Cookbook fails on CentOS Linux release 7.2.1511 - kernel.exec-shield #166
Comments
|
Yep, that block should be yanked or the guard needs to be adjusted to only apply to CentOS/RHEL <7 In RHEL7+ exec-shield is enabled by default and the /proc entry has been removed. |
|
Same issue here. Indeed, unsetting the attribute using comments does work. Currently this bug fails all my chef-client runs, any idea when a bugfix will be available? |
|
I'll have a look this week, @jonasduarte @djessich @bdwyertech thanks for reporting! |
|
@bdwyertech can you maybe link me to the source of this changelog? |
|
This issue got visible due a refactoring of sysctl cookbook (Sous-Chefs-Boneyard/sysctl#61) in 0.10.0. I will fix it, however I'm not completely happy with some upstream changes in sysctl and would like to get them fixed as well. So my idea is to introduce a version pinning in the mean time for sysctl dependency like |
|
That sounds good to me. Another options is to introduce a check for the CentOS/RHEL version <7, like suggested by @bdwyertech. rgs. |
|
@jonasduarte yes, the idea is to have a fix (check for rhel 7) and version pinning in the same time |
as its enabled per default and can't be switched off Introduction of temporary version pinning for sysctl cookbook, see #166 (comment)
|
I'm guessing the version pinning of sysctl is due to the whole one file per sysctl value? @artem-sidorenko I see why that's a pain in the butt, I'm not really sure how I feel about it either |
|
@bdwyertech right, this is the point. I understand the reason for going this way, as sysctl devs refactored the cookbook to the chef 12.5-resources, what probably even makes sense. I miss however the cleanup of old files, which are unmanaged now. So you can run into situation, if you do a switch of some sysctl flag, it will have no effect because of the old file. |
|
2.1.1 is released with this fix |
When running the cookbook from the supermarket on a CentOS Linux release 7.2.1511 node, AWS AMI ami-6d1c2007, I get the following error:
###############################################
"Running handlers:
[2017-08-10T15:51:30-03:00] ERROR: Running exception handlers
[2017-08-10T15:51:30-03:00] ERROR: Running exception handlers
Running handlers complete
[2017-08-10T15:51:30-03:00] ERROR: Exception handlers complete
[2017-08-10T15:51:30-03:00] ERROR: Exception handlers complete
Chef Client failed. 2 resources updated in 03 seconds
[2017-08-10T15:51:30-03:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2017-08-10T15:51:30-03:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2017-08-10T15:51:30-03:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-08-10T15:51:30-03:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-08-10T15:51:30-03:00] ERROR: sysctl_param[kernel.exec-shield] (sysctl::default line 26) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '255'
---- Begin output of sysctl -w "kernel.exec-shield=1" ----
STDOUT:
STDERR: sysctl: cannot stat /proc/sys/kernel/exec-shield: No such file or directory
---- End output of sysctl -w "kernel.exec-shield=1" ----
Ran sysctl -w "kernel.exec-shield=1" returned 255
[2017-08-10T15:51:30-03:00] ERROR: sysctl_param[kernel.exec-shield] (sysctl::default line 26) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '255'
---- Begin output of sysctl -w "kernel.exec-shield=1" ----
STDOUT:
STDERR: sysctl: cannot stat /proc/sys/kernel/exec-shield: No such file or directory
---- End output of sysctl -w "kernel.exec-shield=1" ----
Ran sysctl -w "kernel.exec-shield=1" returned 255
[2017-08-10T15:51:30-03:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
[2017-08-10T15:51:30-03:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
">>>>>> ------Exception-------
###################################
To solve this problem I made a local copy e edited the file attributes/sysctl.rb, commenting out the following block:
"case node['platform_family']
when 'rhel', 'fedora'
default['sysctl']['params']['kernel']['exec-shield'] = 1
end"
The text was updated successfully, but these errors were encountered: