Skip to content

Instantly share code, notes, and snippets.

@dayne
Last active January 31, 2018 02:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dayne/3106249b0acc533eac3f911a0613f2be to your computer and use it in GitHub Desktop.
Save dayne/3106249b0acc533eac3f911a0613f2be to your computer and use it in GitHub Desktop.
chef-client-13.7 and firewall cookbook sad for iptables

Using this GIST to capture a few debug sessions for a support ticket firewall issue#185

-----> Starting Kitchen (v1.17.0)
D [Vagrant command] BEGIN (vagrant --version)
D [Vagrant command] END (0m0.02s)
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 library loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D [Vagrant command] BEGIN (vagrant plugin list)
D [Vagrant command] END (0m0.24s)
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D winrm requested, loading winrm gem (["~> 2.0"])
D winrm is loaded.
D winrm-fs requested, loading winrm-fs gem (["~> 1.0"])
D winrm-fs is loaded.
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
-----> Converging <default-centos-69>...
Preparing files for transfer
D Creating local sandbox in /tmp/default-centos-69-sandbox-20180129-7052-s31kh
Preparing dna.json
D Creating dna.json from {:firewall=>{:allow_ssh=>true, :allow_winrm=>true, :allow_mosh=>true, :allow_loopback=>true, :allow_icmp=>true, :firewalld=>{:permanent=>true}}, :run_list=>["recipe[firewall::default]", "recipe[firewall-test::default]"]}
Resolving cookbook dependencies with Berkshelf 6.3.1...
D Using Berksfile from /home/dbbroderson/projects/firewall/Berksfile
Removing non-cookbook files before transfer
Preparing validation.pem
D Using a dummy validation.pem
Preparing client.rb
D Creating client.rb from {:node_name=>"default-centos-69", :checksum_path=>"/tmp/kitchen/checksums", :file_cache_path=>"/tmp/kitchen/cache", :file_backup_path=>"/tmp/kitchen/backup", :cookbook_path=>["/tmp/kitchen/cookbooks", "/tmp/kitchen/site-cookbooks"], :data_bag_path=>"/tmp/kitchen/data_bags", :environment_path=>"/tmp/kitchen/environments", :node_path=>"/tmp/kitchen/nodes", :role_path=>"/tmp/kitchen/roles", :client_path=>"/tmp/kitchen/clients", :user_path=>"/tmp/kitchen/users", :validation_key=>"/tmp/kitchen/validation.pem", :client_key=>"/tmp/kitchen/client.pem", :chef_server_url=>"http://127.0.0.1:8889", :encrypted_data_bag_secret=>"/tmp/kitchen/encrypted_data_bag_secret", :treat_deprecation_warnings_as_errors=>false, :named_run_list=>{}}
D [SSH] vagrant@127.0.0.1<{:user_known_hosts_file=>"/dev/null", :paranoid=>false, :port=>"2209", :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :keys_only=>true, :keys=>["/home/dbbroderson/projects/firewall/.kitchen/kitchen-vagrant/default-centos-69/.vagrant/machines/default/virtualbox/private_key"], :auth_methods=>["publickey"]}> (sudo -E sh -c '
chef_omnibus_root="/opt/chef"
chef_omnibus_url="https://omnitruck.chef.io/install.sh"
install_flags="-v 13 -d /tmp/omnibus/cache"
pretty_version="13"
sudo_sh="sudo -E sh"
version="13"
tmp_stderr="/tmp/stderr";
# capture_tmp_stderr SOURCE
capture_tmp_stderr() {
# spool up $tmp_stderr from all the commands we called
if test -f "$tmp_stderr"; then
output="`cat $tmp_stderr`";
stderr_results="${stderr_results}\nSTDERR from $1:\n\n${output}\n";
rm $tmp_stderr;
fi
}
# do_curl URL FILENAME
do_curl() {
echo "Trying curl...";
curl -sL -D "$tmp_stderr" "$1" > "$2";
ec=$?;
# check for 404
grep "404 Not Found" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "curl";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# do_download URL FILENAME
do_download() {
echo "Downloading ${1} to file ${2}";
exists wget;
if test $? -eq 0; then
do_wget "$1" "$2" && return 0;
fi
exists curl;
if test $? -eq 0; then
do_curl "$1" "$2" && return 0;
fi
exists fetch;
if test $? -eq 0; then
do_fetch "$1" "$2" && return 0;
fi
exists python;
if test $? -eq 0; then
do_python "$1" "$2" && return 0;
fi
exists perl;
if test $? -eq 0; then
do_perl "$1" "$2" && return 0;
fi
unable_to_download "$1" "$2";
}
# do_fetch URL FILENAME
do_fetch() {
echo "Trying fetch...";
fetch -o "$2" "$1" 2>"$tmp_stderr";
ec=$?;
# check for 404
grep "Not Found" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "fetch";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# do_perl URL FILENAME
do_perl() {
echo "Trying perl...";
perl -e "use LWP::Simple; getprint(\$ARGV[0]);" "$1" > "$2" 2>"$tmp_stderr";
ec=$?;
# check for 404
grep "404 Not Found" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "perl";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# do_python URL FILENAME
do_python() {
echo "Trying python...";
python -c "import sys,urllib2 ; sys.stdout.write(urllib2.urlopen(sys.argv[1]).read())" "$1" > "$2" 2>"$tmp_stderr";
ec=$?;
# check for 404
grep "HTTP Error 404" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "python";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# do_wget URL FILENAME
do_wget() {
echo "Trying wget...";
wget -O "$2" "$1" 2>"$tmp_stderr";
ec=$?;
# check for 404
grep "ERROR 404" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "wget";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# exists COMMAND
exists() {
if command -v "$1" >/dev/null 2>&1; then
return 0;
else
return 1;
fi
}
# http_404_error URL
http_404_error() {
echo ">>>>>> Downloading ${1} resulted in an HTTP/404, aborting";
exit 40;
}
# should_update_chef ROOT VERSION
should_update_chef() {
if test ! -d "$1"; then
return 0;
elif test "$2" = "true"; then
return 1;
elif test "$2" = "latest"; then
return 0;
fi
if test -f "${1}/version-manifest.txt"; then
chef_version="`head -n 1 ${1}/version-manifest.txt | cut -d \" \" -f 2`";
else
chef_version="`${1}/bin/chef-solo -v | cut -d \" \" -f 2`";
fi
echo "$chef_version" | grep "^${2}" 2>&1 >/dev/null;
if test $? -eq 0; then
return 1;
else
echo "${2}" | grep "^$chef_version" 2>&1 >/dev/null;
if test $? -eq 0; then
return 1;
else
return 0;
fi
fi
}
# unable_to_download URL FILE
unable_to_download() {
echo "Unable to download $1 to $2, aborting";
if test "x${stderr_results}" != "x"; then
echo "\nDEBUG OUTPUT FOLLOWS:\n${stderr_results}";
fi
exit 10;
}
# main
main() {
should_update_chef "$chef_omnibus_root" "$version"
if test $? -eq 0; then
echo "-----> Installing Chef Omnibus (${pretty_version})";
# solaris 10 lacks recent enough credentials, so http url is used
platform="`/usr/bin/uname -s 2>/dev/null`";
platform_version="`/usr/bin/uname -r 2>/dev/null`";
if test "x${platform}" = "xSunOS" && test "x${platform_version}" = "x5.10"; then
chef_omnibus_url=`echo "$chef_omnibus_url" | sed -e "s/https/http/"`;
fi
do_download "$chef_omnibus_url" /tmp/install.sh;
$sudo_sh /tmp/install.sh $install_flags;
else
echo "-----> Chef Omnibus installation detected (${pretty_version})";
fi
}
# augment path in an attempt to find a download program
PATH="${PATH}:/opt/local/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/sfw/bin";
export PATH;
main
')
D [SSH] opening connection to vagrant@127.0.0.1<{:user_known_hosts_file=>"/dev/null", :paranoid=>false, :port=>"2209", :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :keys_only=>true, :keys=>["/home/dbbroderson/projects/firewall/.kitchen/kitchen-vagrant/default-centos-69/.vagrant/machines/default/virtualbox/private_key"], :auth_methods=>["publickey"]}>
-----> Chef Omnibus installation detected (13)
