[chef] Recipe attributes for previous resources

[Yoshi Spendiff < >]

Hi,

I'm using the sshd cookbook to configure the ssh server on hosts. I include this recipe with a set of attributes in an attribute file to configure my sshd config file. One of which is this:

default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'

I then have the following in one of the recipes in my base cookbook which gets applied to all nodes:

include_recipe 'sshd'

I have another recipe that creates a user on a machine and configures it. Only for machines where this user exists I want to enable password authentication for SSH, so this user works for the purpose it's designed for. In the recipe I set the following:

node.set['sshd']['sshd_config']['PasswordAuthentication'] = 'yes'
include_recipe 'sshd'

Everything works well if I run the user create recipe before the base recipe as the attribute gets changed before the sshd recipe is run. If I run the user creation recipe after the base then password authentication is disabled as the sshd recipe has already been included and run before the attribute change.

My question is what is the best way to handle this situation? Is there some way to notify the template of an attribute change in the recipe or do I have to redefine the sshd config template resource?

Otherwise do I just have to deal with having a recipe where the order in the run list is important within a cookbook (and not be able to handle this with include_recipe for a dependency, as the user recipe isn't run on every node).

--

Yoshi Spendiff

Ops Engineer

Indochino

Mobile: +1 778 952 2025

Email: " target="_blank">