[chef] Re [2]: Re [6]: Re [2]: In regards to push-job client update with new white-listed commands.

Thanks Mark, 

It seems to be working now. 

push-jobs-client.rb is being created where it needs to be.

After modifying template as you advised and helper.rb.

But when I try to modify config file for windows_service to be push-jobs-client.rb as follow:

class PushyClient

  class WindowsService < ::Win32::Daemon

    include Mixlib::CLI

    option :config_file,

      :short => "-c CONFIG",

      :long => "--config CONFIG",

      :default => "#{ENV['SYSTEMDRIVE']}/chef/push-jobs-client.rb",

      :description => "" 

I can't start service it fails with 1053 error at starttup...

Which means that this config is not appropriate...

Here how push-jobs-client.rb looks like:

# Generated by Chef for na2-isec-js1.austx.zilliant.com

#

# Local modifications will be overwritten!

Chef::Config.from_file(PathHelper.join(Chef::Config.platform_specific_path('/etc/chef/'),"client.rb"))

# The whitelist comes from node['push_jobs']['whitelist']

whitelist({"chef-client"=>"chef-client", "ipconfig3"=>"ipconfig /all > c:/ipconfigtest3.txt", "ipconfig4"=>"ipconfig /all > c:/ipconfigtest4.txt", "ipconfig5"=>"ipconfig /all > c:/ipconfigtest5.txt"})

# We're under runit, so don't output timestamp

Mixlib::Log::Formatter.show_time = false

Thank you in advance for helping in this. 

Regards,

Taras.

21 січня 2015, 11:17:49, від Mark Anderson < " target="_self"> >:

Sorry you've been having so much trouble.

First of all I think the problem you hit with Chef::Config.platform_specific_path('c:/chef/')

in the self.config_dir function is because the platform_specific_path  function only rewrites things of the formc:/XXXX/chef and not  c:/chef (see 'lib/chef/config.rb', line 66). You might try Chef::Config.platform_specific_path('/etc/chef/'); I think that might get the include working.

For your point 1) above probably  https://github.com/opscode-cookbooks/push-jobs/blob/master/templates/default/push-jobs-client.rb.erb#L5 should be changed to   Chef::Config.from_file(PathHelper.join( Chef::Config. platform_ specific_path('/etc/chef/'), "client.rb")) or the like. 

I'm going to try that as soon as I get my windows test environment running again. It's https://github.com/opscode-cookbooks/push-jobs/pull/16 for the moment.

For 2) I'm not sure what's broken in config.rb; could you explain further?

For 3) I think the change to  windows service for pushy-client use pushy-jobs-client.rb should work if the pushy-jobs-client.rb contains the correct path for the chef.rb file. 

One of my goals for the near future is to improve the push system on windows platforms; hopefully we'll be able to smooth out the experience soon. 

On Wed, Jan 21, 2015 at 12:53 AM, Mark Anderson < " target="_blank"> > wrote:

Sorry you've been having so much trouble

First of all I think the problem you hit with Chef::Config.platform_specific_path('c:/chef/')

in the self.config_dir function is because the platform_specific_path  function only rewrites things of the form c:/XXXX/chef and not  c:/chef (see 'lib/chef/config.rb', line 66). You might try Chef::Config.platform_specific_path('/etc/chef/')

I agree that the cookbook could use some improvements for windows; for your point 1) above probably https://github.com/opscode-cookbooks/push-jobs/blob/master/templates/default/push-jobs-client.rb.erb#L5 should read Chef::Config.from_file(Chef::Config.platform_specific_path('/etc/chef/'))

I'm going to try that as soon as I get my windows test environment running again.

For 2) I'm not sure yet what the right solution is yet. Let me think about it.

For 3) I think the change to windows service for pushy-client use pushy-jobs-client.rb should work if the pushy-jobs-client.rb contains the correct path for the chef.rb file. 

On Tue, Jan 20, 2015 at 4:26 AM, < " target="_blank"> > wrote:

Hi Chefs,

From helpers.rb:

  def self.config_dir

    Chef::Config.platform_specific_path('c:/chef/')

  end

Here pushy-jobs-client.rb should go to c:\chef\...