D [SSH] vagrant@127.0.0.1<{:user_known_hosts_file=>"/dev/null", :paranoid=>false, :port=>"2209", :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :keys_only=>true, :keys=>["/home/dbbroderson/projects/firewall/.kitchen/kitchen-vagrant/default-centos-69/.vagrant/machines/default/virtualbox/private_key"], :auth_methods=>["publickey"], :logger=>#<Logger:0x00000000021a0b10 @level=4, @progname=nil, @default_formatter=#<Logger::Formatter:0x00000000021a0ac0 @datetime_format=nil>, @formatter=nil, @logdev=#<Logger::LogDevice:0x00000000021a09d0 @shift_period_suffix=nil, @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<IO:<STDERR>>, @mon_owner=nil, @mon_count=0, @mon_mutex=#<Thread::Mutex:0x00000000021a0980>>>, :password_prompt=>#<Net::SSH::Prompt:0x00000000021a0890>, :user=>"vagrant"}> (sh -c '
TEST_KITCHEN="1"; export TEST_KITCHEN
sudo_rm="sudo -E rm"
dirs="/tmp/kitchen/clients /tmp/kitchen/cookbooks /tmp/kitchen/data /tmp/kitchen/data_bags /tmp/kitchen/encrypted_data_bag_secret /tmp/kitchen/environments /tmp/kitchen/roles"
root_path="/tmp/kitchen"
$sudo_rm -rf $dirs
mkdir -p $root_path
')
Transferring files to <default-centos-69>
D TIMING: scp async upload (Kitchen::Transport::Ssh)
D TIMING: scp async upload (Kitchen::Transport::Ssh) took (0m2.14s)
D Transfer complete
D Attempting to execute command - try 1 of 1.
D [SSH] vagrant@127.0.0.1<{:user_known_hosts_file=>"/dev/null", :paranoid=>false, :port=>"2209", :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :keys_only=>true, :keys=>["/home/dbbroderson/projects/firewall/.kitchen/kitchen-vagrant/default-centos-69/.vagrant/machines/default/virtualbox/private_key"], :auth_methods=>["publickey"], :logger=>#<Logger:0x00000000021a0b10 @level=4, @progname=nil, @default_formatter=#<Logger::Formatter:0x00000000021a0ac0 @datetime_format=nil>, @formatter=nil, @logdev=#<Logger::LogDevice:0x00000000021a09d0 @shift_period_suffix=nil, @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<IO:<STDERR>>, @mon_owner=nil, @mon_count=0, @mon_mutex=#<Thread::Mutex:0x00000000021a0980>>>, :password_prompt=>#<Net::SSH::Prompt:0x00000000021a0890>, :user=>"vagrant"}> (sh -c '
TEST_KITCHEN="1"; export TEST_KITCHEN
sudo -E /opt/chef/bin/chef-client --local-mode --config /tmp/kitchen/client.rb --log_level auto --force-formatter --no-color --json-attributes /tmp/kitchen/dna.json --chef-zero-port 8889
')
Starting Chef Client, version 13.6.4
resolving cookbooks for run list: ["firewall::default", "firewall-test::default"]
Synchronizing Cookbooks:
- firewall (2.6.2)
- firewall-test (1.0.0)
- chef-sugar (4.0.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2018-01-30T05:31:55+00:00] WARN: chef-sugar::default no longer needs to be included in your runlist. Instead simply depend on the chef-sugar cookbook and the gem will be intalled and loaded automatically.
[2018-01-30T05:31:55+00:00] WARN: chef-sugar::default no longer needs to be included in your runlist. Instead simply depend on the chef-sugar cookbook and the gem will be intalled and loaded automatically.
Converging 27 resources
Recipe: firewall::default
* firewall[default] action install
* yum_package[iptables] action install (up to date)
* yum_package[iptables-ipv6] action install (up to date)
* service[iptables] action enable (up to date)
* service[iptables] action start
================================================================================
Error executing action `start` on resource 'service[iptables]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
Cookbook Trace:
---------------
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:57:in `block (2 levels) in action_install'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:56:in `each'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:56:in `block in action_install'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:45:in `each'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:45:in `action_install'
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb
153: iptables_service = service name do
154: action :nothing
155: end
156: end
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:153:in `rescue in lookup_or_create_service'
service("iptables") do
action [:nothing]
default_guard_interpreter :default
service_name "iptables"
enabled true
running nil
masked nil
pattern "iptables"
declared_type :service
cookbook_name "firewall"
end
System Info:
------------
chef_version=13.6.4
platform=centos
platform_version=6.9
ruby=ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux]
program_name=chef-client worker: ppid=5025;start=05:31:53;
executable=/opt/chef/bin/chef-client
================================================================================
Error executing action `install` on resource 'firewall[default]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
service[iptables] (/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb line 153) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
Cookbook Trace:
---------------
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:57:in `block (2 levels) in action_install'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:56:in `each'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:56:in `block in action_install'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:45:in `each'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:45:in `action_install'
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/firewall/recipes/default.rb
20: firewall 'default' do
21: ipv6_enabled node['firewall']['ipv6_enabled']
22: action :install
23: end
24:
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/firewall/recipes/default.rb:20:in `from_file'
firewall("default") do
action [:install]
default_guard_interpreter :default
declared_type :firewall
cookbook_name "firewall"
recipe_name "default"
ipv6_enabled true
end
System Info:
------------
chef_version=13.6.4
platform=centos
platform_version=6.9
ruby=ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux]
program_name=chef-client worker: ppid=5025;start=05:31:53;
executable=/opt/chef/bin/chef-client
Running handlers:
[2018-01-30T05:31:56+00:00] ERROR: Running exception handlers
[2018-01-30T05:31:56+00:00] ERROR: Running exception handlers
Running handlers complete
[2018-01-30T05:31:56+00:00] ERROR: Exception handlers complete
[2018-01-30T05:31:56+00:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 02 seconds
[2018-01-30T05:31:56+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2018-01-30T05:31:56+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2018-01-30T05:31:56+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-01-30T05:31:56+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-01-30T05:31:56+00:00] ERROR: firewall[default] (firewall::default line 20) had an error: Mixlib::ShellOut::ShellCommandFailed: service[iptables] (/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb line 153) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
[2018-01-30T05:31:56+00:00] ERROR: firewall[default] (firewall::default line 20) had an error: Mixlib::ShellOut::ShellCommandFailed: service[iptables] (/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb line 153) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
[2018-01-30T05:31:56+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
[2018-01-30T05:31:56+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
D Cleaning up local sandbox in /tmp/default-centos-69-sandbox-20180129-7052-s31kh
D ------Exception-------
D Class: Kitchen::ActionFailed
D Message: 1 actions failed.
