[chef] Re: Re [2]: In regards to push-job client update with new white-listed commands.


Chronological Thread 
  • From: Mark Anderson < >
  • To:
  • Subject: [chef] Re: Re [2]: In regards to push-job client update with new white-listed commands.
  • Date: Mon, 19 Jan 2015 13:17:00 -0800

Hi Taras 

I think you are encountering multiple problems; please correct me if this doesn't match what you are seeing.

1) The windows client looks for its configuration information in #{ENV['SYSTEMDRIVE']}/chef/client.rb by default; so it will ignore the pushy-client.rb file unless the --config option is used to specify the config file to use.

We made using chef.rb the default so that people could get started easily, but if you are managing your configuration with the push-jobs cookbook you'll want to point the client at push-jobs-client.rb instead. Currently the client only reads one configuration file.

From memory, the config option can be set in windows via the Service Properties 'Arguments' dialog box.

[As a side note, my inclination is that we shouldn't be building default paths off of SYSTEMDRIVE, but should be using the platform_specific_path API instead. Changing this might break people, so I'll have to dig into it a little bit before I make the change. (see https://github.com/opscode/opscode-pushy-client/issues/53 to track progress)]

2) I'm assuming you are using the push-jobs cookbook. The node attributes don't the alter push-client whitelist directly. Instead the push-jobs cookbook renders the node attributes into the push-jobs-client.rb file, which then needs to be loaded by the push client.

It sounds like the push-jobs-client.rb file isn't being updated at all. Is that right?

I'm noticing that the cookbook uses "Chef::Config.platform_specific_path('/etc/chef')" as the path to render (
https://github.com/opscode-cookbooks/push-jobs/blob/master/libraries/helpers.rb#L38). If you aren't seeing changes when that cookbook runs, maybe its putting the file in a different place?

Finally I'll mention that the need to restart the service to update the whitelist is an issue on my short term fixlist (https://github.com/opscode/opscode-pushy-client/issues/52 to track progress)


On Mon, Jan 19, 2015 at 7:42 AM, < " target="_blank"> > wrote:
Hi Cerny, 

Thank you for your reply. 

Yeap. I am aware of it. 

But issue I have met is that the only source which affect white-list is client.rb file.
Not push-jobs-client.rb or node's attributes. 

I just need to add some new commands into whitelist of client.rb and restart service. That is it. 

Node's attributes can be empty. And push-jobs-client.rb can not contain that new command as well. 

Which is confusing me. 

Regards,
Taras.


19 січня 2015, 17:15:30, від "Cerny,Nathan" < " target="_blank"> >:

The push-jobs cookbook writes the pushy-client.rb configuration file when you run chef-client.  It generates the whitelist from the node attributes.





Hi Chefs,
Has someone of you worked with Chef 12 and it's push job module?

I have tested it and it seems very nice and useful facility but I can't figure out hot to manage it in bulk. 
As for adding new push-commands you have to go to client and edit client.rb file with some white-listed commands in JSON format. 

E.G.:
whitelist({"chef-client"=>"chef-client",
"ipconfig"=>"ipconfig /all > c:/ipconfigtest.txt"
})

Even though it's said in Chef's doc page that we just need to add it to node's attributes.

E.G.:
knife exec -E "nodes.transform(name:'*node_name*') {|n| n.set['push_jobs']['whitelist']['ipconfig2'] = 'ipconfig /all > c:/ipconfigtest2.txt'; end}"

But in fact we should add it to client.rb, pushy-client.rb and restart pushy-client service on windows box. 
Yeap. I am w orking with windows platform. 
And even if I don't add these attributes to node's attributes but add to client.rb and pushy-client.rb everything works with no issues at all...

So I am a bit confused why we need these white-list commands to be added to nodes attributes at all.
Thank you in advance for your replies and advises. 

Regards,
Taras.
CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.



--

Mark Anderson - Community Engineering

mark " target="_blank" style="color:rgb(105,117,130)">@chef.io




Archive powered by MHonArc 2.6.16.

§