But instead it goes to c:\pushy-jobs-client.rb

What is the syntax for defining appropriate path? Or it's just a bug?

The same in regards to template for building that file:

# Generated by Chef for <%= node['fqdn'] %>

#

# Local modifications will be overwritten!

Chef::Config.from_file("/etc/chef/client.rb")

What syntax for pointing it to c:\chef\client.rb ?

So it seems like full issue solution is as follow:

1) fix template from cookbook to use windows path convention.

2) fix config.rb from cookbook with the same issue.

3) point windows_service.rb from ...\pushy-client\ folder on client side to use not default chef config client.rb but pushy-jobs-client.rb

I just can't get how to change paths to appropriate for windows. It seems like it's not being parsed with presuming that this is windows platform.

It just creates on C:-drive and that is it...

Here is part form chef-client run:

Recipe: push-jobs::config

  * directory[C:\] action create[2015-01-20T12:16:52+00:00] INFO: Processing directory[C: \] action create (push-jobs::config line 25)

 (up to date)

  * template[C:\push-jobs-client.rb] action create[2015-01-20T12:16:52+00:00] INFO: Processing template[C:\push-jobs-client.rb] action create (push-jobs::config line 33)

[2015-01-20T12:16:52+00:00] INFO: template[C:\push-jobs-client.rb] created file C:\push-jobs-client.rb

It just ignores "c:\chef\" from helpers.rb...

 - create new file C:\push-jobs-client.rb[2015-01-20T12:16:52+00:00] INFO: template[C:\push-jobs-client.rb] updated file contents C:\push-jobs-client.rb

Thank you all in advance.

I am really struggling with this issue...

Regards,

Taras.

20 січня 2015, 13:38:44, від " target="_blank"> :

And I think last issue with it is that link to chef-client config from pushy-jobs-client.rb is as follow:

Chef::Config.from_file("/etc/chef/client.rb")

Which is not correct path format for windows platform....

20 січня 2015, 11:55:58, від " target="_blank"> :

So here is the main issue. 

Even if we change path for config file for pushy-client service to be "#{ENV['SYSTEMDRIVE']}/chef" it doesn't work.

In helpers.rb from push-jobs cookbook.

As in this case pushy-client will start updating pushy-jobs-client.rb with whitelisted commands from nodes attributes. 

But it still doesn't care about it. It still looks into client.rb for all configs.

If we restart windows service for pushy-client with "-c .../pushy-jobs-client.rb" it will fail. As in this case, this file does't have all needed configs. Only whitelisted commands. 

So I am again with manual edit of client.rb and that is it. As everything configured to use client.rb only. :(

Any other thoughts or ideas?

20 січня 2015, 11:00:34, від " target="_blank"> :

Hi Mark,

I have just tested and it doesn't seem that file pushy-client-job.rb is being updated. 

As there is no /etc/... in windows:

  def self.config_dir

    Chef::Config.platform_specific_path('/etc/chef')

  end

Should I just change it within helpers.rb in push-jobs cookbook?

Or it's defined somewhere else?

Thanks. 

Taras.

--- Оригінальне повідомлення ---
Від кого: " target="_blank">
Дата: 20 січня 2015, 10:24:27

Thank you Mark so mach for such a deep explanations. 

I will try it today and let you know. 

It seems to me that method explained by you should help me in automation process. 

I think push-job-client.rb is indeed being updated. 

I noticed few times that after adding some new command into it, after service restart it return to initial state with chef-client whitelisted only. 

Due to the fact that node doesn't have any attributes with whitelisted commands. 

By the way, after adding attributes into node properties and restarting pushy-client I can remove push-job from node's run-list? 

Or it should reside there for appropriate pushy-client work etc?

Thank you in advance for your replies and help.

Regards,

Taras.

19 січня 2015, 23:17:41, від Mark Anderson < " target="_blank"> >:

Hi Taras 

I think you are encountering multiple problems; please correct me if this doesn't match what you are seeing.

1) The windows client looks for its configuration information in #{ENV['SYSTEMDRIVE']}/chef/client.rb by default; so it will ignore the pushy-client.rb file unless the --config option is used to specify the config file to use.