>>>>>> Converge failed on instance <default-centos-69>. Please see .kitchen/logs/default-centos-69.log for more details
D ----------------------
D ------Backtrace-------
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:183:in `report_errors'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:174:in `run_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command/action.rb:36:in `block in call'
D /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command/action.rb:34:in `call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/cli.rb:53:in `perform'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/cli.rb:187:in `block (2 levels) in <class:CLI>'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/cli.rb:334:in `invoke_task'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/bin/kitchen:13:in `block in <top (required)>'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/errors.rb:171:in `with_friendly_errors'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/bin/kitchen:13:in `<top (required)>'
D /usr/bin/kitchen:267:in `load'
D /usr/bin/kitchen:267:in `<main>'
D ----End Backtrace-----
D -Composite Exception--
D Class: Kitchen::InstanceFailure
D Message: Converge failed on instance <default-centos-69>. Please see .kitchen/logs/default-centos-69.log for more details
D ----------------------
D ------Backtrace-------
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/provisioner/base.rb:83:in `rescue in call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/provisioner/base.rb:86:in `call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:384:in `block in converge_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:527:in `synchronize_or_call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:489:in `block in action'
D /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:488:in `action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:380:in `converge_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:359:in `block in transition_to'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:358:in `each'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:358:in `transition_to'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:135:in `converge'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:197:in `public_send'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:197:in `run_action_in_thread'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:169:in `block (2 levels) in run_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
D ----End Backtrace-----
D ---Nested Exception---
D Class: Kitchen::ActionFailed
D Message: SSH exited (1) for command: [sh -c '
TEST_KITCHEN="1"; export TEST_KITCHEN
sudo -E /opt/chef/bin/chef-client --local-mode --config /tmp/kitchen/client.rb --log_level auto --force-formatter --no-color --json-attributes /tmp/kitchen/dna.json --chef-zero-port 8889
']
D ----------------------
D ------Backtrace-------
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/provisioner/base.rb:83:in `rescue in call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/provisioner/base.rb:86:in `call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:384:in `block in converge_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:527:in `synchronize_or_call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:489:in `block in action'
D /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:488:in `action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:380:in `converge_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:359:in `block in transition_to'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:358:in `each'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:358:in `transition_to'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:135:in `converge'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:197:in `public_send'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:197:in `run_action_in_thread'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:169:in `block (2 levels) in run_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
D ----End Backtrace-----
-----> Starting Kitchen (v1.17.0)
D [Vagrant command] BEGIN (vagrant --version)
D [Vagrant command] END (0m0.02s)
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 library loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D [Vagrant command] BEGIN (vagrant plugin list)
D [Vagrant command] END (0m0.24s)
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D winrm requested, loading winrm gem (["~> 2.0"])
D winrm is loaded.
D winrm-fs requested, loading winrm-fs gem (["~> 1.0"])
D winrm-fs is loaded.
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
D Berksfile found at /home/dbbroderson/projects/firewall/Berksfile, loading Berkshelf
D Berkshelf 6.3.1 previously loaded
-----> Converging <default-centos-69>...
Preparing files for transfer
D Creating local sandbox in /tmp/default-centos-69-sandbox-20180129-7448-c9nvy3
Preparing dna.json
D Creating dna.json from {:firewall=>{:allow_ssh=>true, :allow_winrm=>true, :allow_mosh=>true, :allow_loopback=>true, :allow_icmp=>true, :firewalld=>{:permanent=>true}}, :run_list=>["recipe[firewall::default]", "recipe[firewall-test::default]"]}
Resolving cookbook dependencies with Berkshelf 6.3.1...
D Using Berksfile from /home/dbbroderson/projects/firewall/Berksfile
Removing non-cookbook files before transfer
Preparing validation.pem
D Using a dummy validation.pem
Preparing client.rb
D Creating client.rb from {:node_name=>"default-centos-69", :checksum_path=>"/tmp/kitchen/checksums", :file_cache_path=>"/tmp/kitchen/cache", :file_backup_path=>"/tmp/kitchen/backup", :cookbook_path=>["/tmp/kitchen/cookbooks", "/tmp/kitchen/site-cookbooks"], :data_bag_path=>"/tmp/kitchen/data_bags", :environment_path=>"/tmp/kitchen/environments", :node_path=>"/tmp/kitchen/nodes", :role_path=>"/tmp/kitchen/roles", :client_path=>"/tmp/kitchen/clients", :user_path=>"/tmp/kitchen/users", :validation_key=>"/tmp/kitchen/validation.pem", :client_key=>"/tmp/kitchen/client.pem", :chef_server_url=>"http://127.0.0.1:8889", :encrypted_data_bag_secret=>"/tmp/kitchen/encrypted_data_bag_secret", :treat_deprecation_warnings_as_errors=>false, :named_run_list=>{}}
D [SSH] vagrant@127.0.0.1<{:user_known_hosts_file=>"/dev/null", :paranoid=>false, :port=>"2209", :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :keys_only=>true, :keys=>["/home/dbbroderson/projects/firewall/.kitchen/kitchen-vagrant/default-centos-69/.vagrant/machines/default/virtualbox/private_key"], :auth_methods=>["publickey"]}> (sudo -E sh -c '
chef_omnibus_root="/opt/chef"
chef_omnibus_url="https://omnitruck.chef.io/install.sh"
install_flags="-d /tmp/omnibus/cache"
pretty_version="always install latest version"
sudo_sh="sudo -E sh"
version="latest"
tmp_stderr="/tmp/stderr";
# capture_tmp_stderr SOURCE
capture_tmp_stderr() {
# spool up $tmp_stderr from all the commands we called
if test -f "$tmp_stderr"; then
output="`cat $tmp_stderr`";
stderr_results="${stderr_results}\nSTDERR from $1:\n\n${output}\n";
rm $tmp_stderr;
fi
}
# do_curl URL FILENAME
do_curl() {
echo "Trying curl...";
curl -sL -D "$tmp_stderr" "$1" > "$2";
ec=$?;
# check for 404
grep "404 Not Found" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "curl";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# do_download URL FILENAME
do_download() {
echo "Downloading ${1} to file ${2}";
exists wget;
if test $? -eq 0; then
do_wget "$1" "$2" && return 0;
fi
exists curl;
if test $? -eq 0; then
do_curl "$1" "$2" && return 0;
fi
exists fetch;
if test $? -eq 0; then
do_fetch "$1" "$2" && return 0;
fi
exists python;
if test $? -eq 0; then
do_python "$1" "$2" && return 0;
fi
exists perl;
if test $? -eq 0; then
do_perl "$1" "$2" && return 0;
fi
unable_to_download "$1" "$2";
}
# do_fetch URL FILENAME
do_fetch() {
echo "Trying fetch...";
fetch -o "$2" "$1" 2>"$tmp_stderr";
ec=$?;
# check for 404
grep "Not Found" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "fetch";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# do_perl URL FILENAME
