[chef] Re: Re: Audit mode with Vagrant only

[Eric Helgeson < >]

I believe it's due to Vagrant extending the chef-solo command for local-mode vs chef-client

https://github.com/mitchellh/vagrant/blob/ea8de92c59102f40f942865423a0a71ffcb6bdc9/plugins/provisioners/chef/provisioner/chef_zero.rb#L9

I'd think that should be a bug? local-mode is more akin to chef-client than chef-solo.

$ chef-solo --audit-mode enabled

/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/mixlib-cli-1.5.0/lib/mixlib/cli.rb:191:in `parse_options': invalid option: --audit-mode (OptionParser::InvalidOption)

from /opt/chefdk/embedded/apps/chef/lib/chef/application.rb:86:in `configure_chef'

from /opt/chefdk/embedded/apps/chef/lib/chef/application.rb:48:in `reconfigure'

from /opt/chefdk/embedded/apps/chef/lib/chef/application/solo.rb:190:in `reconfigure'

from /opt/chefdk/embedded/apps/chef/lib/chef/application.rb:58:in `run'

from /opt/chefdk/embedded/apps/chef/bin/chef-solo:25:in `<top (required)>'

from /usr/bin/chef-solo:51:in `load'

from /usr/bin/chef-solo:51:in `<main>'

$ chef-client --audit-mode enabled

[2015-04-22T10:57:23-05:00] WARN: Chef-client has been configured to audit after it converges. Audit mode is an experimental feature currently under development. API changes may occur. Use at your own risk.
* To enable audit mode after converge, use command line option `--audit-mode enabled` or set `:audit_mode = :enabled` in your config file.
* To disable audit mode, use command line option `--audit-mode disabled` or set `:audit_mode = :disabled` in your config file.
* To only run audit mode, use command line option `--audit-mode audit-only` or set `:audit_mode = :audit_only` in your config file.
Audit mode is disabled by default.
Starting Chef Client, version 12.2.1

-Eric Helgeson

@nulleric

https://usingchef.com

On Wed, Apr 22, 2015 at 9:57 AM, Joshua Timberman < " target="_blank"> > wrote:

Ohai,

I'm running audit mode via test kitchen in the audit-cis cookbook. The .kitchen.yml has:

provisioner:

  name: chef_zero

  client_rb:

    audit_mode: :enabled

Test Kitchen 1.4.0 is required for this - it's not released but the RC is in ChefDK 0.5.0.

And I have some other discussion about this on my blog post here:

http://jtimberman.housepub.org/blog/2015/04/03/chef-audit-mode-introduction/

I'm not sure how to do this in vanilla Vagrant though.

On Wed, Apr 22, 2015 at 8:26 AM, Eric Helgeson < " target="_blank"> > wrote:

Hello!

I'm trying to get audit-mode to work just with vagrant and chef-client 12.2.1. Since there's no option in Vagrant yet I tried passing it in the chef.arguments, but get this error -

$ cat Vagrantfile | grep audit
    chef.arguments = "--audit-mode enabled"
 
$ vagrant provision
==> default: Running provisioner: chef_zero...
==> default: Detected Chef (12.2.1) is already installed
Generating chef JSON and uploading...
==> default: Running chef-zero...
==> default: /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/mixlib-cli-1.5.0/lib/mixlib/cli.rb:191:in `parse_options'
==> default: : 
==> default: invalid option: --audit-mode (OptionParser::InvalidOption)
==> default: 	from /opt/chef/embedded/apps/chef/lib/chef/application.rb:86:in `configure_chef'
==> default: 	from /opt/chef/embedded/apps/chef/lib/chef/application.rb:48:in `reconfigure'
==> default: 	from /opt/chef/embedded/apps/chef/lib/chef/application/solo.rb:190:in `reconfigure'
==> default: 	from /opt/chef/embedded/apps/chef/lib/chef/application.rb:58:in `run'
==> default: 	from /opt/chef/embedded/apps/chef/bin/chef-solo:25:in `<top (required)>'
==> default: 	from /usr/bin/chef-solo:51:in `load'
==> default: 	from /usr/bin/chef-solo:51:in `<main>'
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

Also tried passing in a chef.custom_config_path = 'path/to/client.rb' with `audit_mode :enabled` but those options don't seem to get picked up.

Thanks,

-Eric Helgeson

@nulleric

https://usingchef.com

--

Joshua Timberman