[chef] Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Chef and LDAP Users

[AJ Christensen < >]

My specific example shows the code being called at Convergence Time
through a Lazy Attribute evaluation (a new Chef11 feature).

Specifically: the attributes to the resource when lazy aren't
evaluated at compile time, they are "finalized" so to speak at
convergence time, when the action actually needs it!

--aj

On Fri, Aug 1, 2014 at 6:15 AM, Douglas Garstang
<
 >
 wrote:
> AJ,
>
> Thanks. Now, what are the practical implications of compile and converge in
> relation to variable scope? How does one 'Run the ShellOut code during
> convergence'? Does it have to be in a library as you've done? Can it be done
> another way? What exactly in a recipe makes something run at compile or
> converge time? How do you tell? How do you pass variables obtained during
> compilation (or is it convergence) back to the other?
>
> Doug
>
>
> On Thu, Jul 31, 2014 at 11:12 AM, AJ Christensen 
> <
 >
>  wrote:
>>
>> http://docs.getchef.com/essentials_nodes_chef_run.html
>>
>> * Compile the resource collection
>>
>> The chef-client identifies each resource in the node object and builds
>> the resource collection. All libraries are loaded (to ensure that all
>> language extensions and Ruby classes are available). And then all
>> attributes are loaded. And then all lightweight resources are loaded.
>> And then all definitions are loaded (to ensure that any
>> pseudo-resources are available). Finally, all recipes are loaded in
>> the order specified by the expanded run-list; each action specified in
>> each recipe is identified before any Ruby code within a recipe is
>> evaluated.
>>
>> * Converge the node
>>
>> The chef-client configures the system based on the information that
>> has been collected. Each resource is executed in the order identified
>> by the run-list, and then by the order in which each resource is
>> listed in each recipe. Each resource in the resource collection is
>> mapped to a provider. The provider examines the node, and then does
>> the steps necessary to complete the action. And then the next resource
>> is processed. Each action configures a specific part of the system.
>> This process is also referred to as convergence.
>>
>> Run the ShellOut code during convergence after the LDAP code has
>> converged (instead of at compile time as your example inaccurately
>> attempts to represent mine)
>>
>> YMMV
>>
>> --aj
>>
>> On Fri, Aug 1, 2014 at 6:10 AM, AJ Christensen 
>> <
 >
>>  wrote:
>> > You ignored all of my examples and ran the code at Shell Out code at
>> > compile time. It will be executed before the other LDAP stuff is
>> > actually converged.
>> >
>> > Don't be such a support vampire bro.
>> >
>> > --AJ
>> >
>> > On Fri, Aug 1, 2014 at 5:59 AM, Douglas Garstang
>> > <
 >
>> >  wrote:
>> >> AJ,
>> >>
>> >> Thanks. I'm really not a ruby guy. It will take me considerable time to
>> >> work
>> >> out your gist. I tried this. I thought the call to Mixlib::ShellOut
>> >> would
>> >> fork a new process and therefore get me the correct result. However,
>> >> cmd.stdout is empty on the first run, and contains the correct getent
>> >> passwd
>> >> reply on the second run, so I assume it's the same issue...
>> >>
>> >> include_recipe "foo-ldap"
>> >>
>> >> bag = data_bag("ssh-keys")
>> >> for item in bag do
>> >>
>> >>     user = data_bag_item('ssh-keys', item)
>> >>     user_name = user['id']
>> >>
>> >>     execute "create_homedir" do
>> >>         command "mkdir /home/#{user_name}"
>> >>         creates "/home/#{user_name}"
>> >>         action :run
>> >>     end
>> >>
>> >>     log "USER_NAME = #{user_name}"
>> >>     cmd = Mixlib::ShellOut.new("getent passwd #{user_name}")
>> >>     cmd.run_command
>> >>     log ">>>>>>>>>>>>>>>>>>>>>>>>>>> NODE_DATA  = #{cmd.stdout}"
>> >>     ent_array = cmd.stdout.split(':')
>> >>     user_id = ent_array[2]
>> >>     group_id = ent_array[3]
>> >>
>> >>     execute "homedir_perms" do
>> >>         command "chown #{user_id}.#{group_id} /home/#{user_name}"
>> >>         action :run
>> >>     end
>> >>
>> >> end
>> >>
>> >>
>> >>
>> >> On Wed, Jul 30, 2014 at 5:25 PM, AJ Christensen 
>> >> <
 >
>> >>  wrote:
>> >>>
>> >>> I meant to link to this too re: Mixlib ShellOut:
>> >>>
>> >>>
>> >>> https://github.com/opscode/chef/blob/master/lib/chef/mixin/shell_out.rb#L29-L39
>> >>>
>> >>> 'git grep shell_out' in the Chef codebase, haha! You'll see all of the
>> >>> places this is used.
>> >>>
>> >>> --aj
>> >>>
>> >>> On Thu, Jul 31, 2014 at 12:22 PM, AJ Christensen 
>> >>> <
 >
>> >>> wrote:
>> >>> > If you 'include Chef::Mixin::ShellOut' in a custom library, you can
>> >>> > use #shell_out! there.
>> >>> >
>> >>> > using the lazy attribute evaluator and the Mixin ShellOut classes'
>> >>> > shell_out!() functionality, something like this outta' work:
>> >>> > https://gist.github.com/fujin/f0b7dd38b558001c5913
>> >>> >
>> >>> > --aj
>> >>> >
>> >>> > On Thu, Jul 31, 2014 at 12:03 PM, Daniel DeLeo 
>> >>> > <
 >
>> >>> > wrote:
>> >>> >> On Wednesday, July 30, 2014 at 5:00 PM, Douglas Garstang wrote:
>> >>> >>> AJ,
>> >>> >>>
>> >>> >>> Thanks. One more question... shelling out in chef and grabbing the
>> >>> >>> output... has never been an easy task... best approach?
>> >>> >>>
>> >>> >>> I was able to do this just now with the execute resource, I guess
>> >>> >>> because that forks a new process too. It would be nice though to
>> >>> >>> call getent
>> >>> >>> in some fashion, and the parse the output, so that I could be sure
>> >>> >>> that the
>> >>> >>> group id I am assigning is the correct one for the user. At the
>> >>> >>> moment it's
>> >>> >>> coming out of a data bag.
>> >>> >>>
>> >>> >>> Also kinda gross.
>> >>> >>>
>> >>> >>> Doug
>> >>> >> Well, it’ll be a little gross, but I think you’ll have to use a
>> >>> >> lazy
>> >>> >> attribute
>> >>> >>
>> >>> >> http://docs.getchef.com/resource_common.html#lazy-attribute-evaluation
>> >>> >>
>> >>> >> In the code block you give to `lazy`, you can use backticks or %x
>> >>> >> to
>> >>> >> run a command that returns the UID.
>> >>> >>
>> >>> >>
>> >>> >> --
>> >>> >> Daniel DeLeo
>> >>> >>
>> >>> >>
>> >>> >>
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Regards,
>> >>
>> >> Douglas Garstang
>> >> http://www.linkedin.com/in/garstang
>> >> Email: 
>> >> 
 
>> >> Cell: +1-805-340-5627
>
>
>
>
> --
> Regards,
>
> Douglas Garstang
> http://www.linkedin.com/in/garstang
> Email: 
> 
 
> Cell: +1-805-340-5627