do_perl() {
echo "Trying perl...";
perl -e "use LWP::Simple; getprint(\$ARGV[0]);" "$1" > "$2" 2>"$tmp_stderr";
ec=$?;
# check for 404
grep "404 Not Found" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "perl";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# do_python URL FILENAME
do_python() {
echo "Trying python...";
python -c "import sys,urllib2 ; sys.stdout.write(urllib2.urlopen(sys.argv[1]).read())" "$1" > "$2" 2>"$tmp_stderr";
ec=$?;
# check for 404
grep "HTTP Error 404" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "python";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# do_wget URL FILENAME
do_wget() {
echo "Trying wget...";
wget -O "$2" "$1" 2>"$tmp_stderr";
ec=$?;
# check for 404
grep "ERROR 404" "$tmp_stderr" 2>&1 >/dev/null;
if test $? -eq 0; then
http_404_error "$1";
fi
# check for bad return status or empty output
if test $ec -ne 0 || test ! -s "$2"; then
capture_tmp_stderr "wget";
return 1;
else
echo "Download complete.";
return 0;
fi
}
# exists COMMAND
exists() {
if command -v "$1" >/dev/null 2>&1; then
return 0;
else
return 1;
fi
}
# http_404_error URL
http_404_error() {
echo ">>>>>> Downloading ${1} resulted in an HTTP/404, aborting";
exit 40;
}
# should_update_chef ROOT VERSION
should_update_chef() {
if test ! -d "$1"; then
return 0;
elif test "$2" = "true"; then
return 1;
elif test "$2" = "latest"; then
return 0;
fi
if test -f "${1}/version-manifest.txt"; then
chef_version="`head -n 1 ${1}/version-manifest.txt | cut -d \" \" -f 2`";
else
chef_version="`${1}/bin/chef-solo -v | cut -d \" \" -f 2`";
fi
echo "$chef_version" | grep "^${2}" 2>&1 >/dev/null;
if test $? -eq 0; then
return 1;
else
echo "${2}" | grep "^$chef_version" 2>&1 >/dev/null;
if test $? -eq 0; then
return 1;
else
return 0;
fi
fi
}
# unable_to_download URL FILE
unable_to_download() {
echo "Unable to download $1 to $2, aborting";
if test "x${stderr_results}" != "x"; then
echo "\nDEBUG OUTPUT FOLLOWS:\n${stderr_results}";
fi
exit 10;
}
# main
main() {
should_update_chef "$chef_omnibus_root" "$version"
if test $? -eq 0; then
echo "-----> Installing Chef Omnibus (${pretty_version})";
# solaris 10 lacks recent enough credentials, so http url is used
platform="`/usr/bin/uname -s 2>/dev/null`";
platform_version="`/usr/bin/uname -r 2>/dev/null`";
if test "x${platform}" = "xSunOS" && test "x${platform_version}" = "x5.10"; then
chef_omnibus_url=`echo "$chef_omnibus_url" | sed -e "s/https/http/"`;
fi
do_download "$chef_omnibus_url" /tmp/install.sh;
$sudo_sh /tmp/install.sh $install_flags;
else
echo "-----> Chef Omnibus installation detected (${pretty_version})";
fi
}
# augment path in an attempt to find a download program
PATH="${PATH}:/opt/local/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/sfw/bin";
export PATH;
main
')
D [SSH] opening connection to vagrant@127.0.0.1<{:user_known_hosts_file=>"/dev/null", :paranoid=>false, :port=>"2209", :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :keys_only=>true, :keys=>["/home/dbbroderson/projects/firewall/.kitchen/kitchen-vagrant/default-centos-69/.vagrant/machines/default/virtualbox/private_key"], :auth_methods=>["publickey"]}>
-----> Installing Chef Omnibus (always install latest version)
Downloading https://omnitruck.chef.io/install.sh to file /tmp/install.sh
Trying wget...
Download complete.
el 6 x86_64
Getting information for chef stable for el...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=6&m=x86_64
to file /tmp/install.sh.5358/metadata.txt
trying wget...
sha1 3e9ee02bf311f1c4a6280eca019211f58b79da73
sha256 4aa242cf15dc0ac083c22c99b58027cea0faa52a0ee9895fe0ec9a07cd539f57
url https://packages.chef.io/files/stable/chef/13.7.16/el/6/chef-13.7.16-1.el6.x86_64.rpm
version 13.7.16
downloaded metadata file looks valid...
/tmp/omnibus/cache/chef-13.7.16-1.el6.x86_64.rpm exists
Comparing checksum with sha256sum...
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing chef
installing with rpm...
warning: /tmp/omnibus/cache/chef-13.7.16-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ( 50%)# ( 50%)## ( 50%)### ( 50%)#### ( 50%)##### ( 50%)###### ( 50%)####### ( 50%)######## ( 50%)######### ( 50%)########## ( 50%)########### ( 50%)############ ( 50%)############# ( 50%)############## ( 50%)############### ( 50%)################ ( 50%)################# ( 50%)################## ( 50%)################### ( 50%)#################### ( 50%)##################### ( 50%)###################### (100%)####################### (100%)######################## (100%)######################### (100%)########################## (100%)########################### (100%)############################ (100%)############################# (100%)############################## (100%)############################### (100%)################################ (100%)################################# (100%)################################## (100%)################################### (100%)#################################### (100%)##################################### (100%)###################################### (100%)####################################### (100%)######################################## (100%)######################################### (100%)########################################## (100%)########################################### (100%)########################################### [100%]
1:chef ( 1%)# ( 3%)## ( 6%)### ( 8%)#### ( 10%)##### ( 13%)###### ( 15%)####### ( 17%)######## ( 19%)######### ( 22%)########## ( 24%)########### ( 26%)############ ( 28%)############# ( 31%)############## ( 33%)############### ( 35%)################ ( 38%)################# ( 40%)################## ( 42%)################### ( 44%)#################### ( 47%)##################### ( 49%)###################### ( 51%)####################### ( 53%)######################## ( 56%)######################### ( 58%)########################## ( 60%)########################### ( 63%)############################ ( 65%)############################# ( 67%)############################## ( 69%)############################### ( 72%)################################ ( 74%)################################# ( 76%)################################## ( 78%)################################### ( 81%)#################################### ( 83%)##################################### ( 85%)###################################### ( 88%)####################################### ( 90%)######################################## ( 92%)######################################### ( 94%)########################################## ( 97%)########################################### ( 99%)########################################### [100%]
Thank you for installing Chef!
D [SSH] vagrant@127.0.0.1<{:user_known_hosts_file=>"/dev/null", :paranoid=>false, :port=>"2209", :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :keys_only=>true, :keys=>["/home/dbbroderson/projects/firewall/.kitchen/kitchen-vagrant/default-centos-69/.vagrant/machines/default/virtualbox/private_key"], :auth_methods=>["publickey"], :logger=>#<Logger:0x0000000003465048 @level=4, @progname=nil, @default_formatter=#<Logger::Formatter:0x0000000003464f80 @datetime_format=nil>, @formatter=nil, @logdev=#<Logger::LogDevice:0x0000000003464f30 @shift_period_suffix=nil, @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<IO:<STDERR>>, @mon_owner=nil, @mon_count=0, @mon_mutex=#<Thread::Mutex:0x0000000003464df0>>>, :password_prompt=>#<Net::SSH::Prompt:0x0000000003464d50>, :user=>"vagrant"}> (sh -c '
TEST_KITCHEN="1"; export TEST_KITCHEN
sudo_rm="sudo -E rm"
dirs="/tmp/kitchen/clients /tmp/kitchen/cookbooks /tmp/kitchen/data /tmp/kitchen/data_bags /tmp/kitchen/encrypted_data_bag_secret /tmp/kitchen/environments /tmp/kitchen/roles"
root_path="/tmp/kitchen"
$sudo_rm -rf $dirs
mkdir -p $root_path
')
Transferring files to <default-centos-69>
D TIMING: scp async upload (Kitchen::Transport::Ssh)
D TIMING: scp async upload (Kitchen::Transport::Ssh) took (0m2.16s)
D Transfer complete
D Attempting to execute command - try 1 of 1.
