"Network unreachable" with centos + chef + vagrant

Question

I'm trying to write a Vagrantfile to install nginx on CentOS 6.4 images.

In my Vagrantfile I have (ip's redacted):

  config.vm.provision :shell,
   :inline => "echo \"export http_proxy=http://10.0.0.1:3128\; export https_proxy=https://10.0.0.1:3128\" >> /etc/profile"

  config.vm.provision :shell,
   :inline => "echo \"export HTTP_PROXY=http://10.0.0.1:3128\; export HTTPS_PROXY=https://10.0.0.1:3128\" >> /etc/profile"

   config.vm.provision :shell,
    :inline => "echo \"proxy=http://10.0.0.1:3128\" >> /etc/yum.conf"

  config.vm.provision "chef_solo" do |chef|
    chef.add_recipe "nginx"
    chef.json = {
      "http_proxy" => "http://10.0.0.1:3128",
      "https_proxy" => "https://10.0.0.1:3128",
      "nginx" => {
        "install_method" => "package"
      }
    }
  end

When I run it, everything is happy up until it tries to run yum and tries to install the GPG file, when I get the error:

Bringing machine 'default' up with 'virtualbox' provider...
[default] Importing base box 'Base-CentOS-6.4'...

Progress: 10%
Progress: 20%
Progress: 40%
Progress: 60%
Progress: 80%
Progress: 90%
[default] Matching MAC address for NAT networking...
[default] Setting the name of the VM...
[default] Clearing any previously set forwarded ports...
[default] Creating shared folders metadata...
[default] Clearing any previously set network interfaces...
[default] Preparing network interfaces based on configuration...
[default] Forwarding ports...
[default] -- 22 => 2222 (adapter 1)
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
[default] VM booted and ready for use!
[default] Mounting shared folders...
[default] -- /vagrant
[default] -- /tmp/vagrant-chef-1/chef-solo-1/cookbooks
[default] Running provisioner: shell...
[default] Running: inline script
[default] Running provisioner: shell...
[default] Running: inline script
[default] Running provisioner: shell...
[default] Running: inline script
[default] Running provisioner: chef_solo...
Generating chef JSON and uploading...
Running chef-solo...
[2013-08-22T01:24:00+00:00] INFO: Forking chef instance to converge...
[2013-08-22T01:24:00+00:00] INFO: *** Chef 11.6.0 ***
[2013-08-22T01:24:00+00:00] INFO: Setting the run_list to ["recipe[nginx]"] from JSON
[2013-08-22T01:24:00+00:00] INFO: Run List is [recipe[nginx]]
[2013-08-22T01:24:00+00:00] INFO: Run List expands to [nginx]
[2013-08-22T01:24:00+00:00] INFO: Starting Chef Run for localhost
[2013-08-22T01:24:00+00:00] INFO: Running start handlers
[2013-08-22T01:24:00+00:00] INFO: Start handlers complete.
[2013-08-22T01:24:01+00:00] INFO: ohai plugins will be at: /etc/chef/ohai_plugins
[2013-08-22T01:24:01+00:00] INFO: remote_directory[/etc/chef/ohai_plugins] created directory /etc/chef/ohai_plugins
[2013-08-22T01:24:01+00:00] INFO: remote_directory[/etc/chef/ohai_plugins] mode changed to 755
[2013-08-22T01:24:01+00:00] INFO: cookbook_file[/etc/chef/ohai_plugins/README] created file /etc/chef/ohai_plugins/README
[2013-08-22T01:24:01+00:00] INFO: cookbook_file[/etc/chef/ohai_plugins/README] updated file contents /etc/chef/ohai_plugins/README
[2013-08-22T01:24:01+00:00] INFO: cookbook_file[/etc/chef/ohai_plugins/README] mode changed to 644
[2013-08-22T01:24:01+00:00] INFO: ohai[custom_plugins] reloaded
[2013-08-22T01:24:01+00:00] WARN: Cloning resource attributes for service[nginx] from prior resource (CHEF-3694)
[2013-08-22T01:24:01+00:00] WARN: Previous service[nginx]: /tmp/vagrant-chef-1/chef-solo-1/cookbooks/nginx/recipes/default.rb:44:in `from_file'
[2013-08-22T01:24:01+00:00] WARN: Current  service[nginx]: /tmp/vagrant-chef-1/chef-solo-1/cookbooks/nginx/recipes/default.rb:51:in `from_file'
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] created file /etc/chef/ohai_plugins/nginx.rb
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] updated file contents /etc/chef/ohai_plugins/nginx.rb
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] owner changed to 0
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] group changed to 0
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] mode changed to 755
[2013-08-22T01:24:01+00:00] INFO: template[/etc/chef/ohai_plugins/nginx.rb] sending reload action to ohai[reload_nginx] (immediate)
[2013-08-22T01:24:01+00:00] INFO: ohai[reload_nginx] reloaded
[2013-08-22T01:24:01+00:00] INFO: Adding RPM-GPG-KEY-EPEL-6 GPG key to /etc/pki/rpm-gpg/
[2013-08-22T01:24:12+00:00] INFO: remote_file[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6] created file /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

