Unable to install on host with Chef-managed sysctls
Summary
gitlab-ctl reconfigure
fails on hosts with pre-existing sysctl directives managed by Chef.
Steps to reproduce
Provision the Gitlab host using Chef, and create any set of sysctls, for example using os-hardening cookbook.
Then apply the omnibus-gitlab cookbook (or install the omnibus manually).
What is the current bug behavior?
The sysctl
Chef resource creates per-directive files with no newline at end of file.
gitlab-ctl reconfigure
fails on sysctl parameters because it does cat
all the sysctl params and pipes them into sysctl
, which literally equals to:
echo fs.suid_dumpable = 0kernel.randomize_va_space = 2kernel.sysrq = 0net.ipv4.conf.all.accept_redirects = 0net.ipv4.conf.all.accept_source_route = 0net.ipv4.conf.all.arp_announce = 2net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.log_martians = 1net.ipv4.conf.all.rp_filter
= 1net.ipv4.conf.all.secure_redirects = 0net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.all.shared_media = 1net.ipv4.conf.default.accept_redirects = 0net.ipv4.conf.default.accept_source_route = 0net.ipv4.conf.default.log_martians = 1net.ipv4.conf.default.rp_filter = 1n
et.ipv4.conf.default.secure_redirects = 0 | sysctl -e -p -
What is the expected correct behavior?
omnibus-gitlab should only care about its own sysctls, and ideally rely on sysctl
Chef resource too.
Relevant logs
Relevant logs
================================================================================ Error executing action `create` on resource 'sysctl[kernel.shmmax]' ================================================================================Mixlib::ShellOut::ShellCommandFailed ------------------------------------ execute[load sysctl conf kernel.shmmax] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/resources/sysctl.rb line 60) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '255' ---- Begin output of cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p - ---- STDOUT: STDERR: sysctl: setting key "fs.suid_dumpable" ---- End output of cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p - ---- Ran cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p - returned 255 Resource Declaration: --------------------- # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/postgresql/recipes/enable.rb 62: sysctl "kernel.shmmax" do 63: value node['gitlab']['postgresql']['shmmax'] 64: end 65: Compiled Resource: ------------------ # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/postgresql/recipes/enable.rb:62:in `from_file' sysctl("kernel.shmmax") do action [:create] updated true updated_by_last_action true default_guard_interpreter :default declared_type :sysctl cookbook_name "postgresql" recipe_name "enable" value 17179869184 end System Info: ------------ chef_version=13.6.4 platform=debian platform_version=9.8 ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux] program_name=/opt/gitlab/embedded/bin/chef-client executable=/opt/gitlab/embedded/bin/chef-client
Details of package version
gitlab-ce 11.10.4-ce.0
Environment details
- Operating System: Debian Stretch
- Installation Target: AWS
- Installation Type: New Installation
- Is there any other software running on the machine: No
- Is this a single or multiple node installation: Single