Change cassandra password through chef


#1

Hi all, I have a requirement where I want to change password in cassandra using chef, for that I am maintaining old and new cassandra passwords in databag and using them in recipe. In my recipe I am creating a file to store old password and then checking If the old password file exits I will trigger some password change action on cassandra.

I have a data_bag with old_cassandra_password and new_cassandra_password as below

    cassandra{
        old_password : cassandra
        new_password : newpasswd
   }

and my recipe has below content:

pwd_state_file = "some_dir/.pwd_state"
prev_password = nil

ruby_block "read_previous_password" do
block do
  prev_password = File.exists?(pwd_state_file) ? File.read(pwd_state_file) : node.run_state['cassandra_old_password']
end
action :nothing
end

file pwd_state_file do
  content node.run_state['cassandra_new_password']
  notifies :run, 'ruby_block[read_previous_password]', :before
  notifies :run, 'custome_block[change_cassandra_password]', :immediately
  action :create
end

The problem here is that the .pwd_state is empty since the local variable prev_password is not updated by ruby block,
also I have requirement the I can change password multiple time, can someone please me out with updating the prev_password during runtime or some advice on best practise or approaches for how to handle passwords in this kind of scenerio .