From Fiery Bird, 1 Week ago, written in Plain Text.
This paste will go to meet its maker in 10 Months.
Embed
  1. `kitchen verify auth-sql-centos-7` passes successfully on Chef 13, but the converge fails on Chef 14 with two errors: one saying "/usr/sbin/sendmail" could not be found, and the other "Failed to restart postfix.service: Unit not found." Full text of the latter:
  2.  
  3.  
  4. [2019-11-05T00:05:17+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: service[postfix] (postfix::_common line 189) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '5'
  5.        ---- Begin output of /bin/systemctl --system restart postfix ----
  6.        STDOUT:
  7.        STDERR: Failed to restart postfix.service: Unit not found.
  8.        ---- End output of /bin/systemctl --system restart postfix ----
  9.        Ran /bin/systemctl --system restart postfix returned 5
  10.  
  11.  
  12. The `sendmail` issue was resolved by adding `package 'sendmail'` to `test/cookbooks/osl-imap-test/recipes/send_test_email.rb`. In addition, the converge issue was resolved by adding `package 'postfix'` to `recipes/auth_sql.rb`. This doesn't seem like it's the appropriate solution because I believe the `osl-postfix` recipe should be installing `postfix` for us. However, even with that line added (and the recipe converging), we get the following error when verifying:
  13.  
  14.  
  15. $ kitchen verify auth-sql-centos-7
  16. -----> Starting Kitchen (v2.3.1)
  17. -----> Setting up <auth-sql-centos-7>...
  18.        Finished setting up <auth-sql-centos-7> (0m0.00s).
  19. -----> Verifying <auth-sql-centos-7>...
  20.        Detected alternative framework tests for `inspec`
  21.        Loaded tests from {:path=>".home.andrewda.Development.osl-imap.test.integration.auth_sql.inspec"}
  22. [2019-11-05T15:33:42-08:00] WARN: DEPRECATION: The service `be_running?` matcher is deprecated. This is only allowed for compatibility with ServerSpec (used at /home/andrewda/Development/osl-imap/test/integration/auth_sql/inspec/spec_helper.rb:3)
  23.  
  24. Profile: tests from {:path=>"/home/andrewda/Development/osl-imap/test/integration/auth_sql/inspec"} (tests from {:path=>".home.andrewda.Development.osl-imap.test.integration.auth_sql.inspec"})
  25. Version: (not specified)
  26. Target:  ssh://centos@10.1.100.33:22
  27.  
  28.   File /etc/dovecot/conf.d/10-auth.conf
  29.      ✔  content is expected to match /^!include auth-sql.conf.ext$/
  30.   File /etc/dovecot/conf.d/auth-sql.conf.ext
  31.      ✔  content is expected to match /passdb {
  32.        driver = sql
  33.        args = \/etc\/dovecot\/dovecot-sql.conf.ext
  34.      }/
  35.   File /etc/dovecot/dovecot-sql.conf.ext
  36.      ✔  content is expected to match /driver = mysql/
  37.      ✔  content is expected to match /connect = host=127.0.0.1 dbname=dovecot user=dovecot_user password=dovecot_pass/
  38.      ✔  content is expected to match /default_pass_scheme = SHA512-CRYPT/
  39.   File /var/log/maillog
  40.      ×  content is expected to match /postfix\/local.* to=<foo@foo.org>.* status=sent \(delivered to maildir\)$/
  41.      expected "Oct 28 20:32:20 localhost postfix/postfix-script[1052]: starting the Postfix mail system\nOct 28 20:...oletworkstationcassor-cnj63w9 dovecot: master: Warning: SIGHUP received - reloading configuration\n" to match /postfix\/local.* to=<foo@foo.org>.* status=sent \(delivered to maildir\)$/
  42.      Diff:
  43.      @@ -1,2 +1,19 @@
  44.      -/postfix\/local.* to=<foo@foo.org>.* status=sent \(delivered to maildir\)$/
  45.      +Oct 28 20:32:20 localhost postfix/postfix-script[1052]: starting the Postfix mail system
  46.      +Oct 28 20:32:20 localhost postfix/master[1054]: daemon started -- version 2.10.1, configuration /etc/postfix
