[chef] Re: Notifications and data

[Steffen Gebert < >]

> notifies :run, "script[set_empty_password_for_#{u[:id]}]"

Thanks a lot, Matt. That makes sense and works!

You see it commented out in the code (https://gist.github.com/1523594):
Before I had action :run and checked with
only_if do { File.open("/etc/shadow", "rb").read().index(/^#{u[:id]}:!:/) != 
nil }

What do you consider "cleaner"? Checking only_if during every run of 
chef-client or this "hack"? In fact.. latter one seems also to require this 
hack.. so I will go for your solution, thanks :)

Steffen

On 27.12.2011, at 18:05, Matthew Moretti wrote:

> I think I might see the problem.  During the compile step, the 
> "set_empty_password" script resource is, in fact, compiled once for each 
> user. However, because it has the same name attribute each time, you end up 
> over-writing the resource; hence the last user in the list wins.
> 
> You could fix this with something like
> 
> script "set_empty_password_for_#{u[:id]}" do
>  ...
> end
> 
> And putting
> 
> notifies :run, "script[set_empty_password_for_#{u[:id]}]"
> 
> in your user block.
> 
> My solution feels a little hackey, though, so perhaps there's a better way 
> to achieve what you're looking for.  I'm pretty new to this whole thing, 
> 
> -Matt Moretti
> 
> On Tue, Dec 27, 2011 at 8:03 AM, Steffen Gebert 
> <
 >
>  wrote:
> Hi,
> 
> I have some trouble with "notifies".. hope it's easy to explain to a 
> chef-starter :)
> 
> I've modified the "users" cookbook [1] to set an empty password and 
> (usermod -p "") and forcing password change on next login (chage -d 0).
> 
> Therefore I've extended the cookbook inside the
>> search(:users, 'groups:sysadmin') do |u|
> 
> loop with the following block:
> 
>>  script "set_empty_password" do
>>    interpreter "bash"
>>    user "root"
>>    action :nothing
>> 
>>    code <<-EOH
>>    echo Running for #{u[:id]}
>>    # set empty password
>>    usermod -p "" #{u[:id]}
>>    # force password change on next login
>>    chage -d 0 #{u[:id]}
>>    EOH
>>  end
> 
> 
> To notify it upon user creation, I've added
>> notifies :run, "script[set_empty_password]", :immediately
> 
> to the following block:
> 
>>  user u['id'] do
>>    uid u['uid']
>>    gid u['gid']
>>    shell u['shell']
>>    comment u['comment']
>>    supports :manage_home => true
>>    home home_dir
>>    notifies :run, "script[set_empty_password]", :immediately
>>    notifies :create, "ruby_block[reset group list]", :immediately
>>  end
> 
> 
> My problem, however, is that in the bash script, #{u[:id]} is always the 
> user name of the user returned as *last* from search (so for every user it 
> always modifies the same one). set_empty_password is executed, but with 
> wrong data..
> 
> I've uploaded the complete file here:
> https://gist.github.com/1523594
> 
> Can you tell me the reason for this?
> 
> Thanks a lot for your help!
> 
> Steffen