[chef] Re: Re: Re: Overriding node attributes

[Yonah Russ < >]

Ok- no go on either suggestion.

Using .default had no effect and the second idea resulted in:

FATAL: NoMethodError: Undefined node attribute or method `push' on `node'

Any other ideas?

Yonah

On Mon, Feb 18, 2013 at 6:37 AM, Yonah Russ < " target="_blank"> > wrote:

Ok, I'll try that too.
Thanks
Yonah

On Feb 17, 2013 11:37 PM, "Jesse Campbell" < " target="_blank"> > wrote:

could try this also perhaps:

node.set['ipf_rules'][i]['src_nets'].delete(src_net)

node.set['ipf_rules'][i]['src_nets'].push network_data['network']+'/'+network_data['cidr'].to_s

On Sun, Feb 17, 2013 at 4:29 PM, Jesse Campbell < " target="_blank"> > wrote:

which chef version?

try node.default instead of node.set or node.override?

i think there is more to it but thats' what came to mind first.

On Sun, Feb 17, 2013 at 11:45 AM, Yonah Russ < " target="_blank"> > wrote:

Hi,

Intro- I'm using chef-solo version 11.2.0 on SmartOS and I'm trying to use chef to setup ipfilter firewall rules.

I've created some simple data bags to store the various hosts and network blocks so I can easily update them for example:

circonus_san_antonio: 
  cidr:     32
  comment:  Circonus San Antonio Broker
  id:       circonus_san_antonio
  network:  67.207.202.135

Then I've set some default node attributes in my default recipe like this:

node.set['ipf_rules']=[
  {
    "dest_net"   =>  node[:ipaddress],
    "dest_port"  =>  "port=22",
    "src_nets"  =>  [ "office_a_lan", "office_b_lan"],
    "state"     =>  ""
  }
]

The idea is for recipes to add rules to node['ipf_rules'] and process them all in the ipfilter recipe which would run last.

In that recipe I planned to translate all the 'named' networks using the data bags with logic like this:

# Load the data bag
db_networks = data_bag('db-networks')

#for each rule
node['ipf_rules'].each_with_index do |rule, i|
    # if there is a translation in the data bag for the destination network
    if db_networks.include?(rule['dest_net'])
      # get the translation for the destination network
      network_data = data_bag_item('db-networks', rule['dest_net'])
      # replace the named network with it's value
      node.set['ipf_rules'][i]['dest_net']=network_data['network']+'/'+network_data['cidr'].to_s
    end
    # for each src network in the rule
    rule['src_nets'].each_with_index do |src_net, j|
      # if there is a translation for the source network
      if db_networks.include?(src_net)
        # get the translation for the source network
        network_data = data_bag_item('db-networks', src_net)
        # replace the named network with it's value
        node.set['ipf_rules'][i]['src_nets'][j]=network_data['network']+'/'+network_data['cidr'].to_s
      end
    end
end

Then I use a template to create the actual configuration file.

My problem is with these lines:
node.set['ipf_rules'][i]['src_nets'][j]=network_data['network']+'/'+network_data['cidr'].to_s

If I use node.set, the values aren't modified.
If I use node.override, the whole structure is replaced instead of just the elements I tried to modify

For example, this:
[ {"dest_net"=>"1.2.3.4", "dest_port"=>"port=22", "src_nets"=>["office_a_lan", "office_b_lan"], "state"=>""}]
becomes this:
{0=>{"src_nets"=>{0=>"2.3.4.5/32", 1=>"3.4.5.6/32"}}}

What am I doing wrong? How can I fix it?
Thanks
Yonah