[chef] Re: Re: Re: Re: Re: How to override node attribute with lazy value?


Chronological Thread 
  • From: Greg Barker < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Re: How to override node attribute with lazy value?
  • Date: Fri, 3 Oct 2014 15:05:03 -0700

Thanks for the additional responses. Unfortunately I still wasn't able to get it working.

I put the following in my attributes/default.rb:

default["chef-server"]["configuration"]["nginx"]["ssl_certificate"] = "/etc/pki/tls/certs/%{fqdn}.pem"
default["chef-server"]["configuration"]["nginx"]["ssl_certificate_key"] = "/etc/pki/tls/private/%{fqdn}.key"

Then in my recipe I have:

node["chef-server"]["configuration"]["nginx"]["ssl_certificate"] % { fqdn: node[:fqdn] }
node["chef-server"]["configuration"]["nginx"]["ssl_certificate_key"] % { fqdn: node[:fqdn] }

include_recipe "chef-server::default"

This resulted in a /var/opt/chef-server/nginx/etc/chef_https_lb.conf with:

ssl_certificate /etc/pki/tls/certs/%{fqdn}.pem;
ssl_certificate_key /etc/pki/tls/private/%{fqdn}.key;

Which of course nginx did not like:

2014-10-03_21:59:37.09937 nginx: [emerg] directive "ssl_certificate" is not terminated by ";"

I also tried setting those attributes in my role instead of the attributes/default.rb file:

"configuration": {
  "nginx": {
    "ssl_certificate": "/etc/pki/tls/certs/%{fqdn}.pem",
    "ssl_certificate_key": "/etc/pki/tls/private/%{fqdn}.key"
   }
 }

This resulted in the same error.

Lamont - I'm not sure I understand your response. Does that actually set the node["chef-server"]["configuration"]["nginx"][ "ssl_certificate"] attribute that the chef-server cookbook is expecting? Or is that how the chef-server cookbook should have been written?

Thanks,
Greg

On Fri, Oct 3, 2014 at 8:02 AM, Lamont Granquist < " target="_blank"> > wrote:

Just move that into a computation in recipe code that is stored in a variable and not in a node attribute:

in default.rb:

ssl_certificate = node["chef-server"]["configuration"]["nginx"][ "ssl_certificate"] ||=
  "/etc/pki/tls/certs/%{node["fqdn"]}.pem"

then don't set that attribute in the attribute file, leave it only as a hook for someone to override the computation with.

See https://github.com/lamont-granquist/erlang_one for an example cookbook I wrote last night, with tests showing that you can wrap the cookbook the way that people want to.  Works without computed attributes directly in the attributes file, it exposes the kind of behavior so that what the recipe does is computed from the input attributes.  Since it uses a ruby variable instead of setting node attributes in recipe code there's no attribute precedence issues.

On Fri Oct 3 07:21:32 2014, Christine Draper wrote:

Greg,

Using Noah's approach, you'd have something like this in your
attribute file, to establish the pattern for the derived attribute:

node["chef-server"]["configuration"]["nginx"][ "ssl_certificate"] =
"/etc/pki/tls/certs/%{fqdn}.pem" }

And then this in your recipe where actually wanted to realize the value:

node["chef-server"]["configuration"]["nginx"][ "ssl_certificate"] % {
fqdn : node[:fqdn] }

Hope this helps.
Christine



"/etc/pki/tls/certs/#{node[:fqdn]}.pem" }


On Thu, Oct 2, 2014 at 11:18 AM, Greg Barker < " target="_blank">
<mailto: " target="_blank"> >> wrote:

Thanks Noah. I tried it out but I don't think I'm doing it right.

node["chef-server"]["configuration"]["nginx"] % { ssl_certificate:
"/etc/pki/tls/certs/#{node[:fqdn]}.pem" }

This resulted in:

NoMethodError - undefined method `%' for nil:NilClass

So before that line I added:

node.default["chef-server"]["configuration"]["nginx"] = {}

But now I get the error:

NoMethodError - Undefined node attribute or method `%' on `node'

Any ideas?

On Thu, Oct 2, 2014 at 7:55 AM, Noah Kantrowitz
< " target="_blank"> <mailto: " target="_blank"> >> wrote:


On Oct 2, 2014, at 3:13 AM, Greg Barker < " target="_blank">
<mailto: " target="_blank"> >> wrote:

> The chef-server readme shows how to override nginx
attributes. However, it doesn't seem to work like I want it to
when I do:
>
>
node.override["chef-server"]["configuration"]["nginx"]["ssl_certificate"]
= "/etc/pki/tls/certs/#{node[:fqdn]}.pem"
>
> node[:fqdn] is being updated during my chef run using the
hostname cookbook, and so using the above results in an error
because chef-server ends up looking for
/etc/pki/tls/certs/localhost.pem (the old hostname), when it
should instead be using
/etc/pki/tls/certs/mynode.mycompany.com.pem.
>
> So I think I want something like the following, but this
doesn't work. What's the right way to do it?
>
>
node.override["chef-server"]["configuration"]["nginx"]["ssl_certificate"]
= lazy { "/etc/pki/tls/certs/#{node[:fqdn]}.pem" }

lazy{} is a feature of resources, not of node attributes. See
https://coderanger.net/derived-attributes/ for more
information about how to handle delayed interpolation in node
attributes.

--Noah









Archive powered by MHonArc 2.6.16.

§