(https://github.com/opscode/opscode-pushy-client/blob/master/lib/pushy_client/windows_service.rb#L35)

We made using chef.rb the default so that people could get started easily, but if you are managing your configuration with the push-jobs cookbook you'll want to point the client at push-jobs-client.rb instead. Currently the client only reads one configuration file.

From memory, the config option can be set in windows via the Service Properties 'Arguments' dialog box.

[As a side note, my inclination is that we shouldn't be building default paths off of SYSTEMDRIVE, but should be using the platform_specific_path API instead. Changing this might break people, so I'll have to dig into it a little bit before I make the change. (see https://github.com/opscode/opscode-pushy-client/issues/53 to track progress)]

2) I'm assuming you are using the push-jobs cookbook. The node attributes don't the alter push-client whitelist directly. Instead the push-jobs cookbook renders the node attributes into the push-jobs-client.rb file, which then needs to be loaded by the push client.

It sounds like the push-jobs-client.rb file isn't being updated at all. Is that right?

I'm noticing that the cookbook uses "Chef::Config.platform_specific_path('/etc/chef')" as the path to render (

https://github.com/opscode-cookbooks/push-jobs/blob/master/libraries/helpers.rb#L38). If you aren't seeing changes when that cookbook runs, maybe its putting the file in a different place?

Finally I'll mention that the need to restart the service to update the whitelist is an issue on my short term fixlist (https://github.com/opscode/opscode-pushy-client/issues/52 to track progress)

On Mon, Jan 19, 2015 at 7:42 AM, < " target="_blank"> > wrote:

Hi Cerny, 

Thank you for your reply. 

Yeap. I am aware of it. 

But issue I have met is that the only source which affect white-list is client.rb file.

Not push-jobs-client.rb or node's attributes. 

I just need to add some new commands into whitelist of client.rb and restart service. That is it. 

Node's attributes can be empty. And push-jobs-client.rb can not contain that new command as well. 

Which is confusing me. 

Regards,

Taras.

19 січня 2015, 17:15:30, від "Cerny,Nathan" < " target="_blank"> >:

The push-jobs cookbook writes the pushy-client.rb configuration file when you run chef-client.  It generates the whitelist from the node attributes.

From: " " target="_blank"> " < " target="_blank"> >
Reply-To: " " target="_blank"> " < " target="_blank"> >
Date: Monday, January 19, 2015 at 4:21 AM
To: " " target="_blank"> " < " target="_blank"> >
Subject: [chef] In regards to push-job client update with new white-listed commands.

Hi Chefs,

Has someone of you worked with Chef 12 and it's push job module?

I have tested it and it seems very nice and useful facility but I can't figure out hot to manage it in bulk. 

As for adding new push-commands you have to go to client and edit client.rb file with some white-listed commands in JSON format. 

E.G.:

whitelist({"chef-client"=>"chef-client",

"ipconfig"=>"ipconfig /all > c:/ipconfigtest.txt"

})

Even though it's said in Chef's doc page that we just need to add it to node's attributes.

E.G.:

knife exec -E "nodes.transform(name:'*node_name*') {|n| n.set['push_jobs']['whitelist']['ipconfig2'] = 'ipconfig /all > c:/ipconfigtest2.txt'; end}"

But in fact we should add it to client.rb, pushy-client.rb and restart pushy-client service on windows box. 

Yeap. I am w orking with windows platform. 

And even if I don't add these attributes to node's attributes but add to client.rb and pushy-client.rb everything works with no issues at all...

So I am a bit confused why we need these white-list commands to be added to nodes attributes at all.

Thank you in advance for your replies and advises. 

Regards,

Taras.

CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.

--

Mark Anderson - Community Engineering

mark " style="color:rgb(105,117,130);" target="_blank">@chef.io

--

Mark Anderson - Engineering

206.769.7812 – mark " style="color:rgb(105,117,130);" target="_blank">@getchef.com 

CHEF GETCHEF.COM

TM

getchef.com   Blog   Facebook   Twitter   Youtube