patternMinor
Sharing Gems between Chef and System Ruby
Viewed 0 times
chefgemssystembetweenrubyandsharing
Problem
I know about the
chef_gem resource obv, but in the interests of good system hygiene I would like to avoid as much as possible duplication, so I would like to share Gems between the embedded Ruby within Chef, and the system-wide one. Additionally I have become aware of a troubling situation: the Gems I have in the system Ruby come from the known-good local Yum repo and are installed via RPM over the LAN whereas chef_gem goes off to the public Internet, and recent events in the Python community have made me very concerned about this. I have tried setting ENV['GEM_PATH'] in my recipe both before and inside a ruby_block but this appears to have no effect, I get a failure on require. What am I missing?Solution
To take your points one by one:
but in the interests of good system hygiene I would like to avoid as much as possible duplication
Can you ensure your system ruby will evolve at the same pace as the Chef's ruby ? Main point of chef coming as a bundle with its own ruby comes back from Chef 10 which was installed via a simple gem command and was usually a problem switching between ruby needed for applications and ruby needed by chef, the same goes for gem dependencies. I would advise against mixing system and chef ruby.
the Gems I have in the system Ruby come from the known-good local Yum repo and are installed via RPM over the LAN whereas chef_gem goes off to the public Internet
While I understand and agree with the worrying about recent pipy events, there's two things here:
If you really want to use a local repo you'll have to set up a gem server (alternatively, some artifact repositories can handle that also) and set-up the sources for gem using chef's
If you're using a chef client above 13.0 your can use the
The location to source rubygems. It can be set to a string or array of
strings for URIs to set as rubygems sources. This allows individuals
to setup an internal mirror of rubygems for “airgapped” environments.
Default value: https://www.rubygems.org.
Changed in Chef Client 13.0.
And finally:
I have tried setting ENV['GEM_PATH'] in my recipe both before and
inside a ruby_block but this appears to have no effect, I get a
failure on require
Chef omnibus package hardcode some values specially to avoid interfering with the system ruby, I think the GEM_PATH environment variable is ignored when searching for gem you
but in the interests of good system hygiene I would like to avoid as much as possible duplication
Can you ensure your system ruby will evolve at the same pace as the Chef's ruby ? Main point of chef coming as a bundle with its own ruby comes back from Chef 10 which was installed via a simple gem command and was usually a problem switching between ruby needed for applications and ruby needed by chef, the same goes for gem dependencies. I would advise against mixing system and chef ruby.
the Gems I have in the system Ruby come from the known-good local Yum repo and are installed via RPM over the LAN whereas chef_gem goes off to the public Internet
While I understand and agree with the worrying about recent pipy events, there's two things here:
- Your system ruby install gems from yum repository because your system ruby's
gemcommand has been tweaked for that, that's specific to your distribution. -
- Chef's ruby use usual ruby method going to rubygems.org, as any ruby installed by rbenv or any other way than yum install would do.
If you really want to use a local repo you'll have to set up a gem server (alternatively, some artifact repositories can handle that also) and set-up the sources for gem using chef's
gem sources in /opt/chef/embedded/bin.If you're using a chef client above 13.0 your can use the
rubygems_url in client.rb to tweak that:rubygems_urlThe location to source rubygems. It can be set to a string or array of
strings for URIs to set as rubygems sources. This allows individuals
to setup an internal mirror of rubygems for “airgapped” environments.
Default value: https://www.rubygems.org.
Changed in Chef Client 13.0.
And finally:
I have tried setting ENV['GEM_PATH'] in my recipe both before and
inside a ruby_block but this appears to have no effect, I get a
failure on require
Chef omnibus package hardcode some values specially to avoid interfering with the system ruby, I think the GEM_PATH environment variable is ignored when searching for gem you
require within the recipe code. I don't think there's a workaround for this, and again you're heading to a compatibility problem on mid term as you'll have a drift between chef's ruby and system ruby.Code Snippets
rubygems_urlContext
StackExchange DevOps Q#2262, answer score: 2
Revisions (0)
No revisions yet.