  47.      +Oct 28 20:33:29 localhost postfix/postfix-script[12169]: stopping the Postfix mail system
  48.      +Oct 28 20:33:29 localhost postfix/master[1054]: terminating on signal 15
  49.      +Nov  5 23:29:51 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 postfix/postfix-script[3227]: starting the Postfix mail system
  50.      +Nov  5 23:29:51 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 postfix/master[3229]: daemon started -- version 2.10.1, configuration /etc/postfix
  51.      +Nov  5 23:30:05 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 postfix/postfix-script[3482]: stopping the Postfix mail system
  52.      +Nov  5 23:30:05 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 postfix/master[3229]: terminating on signal 15
  53.      +Nov  5 23:32:08 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 dovecot: master: Dovecot v2.2.36 (1f10bfa63) starting up for imap, pop3 (core dumps disabled)
  54.      +Nov  5 23:32:12 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 sendmail[19321]: alias database /etc/aliases rebuilt by centos
  55.      +Nov  5 23:32:12 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 sendmail[19321]: /etc/aliases: 76 aliases, longest 10 bytes, 771 bytes total
  56.      +Nov  5 23:32:12 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 sendmail[19332]: xA5NWCk1019332: from=centos, size=79, class=0, nrcpts=1, msgid=<201911052332.xA5NWCk1019332@authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9.novaloca>, relay=root@localhost
  57.      +Nov  5 23:32:12 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 sendmail[19332]: xA5NWCk1019332: to=foo@foo.org, ctladdr=centos (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30079, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
  58.      +Nov  5 23:32:13 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 sendmail[19347]: alias database /etc/aliases rebuilt by root
  59.      +Nov  5 23:32:13 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 sendmail[19347]: /etc/aliases: 76 aliases, longest 10 bytes, 771 bytes total
  60.      +Nov  5 23:32:13 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 postfix/postfix-script[19423]: starting the Postfix mail system
  61.      +Nov  5 23:32:13 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 postfix/master[19425]: daemon started -- version 2.10.1, configuration /etc/postfix
  62.      +Nov  5 23:32:14 authsqlcentos7-andrewda-violetworkstationcassor-cnj63w9 dovecot: master: Warning: SIGHUP received - reloading configuration
  63.  
  64.   Command: `expect <<< '
  65.   spawn openssl s_client -connect localhost:993
  66.   expect {
  67.     -re "OK .* Dovecot ready." {
  68. "     send -- "1 login foo@foo.org bar
  69.       exp_continue
  70.     } -re "1 OK .* Logged in" {
  71. "     send -- "2 select inbox
  72.       exp_continue
  73.     } -re "2 OK .* Select completed" {
  74. "     send -- "3 FETCH 1:* BODY\[TEXT\]
  75.       exp_continue
  76.     } "This test email should be fetchable via IMAP" {
  77.       exit 0
  78.     } default {
  79.       exit 1
  80.     }
  81.   }'`
  82.      ×  exit_status is expected to eq 0
  83.      
  84.      expected: 0
  85.           got: 1
  86.      
  87.      (compared using ==)
  88.  
  89.      ×  stdout is expected to match /This test email should be fetchable via IMAP/
  90.      expected "spawn openssl s_client -connect localhost:993\r\nCONNECTED(00000003)\r\ndepth=0 C = US, ST = Oregon,...1:* BODY[TEXT]\r\n3 BAD Error in IMAP command FETCH: Invalid messageset (0.001 + 0.000 secs).\r\r\n" to match /This test email should be fetchable via IMAP/
  91.      Diff:
  92.      @@ -1,2 +1,93 @@
  93.      -/This test email should be fetchable via IMAP/
  94.      +spawn openssl s_client -connect localhost:993