D [SSH] vagrant@127.0.0.1<{:user_known_hosts_file=>"/dev/null", :paranoid=>false, :port=>"2209", :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :keys_only=>true, :keys=>["/home/dbbroderson/projects/firewall/.kitchen/kitchen-vagrant/default-centos-69/.vagrant/machines/default/virtualbox/private_key"], :auth_methods=>["publickey"], :logger=>#<Logger:0x0000000003465048 @level=4, @progname=nil, @default_formatter=#<Logger::Formatter:0x0000000003464f80 @datetime_format=nil>, @formatter=nil, @logdev=#<Logger::LogDevice:0x0000000003464f30 @shift_period_suffix=nil, @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<IO:<STDERR>>, @mon_owner=nil, @mon_count=0, @mon_mutex=#<Thread::Mutex:0x0000000003464df0>>>, :password_prompt=>#<Net::SSH::Prompt:0x0000000003464d50>, :user=>"vagrant"}> (sh -c '
TEST_KITCHEN="1"; export TEST_KITCHEN
sudo -E /opt/chef/bin/chef-client --local-mode --config /tmp/kitchen/client.rb --log_level auto --force-formatter --no-color --json-attributes /tmp/kitchen/dna.json --chef-zero-port 8889
')
Starting Chef Client, version 13.7.16
resolving cookbooks for run list: ["firewall::default", "firewall-test::default"]
Synchronizing Cookbooks:
- firewall (2.6.2)
- firewall-test (1.0.0)
- chef-sugar (4.0.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2018-01-30T05:33:03+00:00] WARN: chef-sugar::default no longer needs to be included in your runlist. Instead simply depend on the chef-sugar cookbook and the gem will be intalled and loaded automatically.
Converging 27 resources
Recipe: firewall::default
* firewall[default] action install
* yum_package[iptables] action install (up to date)
* yum_package[iptables-ipv6] action install (up to date)
* service[iptables] action enable (up to date)
* service[iptables] action start
================================================================================
Error executing action `start` on resource 'service[iptables]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
Cookbook Trace:
---------------
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:57:in `block (2 levels) in action_install'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:56:in `each'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:56:in `block in action_install'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:45:in `each'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:45:in `action_install'
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb
153: iptables_service = service name do
154: action :nothing
155: end
156: end
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:153:in `rescue in lookup_or_create_service'
service("iptables") do
action [:nothing]
default_guard_interpreter :default
service_name "iptables"
enabled true
running nil
masked nil
pattern "iptables"
declared_type :service
cookbook_name "firewall"
end
System Info:
------------
chef_version=13.7.16
platform=centos
platform_version=6.9
ruby=ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
program_name=chef-client worker: ppid=5468;start=05:33:01;
executable=/opt/chef/bin/chef-client
================================================================================
Error executing action `install` on resource 'firewall[default]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
service[iptables] (/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb line 153) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
Cookbook Trace:
---------------
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:57:in `block (2 levels) in action_install'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:56:in `each'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:56:in `block in action_install'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:45:in `each'
/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:45:in `action_install'
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/firewall/recipes/default.rb
20: firewall 'default' do
21: ipv6_enabled node['firewall']['ipv6_enabled']
22: action :install
23: end
24:
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/firewall/recipes/default.rb:20:in `from_file'
firewall("default") do
action [:install]
default_guard_interpreter :default
declared_type :firewall
cookbook_name "firewall"
recipe_name "default"
ipv6_enabled true
end
System Info:
------------
chef_version=13.7.16
platform=centos
platform_version=6.9
ruby=ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
program_name=chef-client worker: ppid=5468;start=05:33:01;
executable=/opt/chef/bin/chef-client
Running handlers:
[2018-01-30T05:33:04+00:00] ERROR: Running exception handlers
Running handlers complete
[2018-01-30T05:33:04+00:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 03 seconds
[2018-01-30T05:33:04+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2018-01-30T05:33:04+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-01-30T05:33:04+00:00] ERROR: firewall[default] (firewall::default line 20) had an error: Mixlib::ShellOut::ShellCommandFailed: service[iptables] (/tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb line 153) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
[2018-01-30T05:33:04+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
D Cleaning up local sandbox in /tmp/default-centos-69-sandbox-20180129-7448-c9nvy3
D ------Exception-------
D Class: Kitchen::ActionFailed
D Message: 1 actions failed.
>>>>>> Converge failed on instance <default-centos-69>. Please see .kitchen/logs/default-centos-69.log for more details
D ----------------------
D ------Backtrace-------
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:183:in `report_errors'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:174:in `run_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command/action.rb:36:in `block in call'
D /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command/action.rb:34:in `call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/cli.rb:53:in `perform'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/cli.rb:187:in `block (2 levels) in <class:CLI>'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/cli.rb:334:in `invoke_task'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/bin/kitchen:13:in `block in <top (required)>'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/errors.rb:171:in `with_friendly_errors'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/bin/kitchen:13:in `<top (required)>'
D /usr/bin/kitchen:267:in `load'
D /usr/bin/kitchen:267:in `<main>'
D ----End Backtrace-----
D -Composite Exception--
D Class: Kitchen::InstanceFailure
D Message: Converge failed on instance <default-centos-69>. Please see .kitchen/logs/default-centos-69.log for more details
D ----------------------
D ------Backtrace-------
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/provisioner/base.rb:83:in `rescue in call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/provisioner/base.rb:86:in `call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:384:in `block in converge_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:527:in `synchronize_or_call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:489:in `block in action'
D /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:488:in `action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:380:in `converge_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:359:in `block in transition_to'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:358:in `each'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:358:in `transition_to'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:135:in `converge'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:197:in `public_send'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:197:in `run_action_in_thread'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:169:in `block (2 levels) in run_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
D ----End Backtrace-----
D ---Nested Exception---
D Class: Kitchen::ActionFailed
D Message: SSH exited (1) for command: [sh -c '
TEST_KITCHEN="1"; export TEST_KITCHEN
sudo -E /opt/chef/bin/chef-client --local-mode --config /tmp/kitchen/client.rb --log_level auto --force-formatter --no-color --json-attributes /tmp/kitchen/dna.json --chef-zero-port 8889
']
D ----------------------
D ------Backtrace-------
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/provisioner/base.rb:83:in `rescue in call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/provisioner/base.rb:86:in `call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:384:in `block in converge_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:527:in `synchronize_or_call'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:489:in `block in action'
D /opt/chefdk/embedded/lib/ruby/2.4.0/benchmark.rb:293:in `measure'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:488:in `action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:380:in `converge_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:359:in `block in transition_to'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:358:in `each'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:358:in `transition_to'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/instance.rb:135:in `converge'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:197:in `public_send'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:197:in `run_action_in_thread'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/test-kitchen-1.17.0/lib/kitchen/command.rb:169:in `block (2 levels) in run_action'
D /opt/chefdk/embedded/lib/ruby/gems/2.4.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
D ----End Backtrace-----
-----> Starting Kitchen (v1.17.0)
-----> Converging <default-centos-69>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 6.3.1...
Removing non-cookbook files before transfer
Preparing validation.pem
Preparing client.rb
-----> Installing Chef Omnibus (always install latest version)
Downloading https://omnitruck.chef.io/install.sh to file /tmp/install.sh
Trying wget...
Download complete.
el 6 x86_64
Getting information for chef stable for el...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=6&m=x86_64
to file /tmp/install.sh.3778/metadata.txt
trying wget...
sha1 3e9ee02bf311f1c4a6280eca019211f58b79da73
sha256 4aa242cf15dc0ac083c22c99b58027cea0faa52a0ee9895fe0ec9a07cd539f57
url https://packages.chef.io/files/stable/chef/13.7.16/el/6/chef-13.7.16-1.el6.x86_64.rpm
version 13.7.16
downloaded metadata file looks valid...
/tmp/omnibus/cache/chef-13.7.16-1.el6.x86_64.rpm exists
Comparing checksum with sha256sum...
