[chef] Re [5]: Re [2]: In regards to push-job client update with new white-listed commands.


Chronological Thread 
  • From:
  • To:
  • Subject: [chef] Re [5]: Re [2]: In regards to push-job client update with new white-listed commands.
  • Date: Tue, 20 Jan 2015 13:38:06 +0200

And I think last issue with it is that link to chef-client config from pushy-jobs-client.rb is as follow:
Chef::Config.from_file("/etc/chef/client.rb")
Which is not correct path format for windows platform....


So here is the main issue. 

Even if we change path for config file for pushy-client service to be "#{ENV['SYSTEMDRIVE']}/chef" it doesn't work.
In helpers.rb from push-jobs cookbook.

As in this case pushy-client will start updating pushy-jobs-client.rb with whitelisted commands from nodes attributes. 
But it still doesn't care about it. It still looks into client.rb for all configs.
If we restart windows service for pushy-client with "-c .../pushy-jobs-client.rb" it will fail. As in this case, this file does't have all needed configs. Only whitelisted commands. 

So I am again with manual edit of client.rb and that is it. As everything configured to use client.rb only. :(

Any other thoughts or ideas?


Hi Mark,

I have just tested and it doesn't seem that file pushy-client-job.rb is being updated. 

As there is no /etc/... in windows:

  def self.config_dir
    Chef::Config.platform_specific_path('/etc/chef')
  end

Should I just change it within helpers.rb in push-jobs cookbook?

Or it's defined somewhere else?

Thanks. 
Taras.

--- Оригінальне повідомлення ---
Від кого: " target="_blank">
Дата: 20 січня 2015, 10:24:27

Thank you Mark so mach for such a deep explanations. 

I will try it today and let you know. 
It seems to me that method explained by you should help me in automation process. 
I think push-job-client.rb is indeed being updated. 
I noticed few times that after adding some new command into it, after service restart it return to initial state with chef-client whitelisted only. 
Due to the fact that node doesn't have any attributes with whitelisted commands. 

By the way, after adding attributes into node properties and restarting pushy-client I can remove push-job from node's run-list? 
Or it should reside there for appropriate pushy-client work etc?

Thank you in advance for your replies and help.

Regards,
Taras.

19 січня 2015, 23:17:41, від Mark Anderson < " target="_blank"> >:

Hi Taras 

I think you are encountering multiple problems; please correct me if this doesn't match what you are seeing.

1) The windows client looks for its configuration information in #{ENV['SYSTEMDRIVE']}/chef/client.rb by default; so it will ignore the pushy-client.rb file unless the --config option is used to specify the config file to use.

We made using chef.rb the default so that people could get started easily, but if you are managing your configuration with the push-jobs cookbook you'll want to point the client at push-jobs-client.rb instead. Currently the client only reads one configuration file.

From memory, the config option can be set in windows via the Service Properties 'Arguments' dialog box.

[As a side note, my inclination is that we shouldn't be building default paths off of SYSTEMDRIVE, but should be using the platform_specific_path API instead. Changing this might break people, so I'll have to dig into it a little bit before I make the change. (see https://github.com/opscode/opscode-pushy-client/issues/53 to track progress)]

2) I'm assuming you are using the push-jobs cookbook. The node attributes don't the alter push-client whitelist directly. Instead the push-jobs cookbook renders the node attributes into the push-jobs-client.rb file, which then needs to be loaded by the push client.

It sounds like the push-jobs-client.rb file isn't being updated at all. Is that right?

I'm noticing that the cookbook uses "Chef::Config.platform_specific_path('/etc/chef')" as the path to render (
https://github.com/opscode-cookbooks/push-jobs/blob/master/libraries/helpers.rb#L38). If you aren't seeing changes when that cookbook runs, maybe its putting the file in a different place?

Finally I'll mention that the need to restart the service to update the whitelist is an issue on my short term fixlist (https://github.com/opscode/opscode-pushy-client/issues/52 to track progress)


On Mon, Jan 19, 2015 at 7:42 AM, < " target="_blank"> > wrote:
Hi Cerny, 

Thank you for your reply. 

Yeap. I am aware of it. 

But issue I have met is that the only source which affect white-list is client.rb file.
Not push-jobs-client.rb or node's attributes. 

I just need to add some new commands into whitelist of client.rb and restart service. That is it. 

Node's attributes can be empty. And push-jobs-client.rb can not contain that new command as well. 

Which is confusing me. 

Regards,
Taras.


19 січня 2015, 17:15:30, від "Cerny,Nathan" < " target="_blank"> >:

The push-jobs cookbook writes the pushy-client.rb configuration file when you run chef-client.  It generates the whitelist from the node attributes.





Hi Chefs,
Has someone of you worked with Chef 12 and it's push job module?

I have tested it and it seems very nice and useful facility but I can't figure out hot to manage it in bulk. 
As for adding new push-commands you have to go to client and edit client.rb file with some white-listed commands in JSON format. 

E.G.:
whitelist({"chef-client"=>"chef-client",
"ipconfig"=>"ipconfig /all > c:/ipconfigtest.txt"
})

Even though it's said in Chef's doc page that we just need to add it to node's attributes.

E.G.:
knife exec -E "nodes.transform(name:'*node_name*') {|n| n.set['push_jobs']['whitelist']['ipconfig2'] = 'ipconfig /all > c:/ipconfigtest2.txt'; end}"

But in fact we should add it to client.rb, pushy-client.rb and restart pushy-client service on windows box. 
Yeap. I am w orking with windows platform. 
And even if I don't add these attributes to node's attributes but add to client.rb and pushy-client.rb everything works with no issues at all...

So I am a bit confused why we need these white-list commands to be added to nodes attributes at all.
Thank you in advance for your replies and advises. 

Regards,
Taras.
CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.



--

Mark Anderson - Community Engineering

mark " target="_blank" style="color:rgb(105,117,130);">@chef.io




Archive powered by MHonArc 2.6.16.

§