chef - [chef] Re: Re: Re: Re: Re: using env attr to override a default

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Re: Re: Re: using env attr to override a default

From: AJ Christensen < >
To:
Subject: [chef] Re: Re: Re: Re: Re: using env attr to override a default
Date: Wed, 28 Sep 2011 14:46:23 +1300

Yo,

On 28 September 2011 14:32,
< >
wrote:
> hai, responses inline.
>
> On Wed, 28 Sep 2011, AJ Christensen wrote:
>
>> > [chef-repo]$ cat environments/dev.json
>> > {
>> >  "name": "dev",
>> >  "default_attributes": {
>> >    "postfix": {
>> >      "mail-server": {
>> >        "relayhost": "[outbound.mailhop.org],[smtp.gmail.com]:587"
>> >      },
>> >      "mail-client": {
>> >        "relayhost": "mungbeans.dev.dorqtown.com"
>> >      }
>> >    }
>> >  },
>> >  "json_class": "Chef::Environment",
>> >  "description": "Development environment (dev)",
>> >  "chef_type": "environment"
>> > }
>>
>> This new one is bad too. The structure you want, quote unquote, is:
>>
>> "default_attributes": {
>>   "postfix": { "relayhost" : "mungbeans.dev.dorqtown.com" }
>> }
>>
>> Notice the wildly obvious exclusion of any mention of the "name" of
>> your other roles, "mail-server" and "mail-client" - the names of the
>> roles are irrelevant. they are *attribute holders* - you will unlikely
>> ever refer to them by name apart from when doing a Search or run_list
>> introspection for dual-behavior.
>
> ah.. and now that i've corrected the dev env with your feedback
> above, it's working, in that a client's main.cf gets the env relayhost
> rather that the default one from the cookbook. yay!
>
>> This whole pattern you're in - setting things globally - is a sure
>> sign of a cfengine "expert".
>
> ayep. i'm workin' on grokkin' a new config mgmt paradigm here.
>
>> In chef, you do *not* want to be doing
>> that configuration - you want to be discovering it. The relay server
>> node can expose attributes to the search index, which is exposed to
>> all nodes with access. You can simply query for a combination of a
>> recipe + particular attribute/value.
>>
>> I'd suggest using the existing Opscode cookbooks which already
>> implement Search for discovery of the local relay master, by toggling
>> an attribute.
>>
>> https://github.com/opscode/cookbooks/blob/master/postfix/attributes/default.rb#L1
>>
>> e.g.
>>
>> role postfix_client defaults postfix.client_type = "client"
>> role postfix_server defaults postfix.client_type = "master"
>
> i just ran thru the opscode postfix cookbook from a pristine state,
> and followed jtimberman's blog about "Encrypted Data Bag for Postfix
> SASL Authentication". that helped turn a little light on for me, even
> tho i'm getting a chef client error about smtp_sasl (i'll poke at that
> later). so i skip the smtp_sasl bit, and just try to get a vanilla
> postfix master and client.
>
> my postfix master node kept converging as a client until, while using
> jtimberman's "operations master" role, i added an override_attribute
> to that role as "mail_type" => "master". once i did that, it worked:
> it became a master. (jtimberman, is that missing from your role in this
> blog post?)
>

Sounds like a bug in the blog post, for sure.

> now i wonder if i'm still falling back into setting things globally.
> am i? is there a better, more flexible way to do this?

I'd advise, for a beginner attempting to concrete some ideology, a
postfix_master role that defaults the attribute postfix.mail_type to
"master".

You can easily include this role in another role to turn it into a
postfix master, instead of cluttering up your "mail-server" role which
theoretically could be extended to support multiple portions of the
Postfix system; maybe a spam filter, rewriter server or handling final
delivery.

It also keeps all postfix master related settings in a single file /
attribute setting for ease of management.

You can also use the environmental run lists functionality of
environments to say, consolidate the postfix-master role automatically
onto any mail-server role in the development environment (or similar).

> my mail-server role, based on jtimberman's post
> (http://jtimberman.posterous.com/64227128), sans recipe[postfix::sasl_auth]:

postfix-master.rb:

name "postfix-master"
default_attributes(
  "postfix" => {
   "mail_type" => "master",
   "relayhost" => "[outbound.mailhop.org]"
}
)

mail-server.rb:
name "mail-server"
default_attributes(
  "postfix" => {
     "smtp_sasl_auth_enable" => "no",
     "smtp_sasl_passwd" => "",
     "smtp_sasl_user_name" => ""
  }
)

I hope this helps.

–AJ

[chef] using env attr to override a default, kallen, 09/26/2011
- [chef] Re: using env attr to override a default, AJ Christensen, 09/26/2011
  - [chef] Re: Re: using env attr to override a default, kallen, 09/27/2011
    - [chef] Re: Re: Re: using env attr to override a default, andi abes, 09/27/2011
      - [chef] Re: Re: Re: Re: using env attr to override a default, kallen, 09/27/2011
        
        [chef] Re: Re: Re: Re: Re: using env attr to override a default, Matt Ray, 09/27/2011
        
        [chef] Re: Re: Re: Re: Re: Re: using env attr to override a default, kallen, 09/27/2011
    - [chef] Re: Re: Re: using env attr to override a default, AJ Christensen, 09/27/2011
      - [chef] Re: Re: Re: Re: using env attr to override a default, kallen, 09/27/2011
        
        [chef] Re: Re: Re: Re: Re: using env attr to override a default, AJ Christensen, 09/27/2011