  95.      +CONNECTED(00000003)
  96.      +depth=0 C = US, ST = Oregon, CN = OSU Open Source Lab, DC = example
  97.      +verify error:num=18:self signed certificate
  98.      +verify return:1
  99.      +depth=0 C = US, ST = Oregon, CN = OSU Open Source Lab, DC = example
  100.      +verify error:num=10:certificate has expired
  101.      +notAfter=Jul  7 02:16:16 2018 GMT
  102.      +verify return:1
  103.      +depth=0 C = US, ST = Oregon, CN = OSU Open Source Lab, DC = example
  104.      +notAfter=Jul  7 02:16:16 2018 GMT
  105.      +verify return:1
  106.      +---
  107.      +Certificate chain
  108.      + 0 s:/C=US/ST=Oregon/CN=OSU Open Source Lab/DC=example
  109.      +   i:/C=US/ST=Oregon/CN=OSU Open Source Lab/DC=example
  110.      +---
  111.      +Server certificate
  112.      +-----BEGIN CERTIFICATE-----
  113.      +MIIDIzCCAgugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEP
  114.      +MA0GA1UECAwGT3JlZ29uMRwwGgYDVQQDDBNPU1UgT3BlbiBTb3VyY2UgTGFiMRcw
  115.      +FQYKCZImiZPyLGQBGRYHZXhhbXBsZTAeFw0xNzA3MDcwMjE2MTZaFw0xODA3MDcw
  116.      +MjE2MTZaMFUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xHDAaBgNVBAMM
  117.      +E09TVSBPcGVuIFNvdXJjZSBMYWIxFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMIIB
  118.      +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTB43iXeEI9ePWj3CWp10z5B
  119.      +BRpS57d6gPvHvR0OkZC/HHGgYtrNSVZ5gP+rpt2BrhwrGFFjBrRWLYyLnoljSmsq
  120.      +wtcL4Ar1cgUCxZ0xzd+xxHETsITxQxDUfESRCzJhKz686EfUNFVPTPHn2Xmk8lxj
  121.      +P4ekiaR5CjZUI9NCe4puFIbzj2OInjopO8i4jeHdGnzOqVLgti9v6bJMG8+MkWtH
  122.      +UWKqgLalCKUVun2LtCi1q9TKJr4KGfAj9x6PoawJkNLDLYapjYwLdT5ZosmThdhE
  123.      +BDvfoVtER9f0R9HbO8+JI3nxj71AstgyiJ74HswQWkcdxY/AHdi275UG0N7iMQID
  124.      +AQABMA0GCSqGSIb3DQEBBQUAA4IBAQB3Cfbqbgb1IBMxmFkQO1tWQk5NplQpZJ6Y
  125.      +te1hdz7lsOHL6kNctw3yLIce5QWzN7lh+Obwt4jAM/b2Em/cZz78/erWjGCHTV9m
  126.      +0mTyj9vrP0J1yAaBOYQ3VLfOZJcy3fcq536ST7rCvZI5x+m5Vb67jDWqcwkQTpHD
  127.      +t1iHg6P/txUeh+TDMiANUOLHQpIp6wJDqY18gbVD/KohXGE1mzqHpV/xhCta6K8u
  128.      +f2iDyWjBCjbGQ+ISV/o0NGOdY6a5f31APhrhYipr5zQYkdjMSSdJnKL/5wtZkdKy
  129.      +n35gtugw0ekJCuKvruIYAHSLI3WNmvEPyB4W/UI/z+X2JfQeDLb1
  130.      +-----END CERTIFICATE-----
  131.      +subject=/C=US/ST=Oregon/CN=OSU Open Source Lab/DC=example
  132.      +issuer=/C=US/ST=Oregon/CN=OSU Open Source Lab/DC=example
  133.      +---
  134.      +No client certificate CA names sent
  135.      +Peer signing digest: SHA512
  136.      +Server Temp Key: ECDH, P-256, 256 bits
  137.      +---
  138.      +SSL handshake has read 1466 bytes and written 415 bytes
  139.      +---
  140.      +New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
  141.      +Server public key is 2048 bit
  142.      +Secure Renegotiation IS supported
  143.      +Compression: NONE
  144.      +Expansion: NONE
  145.      +No ALPN negotiated
  146.      +SSL-Session:
  147.      +    Protocol  : TLSv1.2
  148.      +    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
  149.      +    Session-ID: 68E137D7A62A478FF480A774D5DBCB21A03A2E15FE84C4D18759584B794C67FE
  150.      +    Session-ID-ctx:
  151.      +    Master-Key: 7120B7C6495D545F7E4004573108D61CAA95B3469A2577F62595584FE01A31381020195A59EC2ACF8BB94CFB222288DB
  152.      +    Key-Arg   : None
  153.      +    Krb5 Principal: None
  154.      +    PSK identity: None
  155.      +    PSK identity hint: None
  156.      +    TLS session ticket lifetime hint: 300 (seconds)
  157.      +    TLS session ticket:
  158.      +    0000 - 67 99 eb 46 ae 52 0f 02-0f 4f 28 d4 2e 35 4b 74   g..F.R...O(..5Kt
  159.      +    0010 - 76 92 af f7 19 ae c8 e4-01 3d 6a cc 79 3c de 98   v........=j.y<..
  160.      +    0020 - 1d 40 7a c6 ed 15 d1 af-01 6f 0d 1b de a8 eb dd   .@z......o......