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing chef
installing with rpm...
warning: /tmp/omnibus/cache/chef-13.7.16-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ( 50%)# ( 50%)## ( 50%)### ( 50%)#### ( 50%)##### ( 50%)###### ( 50%)####### ( 50%)######## ( 50%)######### ( 50%)########## ( 50%)########### ( 50%)############ ( 50%)############# ( 50%)############## ( 50%)############### ( 50%)################ ( 50%)################# ( 50%)################## ( 50%)################### ( 50%)#################### ( 50%)##################### ( 50%)###################### (100%)####################### (100%)######################## (100%)######################### (100%)########################## (100%)########################### (100%)############################ (100%)############################# (100%)############################## (100%)############################### (100%)################################ (100%)################################# (100%)################################## (100%)################################### (100%)#################################### (100%)##################################### (100%)###################################### (100%)####################################### (100%)######################################## (100%)######################################### (100%)########################################## (100%)########################################### (100%)########################################### [100%]
1:chef ( 1%)# ( 3%)## ( 6%)### ( 8%)#### ( 10%)##### ( 13%)###### ( 15%)####### ( 17%)######## ( 19%)######### ( 22%)########## ( 24%)########### ( 26%)############ ( 28%)############# ( 31%)############## ( 33%)############### ( 35%)################ ( 38%)################# ( 40%)################## ( 42%)################### ( 44%)#################### ( 47%)##################### ( 49%)###################### ( 51%)####################### ( 53%)######################## ( 56%)######################### ( 58%)########################## ( 60%)########################### ( 63%)############################ ( 65%)############################# ( 67%)############################## ( 69%)############################### ( 72%)################################ ( 74%)################################# ( 76%)################################## ( 78%)################################### ( 81%)#################################### ( 83%)##################################### ( 85%)###################################### ( 88%)####################################### ( 90%)######################################## ( 92%)######################################### ( 94%)########################################## ( 97%)########################################### ( 99%)########################################### [100%]
Thank you for installing Chef!
Transferring files to <default-centos-69>
Starting Chef Client, version 13.7.16
resolving cookbooks for run list: ["firewall::default", "firewall-test::default"]
Synchronizing Cookbooks:
- firewall (2.6.2)
- firewall-test (1.0.0)
- chef-sugar (4.0.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2018-01-30T06:03:03+00:00] WARN: chef-sugar::default no longer needs to be included in your runlist. Instead simply depend on the chef-sugar cookbook and the gem will be intalled and loaded automatically.
Converging 27 resources
Recipe: firewall::default
* firewall[default] action install
* yum_package[iptables] action install (up to date)
* yum_package[iptables-ipv6] action install (up to date)
* service[iptables] action enable (up to date)
* service[iptables] action start (up to date)
* service[ip6tables] action enable (up to date)
* service[ip6tables] action start (up to date)
(up to date)
* yum_package[iptables] action nothing (skipped due to action :nothing)
* yum_package[iptables-ipv6] action nothing (skipped due to action :nothing)
* service[iptables] action nothing (skipped due to action :nothing)
* service[ip6tables] action nothing (skipped due to action :nothing)
* firewall_rule[allow loopback] action create
* firewall_rule[allow icmp] action create
* firewall_rule[allow world to ssh] action create
* firewall_rule[allow world to winrm] action create (skipped due to only_if)
* firewall_rule[allow world to mosh] action create
* firewall_rule[established] action create
* firewall_rule[ipv6_icmp] action create
Recipe: firewall-test::default
* firewall_rule[ssh22] action create
* firewall_rule[ssh2222] action create
* firewall_rule[temp1] action create
* firewall_rule[temp2] action create
* firewall_rule[addremove] action create
* firewall_rule[addremove2] action create
* firewall_rule[protocolnum] action create
* firewall_rule[prepend] action create
* firewall_rule[duplicate0] action create
* firewall_rule[duplicate0] action create
* firewall_rule[duplicate1] action create
* firewall_rule[duplicate1] action create
* firewall_rule[block-192.168.99.99] action create
* firewall_rule[ipv6-source] action create
* firewall_rule[range] action create
* firewall_rule[array] action create
* firewall_rule[ufw raw test] action create (skipped due to only_if)
* firewall_rule[RPC Port Range In] action create
* firewall_rule[HTTP HTTPS] action create
Recipe: firewall::default
* firewall[default] action restart
(skipped due to only_if)
(skipped due to only_if)
* file[/etc/sysconfig/iptables] action create
- update content in file /etc/sysconfig/iptables from e3f97f to 01ff27
--- /etc/sysconfig/iptables 2018-01-30 06:01:40.590785436 +0000
+++ /etc/sysconfig/.chef-iptables20180130-3893-1osptlr 2018-01-30 06:03:04.712825443 +0000
@@ -1,11 +1,3 @@
-# position 1
-*filter
-# position 2
-:INPUT DROP
-# position 3
-:FORWARD DROP
-# position 4
-:OUTPUT ACCEPT
# position 5
-A INPUT -p tcp -m tcp -m multiport --dports 7788 -m comment --comment "prepend" -j ACCEPT
# position 49
@@ -29,6 +21,4 @@
-A INPUT -p tcp -m tcp -m multiport --dports 1234,5000:5100,5678 -m comment --comment "array" -j ACCEPT
-A INPUT -p tcp -m tcp -m multiport --dports 5000:5100 -m comment --comment "RPC Port Range In" -j ACCEPT
-A OUTPUT -p tcp -m tcp -m multiport --dports 443,80 -m comment --comment "HTTP HTTPS" -j ACCEPT
-# position 100
-COMMIT
- restore selinux security context
* file[/etc/sysconfig/ip6tables] action create
- update content in file /etc/sysconfig/ip6tables from 7e942e to a190bb
--- /etc/sysconfig/ip6tables 2018-01-30 06:01:40.677828933 +0000
+++ /etc/sysconfig/.chef-ip6tables20180130-3893-1ph63sj 2018-01-30 06:03:04.812875435 +0000
@@ -1,11 +1,3 @@
-# position 1
-*filter
-# position 2
-:INPUT DROP
-# position 3
-:FORWARD DROP
-# position 4
-:OUTPUT ACCEPT
# position 5
-A INPUT -p tcp -m tcp -m multiport --dports 7788 -m comment --comment "prepend" -j ACCEPT
# position 50
@@ -27,6 +19,4 @@
-A INPUT -p tcp -m tcp -m multiport --dports 1234,5000:5100,5678 -m comment --comment "array" -j ACCEPT
-A INPUT -p tcp -m tcp -m multiport --dports 5000:5100 -m comment --comment "RPC Port Range In" -j ACCEPT
-A OUTPUT -p tcp -m tcp -m multiport --dports 443,80 -m comment --comment "HTTP HTTPS" -j ACCEPT
-# position 100
-COMMIT
- restore selinux security context
* service[iptables] action restart
================================================================================
Error executing action `restart` on resource 'service[iptables]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb
153: iptables_service = service name do
154: action :nothing
155: end
156: end
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:153:in `rescue in lookup_or_create_service'
service("iptables") do
action [:nothing]
default_guard_interpreter :default
service_name "iptables"
enabled nil
running nil
masked nil
pattern "iptables"
declared_type :service
cookbook_name "firewall"
end
System Info:
------------
chef_version=13.7.16
platform=centos
platform_version=6.9
ruby=ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
program_name=chef-client worker: ppid=3888;start=06:03:01;
executable=/opt/chef/bin/chef-client
* service[ip6tables] action restart
================================================================================
Error executing action `restart` on resource 'service[ip6tables]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service ip6tables start ----
STDOUT: ip6tables: Applying firewall rules: [FAILED]
STDERR: ip6tables-restore: line 2 failed
---- End output of /sbin/service ip6tables start ----
Ran /sbin/service ip6tables start returned 1
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb
153: iptables_service = service name do
154: action :nothing
155: end
156: end
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:153:in `rescue in lookup_or_create_service'
service("ip6tables") do
action [:nothing]
default_guard_interpreter :default
service_name "ip6tables"
enabled nil
running nil
masked nil
pattern "ip6tables"
declared_type :service
cookbook_name "firewall"
end
System Info:
------------
chef_version=13.7.16
platform=centos
platform_version=6.9
ruby=ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
program_name=chef-client worker: ppid=3888;start=06:03:01;
executable=/opt/chef/bin/chef-client
Running handlers:
[2018-01-30T06:03:07+00:00] ERROR: Running exception handlers
Running handlers complete
[2018-01-30T06:03:07+00:00] ERROR: Exception handlers complete
Chef Client failed. 27 resources updated in 05 seconds
[2018-01-30T06:03:07+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2018-01-30T06:03:07+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-01-30T06:03:07+00:00] ERROR: Chef::Exceptions::MultipleFailures
[2018-01-30T06:03:07+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
-----> Starting Kitchen (v1.17.0)
-----> Creating <default-centos-69>...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'bento/centos-6.9'...