================================================================================
Error executing action `create` on resource 'remote_file[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6]'
================================================================================


Errno::ENETUNREACH
------------------
Network is unreachable - connect(2)


Resource Declaration:
---------------------
# In /tmp/vagrant-chef-1/chef-solo-1/cookbooks/yum/providers/key.rb

 61:       remote_file "/etc/pki/rpm-gpg/#{new_resource.key}" do
 62:         source new_resource.url
 63:         mode "0644"
 64:         notifies :run, "execute[import-rpm-gpg-key-#{new_resource.key}]", :immediately
 65:       end
 66:     end



Compiled Resource:
------------------
# Declared in /tmp/vagrant-chef-1/chef-solo-1/cookbooks/yum/providers/key.rb:61:in `block in class_from_file'

remote_file("/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6") do
  provider Chef::Provider::RemoteFile
  action "create"
  retries 0
  retry_delay 2
  path "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6"
  backup 5
  atomic_update true
  source ["http://mirror.aarnet.edu.au/pub/epel/RPM-GPG-KEY-EPEL-6"]
  use_etag true
  use_last_modified true
  cookbook_name :yum
  mode "0644"
end



[2013-08-22T01:25:20+00:00] INFO: Running queued delayed notifications before re-raising exception
[2013-08-22T01:25:20+00:00] ERROR: Running exception handlers
[2013-08-22T01:25:20+00:00] ERROR: Exception handlers complete
[2013-08-22T01:25:20+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2013-08-22T01:25:20+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.
[Finished in 126.4s with exit code 127]

and the stacktrace has (plus the stack trace):

[root@localhost ~]# cat /var/chef/cache/chef-stacktrace.out
Generated at 2013-08-22 01:25:20 +0000
Errno::ENETUNREACH: remote_file[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6] (/tmp/vagrant-chef-1/chef-solo-1/cookbooks/yum/providers/key.rb line 61) had an error: Errno::ENETUNREACH: Network is unreachable - connect(2)

When I ssh into the box, check the proxies and try to curl the key, I have no problems.

[drew@mymachine dev-environment]$ vagrant ssh
Last login: Thu Aug 22 01:25:36 2013 from 10.0.0.2
Welcome to your Vagrant-built virtual machine.
[vagrant@localhost ~]$ echo -e "$http_proxy"" - ""$https_proxy""\n""$HTTP_PROXY"" - ""$HTTPS_PROXY"
http://10.0.0.1:3128 - https://10.0.0.1:3128
http://10.0.0.1:3128 - https://10.0.0.1:3128

[vagrant@localhost ~]$ curl "http://mirror.aarnet.edu.au/pub/epel/RPM-GPG-KEY-EPEL-6"
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1
JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B
...
XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==
=V/6I
-----END PGP PUBLIC KEY BLOCK-----
[vagrant@localhost ~]$

I can also happily use yum inside the box without any issues.

I'm behind a proxy server in a corporate network, so I'm thinking maybe chef isn't paying attention to the proxy settings. My question is has anyone else experienced this before, or have any insight into running chef behind a proxy where they're getting unreachable networks?

I'm thinking if I can't fix it, to just download and install the key before chef runs, but I'd like to know if there's something else happening here.

Answer 1

You need to set the attributes directly on the chef object:

config.vm.provision :chef_solo do |chef|
  chef.http_proxy = $http_proxy
  chef.https_proxy = $https_proxy
  chef.no_proxy = $no_proxy

Additionally, instead of manually invoking the shell scripts to set the environment variables, I would recommend using the vagrant-proxyconf plugin. Please note that this does not propagate to chef_solo, don't drop the configuration from the above snippet.

Configuration would be as follows:

$http_proxy  = "http://10.10.1.1:4128/"
$https_proxy = "http://10.10.1.1:4128/"
$no_proxy    =  "localhost,127.0.0.1,.ag.hermle.de"

Vagrant.configure("2") do |config|
  config.proxy.http     = $http_proxy
  config.proxy.https    = $https_proxy
  config.proxy.no_proxy = $no_proxy

Update: Probably vagrant-proxyconf will support chef proxy configuration in the future, see https://github.com/tmatilai/vagrant-proxyconf/issues/19.

Answer 2

I think chef-solo doesn't support proxy configuration. http://docs.opscode.com/config_rb_solo.html

You could try to create another half empty chef recipe which would get your http_proxy variables in the "vagrant up" environment.

Something like:

  ENV['http_proxy'] = "http://10.0.0.1:3128"
  ENV['https_proxy'] = "https://10.0.0.1:3128"

And then add that recipe to to be in the first steps of your vagrant file execution:

  chef.add_recipe '[my_http_recipe]'

Hope this helps