  161.      +    0030 - 01 8c 82 34 c9 0a c8 34-bf bd 1c c5 5c fc 49 1c   ...4...4....\.I.
  162.      +    0040 - bf ee 1d 0f 2c c5 88 30-ae a0 fd d4 40 82 08 da   ....,..0....@...
  163.      +    0050 - 95 9d d8 b0 d1 10 62 64-b1 7e 12 0c a4 c0 7e 05   ......bd.~....~.
  164.      +    0060 - 49 e8 78 b6 c9 16 5e e7-75 cb 69 cc 7a 95 d3 b1   I.x...^.u.i.z...
  165.      +    0070 - c1 d6 11 c9 e6 53 b1 18-20 74 61 70 87 59 bd a5   .....S.. tap.Y..
  166.      +    0080 - 78 69 16 7a 2d 18 37 68-ac a4 d6 8f 20 30 1c d3   xi.z-.7h.... 0..
  167.      +    0090 - c5 63 c6 0b 9a a6 f5 ff-2d b2 cc 7e ed a4 11 5a   .c......-..~...Z
  168.      +
  169.      +    Start Time: 1572996811
  170.      +    Timeout   : 300 (sec)
  171.      +    Verify return code: 10 (certificate has expired)
  172.      +---
  173.      +* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
  174.      +1 login foo@foo.org bar
  175.      +1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY] Logged in
  176.      +2 select inbox
  177.      +* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
  178.      +* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
  179.      +* 0 EXISTS
  180.      +* 0 RECENT
  181.      +* OK [UIDVALIDITY 1572996811] UIDs valid
  182.      +* OK [UIDNEXT 1] Predicted next UID
  183.      +2 OK [READ-WRITE] Select completed (0.211 + 0.000 + 0.210 secs).
  184.      +3 FETCH 1:* BODY[TEXT]
  185.      +3 BAD Error in IMAP command FETCH: Invalid messageset (0.001 + 0.000 secs).
  186.  
  187.   Service dovecot
  188.      ✔  is expected to be enabled
  189.      ✔  is expected to be running
  190.   Port 993
  191.      ✔  is expected to be listening
  192.   Port 995
  193.      ✔  is expected to be listening
  194.   Port 110
  195.      ✔  is expected not to be listening
  196.   Port 143
  197.      ✔  is expected not to be listening
  198.   File /etc/dovecot/conf.d/10-auth.conf
  199.      ✔  content is expected to match /disable_plaintext_auth = yes/
  200.      ✔  content is expected to match /auth_mechanisms = plain login/
  201.   File /etc/dovecot/conf.d/10-master.conf
  202.      ✔  content is expected to match /service auth {
  203.        unix_listener \/var\/spool\/postfix\/private\/auth {
  204.          group = postfix
  205.          mode = 0660
  206.          user = postfix
  207.        }
  208.      }/
  209.   File /var/spool/postfix/private/auth
  210.      ✔  is expected to be socket
  211.      ✔  mode is expected to cmp == 432
  212.      ✔  owner is expected to eq "postfix"
  213.      ✔  group is expected to eq "postfix"
  214.   File /etc/dovecot/conf.d/10-ssl.conf
  215.      ✔  content is expected to match /ssl = required/
  216.      ✔  content is expected to match /ssl_cert = <\/etc\/pki\/tls\/certs\/wildcard.pem/
  217.      ✔  content is expected to match /ssl_key = <\/etc\/pki\/tls\/private\/wildcard.key/
  218.   File /etc/pki/tls/certs/wildcard.pem
  219.      ✔  is expected to exist
  220.   File /etc/pki/tls/certs/wildcard-bundle.crt
  221.      ✔  is expected to exist
  222.   File /etc/pki/tls/private/wildcard.key
  223.      ✔  is expected to exist
  224.  
  225. Test Summary: 24 successful, 3 failures, 0 skipped
  226. >>>>>> ------Exception-------
  227. >>>>>> Class: Kitchen::ActionFailed
  228. >>>>>> Message: 1 actions failed.
  229. >>>>>>     Verify failed on instance <auth-sql-centos-7>.  Please see .kitchen/logs/auth-sql-centos-7.log for more details
  230. >>>>>> ----------------------
  231. >>>>>> Please see .kitchen/logs/kitchen.log for more details
  232. >>>>>> Also try running `kitchen diagnose --all` for configuration