Progress: 10%
Progress: 30%
Progress: 40%
Progress: 50%
Progress: 60%
Progress: 90%
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'bento/centos-6.9' is up to date...
==> default: A newer version of the box 'bento/centos-6.9' is available! You currently
==> default: have version '201710.25.0'. The latest is version '201801.02.0'. Run
==> default: `vagrant box update` to update.
==> default: Setting the name of the VM: default-centos-69_default_1517290487565_32149
==> default: Fixed port collision for 22 => 2222. Now on port 2209.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2209 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2209
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection reset. Retrying...
default: Warning: Remote connection disconnect. Retrying...
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 5.1.30
default: VirtualBox Version: 5.2
==> default: Setting hostname...
==> default: Mounting shared folders...
default: /tmp/omnibus/cache => /home/dbbroderson/.kitchen/cache
==> default: Machine not provisioned because `--no-provision` is specified.
[SSH] Established
Vagrant instance <default-centos-69> created.
Finished creating <default-centos-69> (0m43.76s).
-----> Converging <default-centos-69>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 6.3.1...
Removing non-cookbook files before transfer
Preparing validation.pem
Preparing client.rb
-----> Installing Chef Omnibus (always install latest version)
Downloading https://omnitruck.chef.io/install.sh to file /tmp/install.sh
Trying wget...
Download complete.
el 6 x86_64
Getting information for chef stable for el...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=6&m=x86_64
to file /tmp/install.sh.2951/metadata.txt
trying wget...
sha1 3e9ee02bf311f1c4a6280eca019211f58b79da73
sha256 4aa242cf15dc0ac083c22c99b58027cea0faa52a0ee9895fe0ec9a07cd539f57
url https://packages.chef.io/files/stable/chef/13.7.16/el/6/chef-13.7.16-1.el6.x86_64.rpm
version 13.7.16
downloaded metadata file looks valid...
/tmp/omnibus/cache/chef-13.7.16-1.el6.x86_64.rpm exists
Comparing checksum with sha256sum...
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing chef
installing with rpm...
warning: /tmp/omnibus/cache/chef-13.7.16-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... (100%)# (100%)## (100%)### (100%)#### (100%)##### (100%)###### (100%)####### (100%)######## (100%)######### (100%)########## (100%)########### (100%)############ (100%)############# (100%)############## (100%)############### (100%)################ (100%)################# (100%)################## (100%)################### (100%)#################### (100%)##################### (100%)###################### (100%)####################### (100%)######################## (100%)######################### (100%)########################## (100%)########################### (100%)############################ (100%)############################# (100%)############################## (100%)############################### (100%)################################ (100%)################################# (100%)################################## (100%)################################### (100%)#################################### (100%)##################################### (100%)###################################### (100%)####################################### (100%)######################################## (100%)######################################### (100%)########################################## (100%)########################################### (100%)########################################### [100%]
1:chef ( 1%)# ( 3%)## ( 6%)### ( 8%)#### ( 10%)##### ( 13%)###### ( 15%)####### ( 17%)######## ( 19%)######### ( 22%)########## ( 24%)########### ( 26%)############ ( 28%)############# ( 31%)############## ( 33%)############### ( 35%)################ ( 38%)################# ( 40%)################## ( 42%)################### ( 44%)#################### ( 47%)##################### ( 49%)###################### ( 51%)####################### ( 53%)######################## ( 56%)######################### ( 58%)########################## ( 60%)########################### ( 63%)############################ ( 65%)############################# ( 67%)############################## ( 69%)############################### ( 72%)################################ ( 74%)################################# ( 76%)################################## ( 78%)################################### ( 81%)#################################### ( 83%)##################################### ( 85%)###################################### ( 88%)####################################### ( 90%)######################################## ( 92%)######################################### ( 94%)########################################## ( 97%)########################################### ( 99%)########################################### [100%]
Thank you for installing Chef!
Transferring files to <default-centos-69>
Starting Chef Client, version 13.7.16
Creating a new client identity for default-centos-69 using the validator key.
resolving cookbooks for run list: ["firewall::default", "firewall-test::default"]
Synchronizing Cookbooks:
- firewall-test (1.0.0)
- chef-sugar (4.0.0)
- firewall (2.6.2)
Installing Cookbook Gems:
Compiling Cookbooks...
[2018-01-30T05:35:35+00:00] WARN: chef-sugar::default no longer needs to be included in your runlist. Instead simply depend on the chef-sugar cookbook and the gem will be intalled and loaded automatically.
