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:450:in `loop'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:450:in `interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:434:in `run_application'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:59:in `run'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/bin/chef-client:26:in `<top (required)>'
/usr/bin/chef-client:58:in `load'
/usr/bin/chef-client:58:in `<main>'

>>>> Caused by Chef::Exceptions::ProviderNotFound: Cannot find a provider for firewall[default] on amazon version 2017.03
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/provider_resolver.rb:63:in `resolve'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource.rb:1398:in `provider_for_action'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource.rb:591:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:69:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:97:in `block (2 levels) in converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:97:in `each'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:97:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/resource_list.rb:94:in `block in execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/resource_collection/resource_list.rb:92:in `execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/runner.rb:96:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:715:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:710:in `catch'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:710:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:749:in `converge_and_save'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/client.rb:286:in `run'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:291:in `block in fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:279:in `fork'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:279:in `fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:244:in `block in run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/local_mode.rb:44:in `with_server_connectivity'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:232:in `run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:451:in `block in interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:450:in `loop'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:450:in `interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application/client.rb:434:in `run_application'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/lib/chef/application.rb:59:in `run'
/opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.0.118/bin/chef-client:26:in `<top (required)>'
/usr/bin/chef-client:58:in `load'
/usr/bin/chef-client:58:in `<main>'

Stromweld commented 7 years ago

I believe this has to do with the change in chef-client 13 for amazon linux to now be it's own platform_family. Not totally sure what needs to be fixed in the cookbook however. I thought it may simply be needing amazon added to the array on this line: https://github.com/chef-cookbooks/firewall/blob/master/libraries/provider_firewall_iptables.rb#L25

But I'm sure there is more to it than that.

martinb3 commented 7 years ago

Hi there @Stromweld -- we haven't supported Amazon Linux up to this point. I'd be glad to review PRs, but there's a number of differences that I'm aware of:

No way to test locally (must be tested on EC2)
Package and service names for iptables are different on Amazon Linux vs Red Hat
Platform and platform_family and platform_version are all different on Red Hat

I think this would take more work to support than just a simple bugfix. I'll leave this open as an enhancement. 👍

Stromweld commented 7 years ago

According to your metadata file this cookbook is supposed to support amazon linux os. It simply uses iptables. Up until chef-client 13 amazon linux had attribute platform_family = 'rhel' but with 13's release they made amazon linux it's own platform_family now and this has made a lot of multiplatform cookbooks have to update case statements using platform_family to add rhel and amazon.

Stromweld commented 7 years ago

I was trying to figure out how the cookbook determines which OS is associated with which default firewall app. From what I could figure it might be simply adding amazon to this line https://github.com/chef-cookbooks/firewall/blob/master/libraries/provider_firewall_iptables.rb#L25.

I can try it out and test to see if it works.

martinb3 commented 7 years ago

According to your metadata file this cookbook is supposed to support amazon linux os.

@Stromweld it looks like that was added to all cookbooks under chef-cookbooks over a year ago without anyone checking to see if it's true, unfortunately -- https://github.com/chef-cookbooks/firewall/commit/95f322be1a6065f3ec42f386b4f654adc5b1aec9. I'll fix that 👍

It simply uses iptables.

There's actually a lot of variation in iptables between versions and amongst Linux distributions. These are typically how the service is managed, package names, how they split up ipv4 and ipv6 (combined or separate), and where config files live. We're actually maintaining three different iptables variations already in this cookbook, due to distro differences -- and I can already see that Amazon Linux has different packages than the others (see #154).

Stromweld commented 7 years ago

Ok that makes sense then. Thanks.

martinb3 commented 7 years ago

Marking this on hold until we have someone who can work on this.

martinb3 commented 7 years ago

Consolidating the request to support Amazon Linux under #172.

sous-chefs / firewall