Converge fails under Debian Buster

[axl89]

:speaking_head: Foreword

When running Chef in Debian Buster 10, it fails to converge on the openvpn::apt-repo recipe. Environment details below.

:ghost: Brief Description

It seems that the recipe does not check if gpg utility is installed. By running apt install gpg -y we got the converge working.

:pancakes: Cookbook version

v5.1.1

:woman_cook: Chef-Infra Version

16.5.77

:tophat: Platform details

Cloud provider AWS: AMI-ID: ami-00b951edb5915f3a8 (eu-west-1).

    chef_version=16.5.77
    platform=debian
    platform_version=10
    ruby=ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]
    program_name=/usr/bin/chef-client
    executable=/opt/chef/bin/chef-client

Steps To Reproduce

Steps to reproduce the behavior:

1. Add the following runlist without any attribute set:

   "recipe[openvpn::server]",
   "recipe[openvpn::users]",
   "recipe[openvpn::easy_rsa]"

2. Run Chef-client and watch it fail:

Recipe: openvpn::apt-repo
  * apt_repository[openvpn] action add
    * execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
    * apt_update[openvpn] action nothing (skipped due to action :nothing)
    * remote_file[/var/chef/cache/https___swupdate_openvpn_net_repos_repo-public_gpg] action create

      ================================================================================
      Error executing action `create` on resource 'remote_file[/var/chef/cache/https___swupdate_openvpn_net_repos_repo-public_gpg]'
      ================================================================================

      Errno::ENOENT
      -------------
      No such file or directory - gpg

      Resource Declaration:
      ---------------------
      # In /opt/chef/embedded/lib/ruby/gems/2.7.0/gems/chef-16.5.77/lib/chef/resource/apt_repository.rb

      262:           declare_resource(key_type(key), cached_keyfile) do
      263:             source key
      264:             mode "0644"
      265:             sensitive new_resource.sensitive
      266:             action :create
      267:             verify "gpg --homedir #{tmp_dir} %{path}"
      268:           end
      269: 

      Compiled Resource:
      ------------------
      # Declared in /opt/chef/embedded/lib/ruby/gems/2.7.0/gems/chef-16.5.77/lib/chef/resource/apt_repository.rb:262:in `install_key_from_uri'

      remote_file("/var/chef/cache/https___swupdate_openvpn_net_repos_repo-public_gpg") do
        action [:create]
        default_guard_interpreter :default
        source ["https://swupdate.openvpn.net/repos/repo-public.gpg"]
        declared_type :remote_file
        cookbook_name "openvpn"
        mode "0644"
        remote_domain nil
        remote_user nil
        verifications [#<Chef::Resource::File::Verification:0x000055f39113b980 @command_opts={}, @command="gpg --homedir /tmp/.gpg20201007-952-gn56v5 %{path}", @block=nil, @parent_resource=<remote_file[/var/chef/cache/https___swupdate_openvpn_net_repos_repo-public_gpg] @name: "/var/chef/cache/https___swupdate_openvpn_net_repos_repo-public_gpg" @before: nil @params: nil @provider: nil @allowed_actions: [:nothing, :create, :delete, :touch, :create_if_missing] @action: [:create] @updated: false @updated_by_last_action: false @source_line: "/opt/chef/embedded/lib/ruby/gems/2.7.0/gems/chef-16.5.77/lib/chef/resource/apt_repository.rb:262:in `install_key_from_uri'" @guard_interpreter: nil @default_guard_interpreter: :default @elapsed_time: 0 @source: ["https://swupdate.openvpn.net/repos/repo-public.gpg"] @declared_type: :remote_file @cookbook_name: "openvpn" @recipe_name: nil @mode: "0644" @remote_domain: nil @remote_user: nil @sensitive: false @verifications: [...] @path: "/var/chef/cache/https___swupdate_openvpn_net_repos_repo-public_gpg" @owner: nil @group: nil @headers: {}>>]
        path "/var/chef/cache/https___swupdate_openvpn_net_repos_repo-public_gpg"
        owner nil
        group nil
        headers {}
      end

:police_car: Expected behavior

Chef client should be able to converge successfully. It MAY need to check of gpg and install it if necessary.

:heavy_plus_sign: Additional context

[ramereth]

@axl89 I can confirm this is the case. The dokken images already have gpg installed so this is missed. Feel free to create a PR to to address this otherwise we'll get to this when we can!