[chef] Re: Re: Re: Compile time order

[Matt Ray < >]

The way the Firewall cookbook works allows for multiple providers
under the covers. It would be pretty slick for someone to write a
shorewall provider to go with it (ufw is already there as an example).

Just saying :)

Thanks,
Matt Ray
Senior Technical Evangelist | Opscode Inc.

 
 | (512) 731-2218
Twitter, IRC, GitHub: mattray



On Mon, Nov 7, 2011 at 11:21 AM,  
<
 >
 wrote:
> Thanks Matt,
>
> I'm using Shorewall as my primary firewall management script. And I already
> using attributes in environment/roles and cookbook attribute files to define
> rules. But things starting to become more complicated, so I need to put some
> attribute definitions inside "recipe" itself, and I need a way to get them
> in "firewall" recipe. My current setup, nor ufw recipe is not capable of
> doing this.
>
> I think I will stick with "resource patching" (very cool feature!) and
> Definitions for some time.
>
> On Mon, 7 Nov 2011 11:09:19 -0600, Matt Ray wrote:
>>
>> If you're using the firewall and ufw cookbooks provided by Opscode,
>> take a look at using the default ufw recipe. You can just use
>> attributes in roles and cookbook attribute files to define your
>> firewall rules and the recipe will merge and apply them. There are
>> more complicated setups supported by the ufw cookbook as well.
>> https://github.com/opscode/cookbooks/tree/master/ufw
>>
>> Thanks,
>> Matt Ray
>> Senior Technical Evangelist | Opscode Inc.
>> 
 
>>  | (512) 731-2218
>> Twitter, IRC, GitHub: mattray
>>
>>
>>
>> On Mon, Nov 7, 2011 at 9:43 AM,  
>> <
 >
>>  wrote:
>>>
>>> Hi All,
>>>
>>> I'm rather new Chef but already impressed with its power.
>>> For my current Chef investigations I need some way to put recipe at the
>>> end
>>> of recipes list ignoring the real order of it in node's run_list.
>>> I'm working on automated firewall configuration and now using attribute
>>> files of recipes to declare what ports this recipe needs to be opened.
>>> "Firewall" recipe then parses all ports at compile time and creates
>>> initial
>>> data for a template. But if I declare settings not in attribute file but
>>> in
>>> recipe itself (via node.default/node.set) - then this change is invisible
>>> to
>>> "firewall" recipe because it is already compiled. My thoughts were to
>>> have
>>> some callback at the end of compile time or a way of putting dynamically
>>> some code at the end of run_list (without saving it to node state) - so
>>> "firewall" recipe declared elsewhere could put callback and read the
>>> final
>>> attributes state.
>>>
>>> Maybe there is some workaround to do this, or I need to change logic
>>> completely to fit to current Chef run model?
>>>
>>> wbr,
>>> Dmitry.
>>>
>
>