If you're using the firewall and ufw cookbooks provided by Opscode,
take a look at using the default ufw recipe. You can just use
attributes in roles and cookbook attribute files to define your
firewall rules and the recipe will merge and apply them. There are
more complicated setups supported by the ufw cookbook as well.
https://github.com/opscode/cookbooks/tree/master/ufw
Thanks,
Matt Ray
Senior Technical Evangelist | Opscode Inc.
| (512) 731-2218
Twitter, IRC, GitHub: mattray
On Mon, Nov 7, 2011 at 9:43 AM,
< >
wrote:
Hi All,
I'm rather new Chef but already impressed with its power.
For my current Chef investigations I need some way to put recipe at the end
of recipes list ignoring the real order of it in node's run_list.
I'm working on automated firewall configuration and now using attribute
files of recipes to declare what ports this recipe needs to be opened.
"Firewall" recipe then parses all ports at compile time and creates initial
data for a template. But if I declare settings not in attribute file but in
recipe itself (via node.default/node.set) - then this change is invisible to
"firewall" recipe because it is already compiled. My thoughts were to have
some callback at the end of compile time or a way of putting dynamically
some code at the end of run_list (without saving it to node state) - so
"firewall" recipe declared elsewhere could put callback and read the final
attributes state.
Maybe there is some workaround to do this, or I need to change logic
completely to fit to current Chef run model?
wbr,
Dmitry.
Archive powered by MHonArc 2.6.16.