Converging 27 resources
Recipe: firewall::default
* firewall[default] action install
* yum_package[iptables] action install (up to date)
* yum_package[iptables-ipv6] action install (up to date)
* file[/etc/sysconfig/iptables] action create
- create new file /etc/sysconfig/iptables
- update content in file /etc/sysconfig/iptables from none to fa85ee
--- /etc/sysconfig/iptables 2018-01-30 05:35:39.714349070 +0000
+++ /etc/sysconfig/.chef-iptables20180130-3061-9xgscf 2018-01-30 05:35:39.714349070 +0000
@@ -1 +1,2 @@
+# created by chef to allow service to start
- restore selinux security context
* service[iptables] action enable (up to date)
* service[iptables] action start
- start service service[iptables]
* file[/etc/sysconfig/ip6tables] action create
- create new file /etc/sysconfig/ip6tables
- update content in file /etc/sysconfig/ip6tables from none to fa85ee
--- /etc/sysconfig/ip6tables 2018-01-30 05:35:39.977480585 +0000
+++ /etc/sysconfig/.chef-ip6tables20180130-3061-j8de3b 2018-01-30 05:35:39.977480585 +0000
@@ -1 +1,2 @@
+# created by chef to allow service to start
- restore selinux security context
* service[ip6tables] action enable (up to date)
* service[ip6tables] action start
- start service service[ip6tables]
* yum_package[iptables] action nothing (skipped due to action :nothing)
* yum_package[iptables-ipv6] action nothing (skipped due to action :nothing)
* file[/etc/sysconfig/iptables] action nothing (skipped due to action :nothing)
* service[iptables] action nothing (skipped due to action :nothing)
* file[/etc/sysconfig/ip6tables] action nothing (skipped due to action :nothing)
* service[ip6tables] action nothing (skipped due to action :nothing)
* firewall_rule[allow loopback] action create
* firewall_rule[allow icmp] action create
* firewall_rule[allow world to ssh] action create
* firewall_rule[allow world to winrm] action create (skipped due to only_if)
* firewall_rule[allow world to mosh] action create
* firewall_rule[established] action create
* firewall_rule[ipv6_icmp] action create
Recipe: firewall-test::default
* firewall_rule[ssh22] action create
* firewall_rule[ssh2222] action create
* firewall_rule[temp1] action create
* firewall_rule[temp2] action create
* firewall_rule[addremove] action create
* firewall_rule[addremove2] action create
* firewall_rule[protocolnum] action create
* firewall_rule[prepend] action create
* firewall_rule[duplicate0] action create
* firewall_rule[duplicate0] action create
* firewall_rule[duplicate1] action create
* firewall_rule[duplicate1] action create
* firewall_rule[block-192.168.99.99] action create
* firewall_rule[ipv6-source] action create
* firewall_rule[range] action create
* firewall_rule[array] action create
* firewall_rule[ufw raw test] action create (skipped due to only_if)
* firewall_rule[RPC Port Range In] action create
* firewall_rule[HTTP HTTPS] action create
Recipe: firewall::default
* firewall[default] action restart
(skipped due to only_if)
(skipped due to only_if)
* file[/etc/sysconfig/iptables] action create
- update content in file /etc/sysconfig/iptables from fa85ee to 01ff27
--- /etc/sysconfig/iptables 2018-01-30 05:35:39.714349070 +0000
+++ /etc/sysconfig/.chef-iptables20180130-3061-1deln1x 2018-01-30 05:35:40.324654100 +0000
@@ -1,2 +1,24 @@
-# created by chef to allow service to start
+# position 5
+-A INPUT -p tcp -m tcp -m multiport --dports 7788 -m comment --comment "prepend" -j ACCEPT
+# position 49
+-A INPUT -s 192.168.99.99/32 -p tcp -m tcp -m comment --comment "block-192.168.99.99" -j REJECT
+# position 50
+-A INPUT -i lo -m comment --comment "allow loopback" -j ACCEPT
+-A INPUT -p icmp -m comment --comment "allow icmp" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 22 -m comment --comment "allow world to ssh" -j ACCEPT
+-A INPUT -p udp -m multiport --dports 60000:61000 -m comment --comment "allow world to mosh" -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "established" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 22 -m comment --comment "ssh22" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 2200,2222 -m comment --comment "ssh2222" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1234 -m comment --comment "temp1" -j DROP
+-A INPUT -p tcp -m tcp -m multiport --dports 1235 -m comment --comment "temp2" -j REJECT
+-A INPUT -p tcp -m tcp -m multiport --dports 1236 -m comment --comment "addremove" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1236 -m comment --comment "addremove2" -j DROP
+-A INPUT -p 112 -m comment --comment "protocolnum" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1111 -m comment --comment "same comment" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 5431,5432 -m comment --comment "same comment" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1000:1100 -m comment --comment "range" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1234,5000:5100,5678 -m comment --comment "array" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 5000:5100 -m comment --comment "RPC Port Range In" -j ACCEPT
+-A OUTPUT -p tcp -m tcp -m multiport --dports 443,80 -m comment --comment "HTTP HTTPS" -j ACCEPT
- restore selinux security context
* file[/etc/sysconfig/ip6tables] action create
- update content in file /etc/sysconfig/ip6tables from fa85ee to a190bb
--- /etc/sysconfig/ip6tables 2018-01-30 05:35:39.977480585 +0000
+++ /etc/sysconfig/.chef-ip6tables20180130-3061-4j4wu9 2018-01-30 05:35:40.396690080 +0000
@@ -1,2 +1,22 @@
-# created by chef to allow service to start
+# position 5
+-A INPUT -p tcp -m tcp -m multiport --dports 7788 -m comment --comment "prepend" -j ACCEPT
+# position 50
+-A INPUT -i lo -m comment --comment "allow loopback" -j ACCEPT
+-A INPUT -p icmp -m comment --comment "allow icmp" -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "established" -j ACCEPT
+-A INPUT -p ipv6-icmp -m comment --comment "ipv6_icmp" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 22 -m comment --comment "ssh22" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 2200,2222 -m comment --comment "ssh2222" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1234 -m comment --comment "temp1" -j DROP
+-A INPUT -p tcp -m tcp -m multiport --dports 1235 -m comment --comment "temp2" -j REJECT
+-A INPUT -p tcp -m tcp -m multiport --dports 1236 -m comment --comment "addremove" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1236 -m comment --comment "addremove2" -j DROP
+-A INPUT -p 112 -m comment --comment "protocolnum" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1111 -m comment --comment "same comment" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 5431,5432 -m comment --comment "same comment" -j ACCEPT
+-A INPUT -s 2001:db8::ff00:42:8329/128 -p tcp -m tcp -m multiport --dports 80 -m comment --comment "ipv6-source" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1000:1100 -m comment --comment "range" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 1234,5000:5100,5678 -m comment --comment "array" -j ACCEPT
+-A INPUT -p tcp -m tcp -m multiport --dports 5000:5100 -m comment --comment "RPC Port Range In" -j ACCEPT
+-A OUTPUT -p tcp -m tcp -m multiport --dports 443,80 -m comment --comment "HTTP HTTPS" -j ACCEPT
- restore selinux security context
* service[iptables] action restart
================================================================================
Error executing action `restart` on resource 'service[iptables]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service iptables start ----
STDOUT: iptables: Applying firewall rules: [FAILED]
STDERR: iptables-restore: line 2 failed
---- End output of /sbin/service iptables start ----
Ran /sbin/service iptables start returned 1
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb
153: iptables_service = service name do
154: action :nothing
155: end
156: end
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:153:in `rescue in lookup_or_create_service'
service("iptables") do
action [:nothing]
default_guard_interpreter :default
service_name "iptables"
enabled nil
running nil
masked nil
pattern "iptables"
declared_type :service
cookbook_name "firewall"
end
System Info:
------------
chef_version=13.7.16
platform=centos
platform_version=6.9
ruby=ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
program_name=chef-client worker: ppid=3056;start=05:35:30;
executable=/opt/chef/bin/chef-client
* service[ip6tables] action restart
================================================================================
Error executing action `restart` on resource 'service[ip6tables]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /sbin/service ip6tables start ----
STDOUT: ip6tables: Applying firewall rules: [FAILED]
STDERR: ip6tables-restore: line 2 failed
---- End output of /sbin/service ip6tables start ----
Ran /sbin/service ip6tables start returned 1
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb
153: iptables_service = service name do
154: action :nothing
155: end
156: end
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/firewall/libraries/provider_firewall_iptables.rb:153:in `rescue in lookup_or_create_service'
service("ip6tables") do
action [:nothing]
default_guard_interpreter :default
service_name "ip6tables"
enabled nil
running nil
masked nil
pattern "ip6tables"
declared_type :service
cookbook_name "firewall"
end
System Info:
------------
chef_version=13.7.16
platform=centos
platform_version=6.9
ruby=ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
program_name=chef-client worker: ppid=3056;start=05:35:30;
executable=/opt/chef/bin/chef-client
Running handlers:
[2018-01-30T05:35:42+00:00] ERROR: Running exception handlers
Running handlers complete
[2018-01-30T05:35:42+00:00] ERROR: Exception handlers complete
Chef Client failed. 32 resources updated in 11 seconds
[2018-01-30T05:35:42+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2018-01-30T05:35:42+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-01-30T05:35:42+00:00] ERROR: Chef::Exceptions::MultipleFailures
[2018-01-30T05:35:42+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment