Databag password issues

#1

Hi Experts:

Iam writing in the provide to create a method which can be used in the recipe ,(which i have shown in below)
But this gives me error pw NoMethodError: undefined method `pw'
provides :cms_mysql_password, platform_family: 'rhel'
action :create do

pw = ''
data_bag('secrets').each do |item|
db = data_bag_item('secrets', item)
db['users'].each_pair do |_k, v|
pw = v['password'] if v['id'] == 'root'
end
end
end
action :create do
script 'set database password' do
interpreter 'bash'
user 'root'
cwd '/tmp'
code <<-EOH
root_temp_pass=$(grep 'A temporary password' /mysql/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
mysql -uroot -p"$root_temp_pass" --connect-expired-password -Be "ALTER USER 'root'@'localhost' IDENTIFIED BY '#{pw}';"
EOH
end
Below is my recipe which is working fine.
pw = ''
data_bag('secrets').each do |item|
db = data_bag_item('secrets', item)
db['users'].each_pair do |_k, v|
pw = v['password'] if v['id'] == 'root'
end
end
cms_mysql_password 'create-password' do
action :create

not_if "mysql -u root -p'#{pw}'"
end

0 Likes

#2

In your suite, just add additional entries like this:

run_list:
  - recipe[chef-client::config]
  - recipe[audit::default]
1 Like

#3

So you already have it so...

However your wording (run first mysql::default finishes/completes,then the second recipe mysql::data should start ) is somehow questionable.

All cookbooks/recipes are loaded at once at the beginning of chef-client run.

Then their attributes are processed (executed) in run_list order, then recipes are all 'compiled' (Ruby code in recipes is executed) producing list of resources to be converged. Then, at last that list is converged.

So processing of first cookbook/recipe will never be complete before the rest of them is 'started'.

Regards,
Artur

0 Likes