How to suppress notifications in LWRP

Fabry_Zio · April 23, 2013, 8:43am

Hi all,

I’m developing a custom LWRP to install a sort of application server, but I’ve the following problem…

In my actions I’ve to call some “bash” and “ruby_block” resources in order to make some elaborations on configuration files (like keystores and patches) that I cannot do with the “template” resource.

Not always these elaborations bring to a real change in the server configuration, so not always my LWRP has to notify a resource change (for example to cause a server restart).

But, as for I can understand, if a “bash” or “ruby_block” resource is put in the converge_actions list for my LWRP, it will cause a change notification in my resource even if I never set: @new_resource.updated_by_last_action(true)

Currently I’m calling the use_inline_resources method at the beginning of my LWRP.

Is there a way to control this change notification?
Or may I override the set_updated_status method in my LWRP ?

Thank you a lot
Regards

coderanger · April 23, 2013, 8:50am

Use not_if/only_if to make their activation idempotent.

--Noah

On Apr 23, 2013, at 1:43 AM, Fabry Zio wrote:

Hi all,

I'm developing a custom LWRP to install a sort of application server, but I've the following problem...

In my actions I've to call some "bash" and "ruby_block" resources in order to make some elaborations on configuration files (like keystores and patches) that I cannot do with the "template" resource.
Not always these elaborations bring to a real change in the server configuration, so not always my LWRP has to notify a resource change (for example to cause a server restart).
But, as for I can understand, if a "bash" or "ruby_block" resource is put in the converge_actions list for my LWRP, it will cause a change notification in my resource even if I never set: @new_resource.updated_by_last_action(true)

Currently I'm calling the use_inline_resources method at the beginning of my LWRP.

Is there a way to control this change notification?
Or may I override the set_updated_status method in my LWRP ?

Thank you a lot
Regards

Fabry_Zio · April 23, 2013, 9:50am

Hi Noah,
thank you for answer.

My problem is that, in the case of keystore update, I have to create a copy of the keystore, add or substitute required certs (only possible through bash commands) and then compare the modified keystore with the original in order to understand if I really added new certificates. Only in that case I will replace the original one. So I think I have to execute "bash" resources anyway.

One other possible case is the following... In a recipe I define my LWRP like this:

wso2platform_greg wso_progr do

...

private_key wso_key
public_cert wso_cert
cacerts wso_cacerts
action :install
notifies :initialize, "wso2platform_greg[#{wso_progr}]", :delayed

end

In this case, if :install action changes the configuration of my resource I have to re-initialize the server.
The :initialize action only restarts the server with some particular command line parameters, but I've to make this operation through a "bash" resource.

This seems to start an infinite loop as the "bash" resource cause my resource to be marked as changed and this starts notification again.
I would like the "bash" resource to cause a notification only when it really modify my wso2platform_greg resource, if possible.

Thank you

Da: Noah Kantrowitz noah@coderanger.net
A: Fabry Zio zziofabry@yahoo.it
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 10:50
Oggetto: [chef] Re: How to suppress notifications in LWRP

Use not_if/only_if to make their activation idempotent.

--Noah

On Apr 23, 2013, at 1:43 AM, Fabry Zio wrote:

Hi all,

I'm developing a custom LWRP to install a sort of application server, but I've the following problem...

In my actions I've to call some "bash" and "ruby_block" resources in order to make some elaborations on configuration files (like keystores and patches) that I cannot do with the "template" resource.
Not always these elaborations bring to a real change in the server configuration, so not always my LWRP has to notify a resource change (for example to cause a server restart).
But, as for I can understand, if a "bash" or "ruby_block" resource is put in the converge_actions list for my LWRP, it will cause a change notification in my resource even if I never set: @new_resource.updated_by_last_action(true)

Currently I'm calling the use_inline_resources method at the beginning of my LWRP.

Is there a way to control this change notification?
Or may I override the set_updated_status method in my LWRP ?

Thank you a lot
Regards

John_E_Vincent_lusis · April 23, 2013, 1:00pm

If this is a java keystore, you can use some variant of this, yes?

gist.github.com

https://gist.github.com/lusis/2203083

keytool.rb

keystore = "/etc/java-6-sun/security/cacerts"
keystore_pass = "foobar"

# you'll need foo.cert et. al. in files/default
certs = %w{foo bar bang}

certs.each do |cert|
  cookbook_file "#{Chef::Config[:file_cache_path]}/#{cert}.cert" do
    source "#{cert}.cert"
  end

This file has been truncated. show original

I think someone even converted it to a proper LWRP at some point?

On Tue, Apr 23, 2013 at 5:50 AM, Fabry Zio zziofabry@yahoo.it wrote:

Hi Noah,
thank you for answer.

My problem is that, in the case of keystore update, I have to create a
copy of the keystore, add or substitute required certs (only possible
through bash commands) and then compare the modified keystore with the
original in order to understand if I really added new certificates. Only in
that case I will replace the original one. So I think I have to execute
"bash" resources anyway.

One other possible case is the following... In a recipe I define my LWRP
like this:

wso2platform_greg wso_progr do
...
private_key wso_key
public_cert wso_cert
cacerts wso_cacerts
action :install
notifies :initialize, "wso2platform_greg[#{wso_progr}]", :delayed
end

In this case, if :install action changes the configuration of my resource
I have to re-initialize the server.
The :initialize action only restarts the server with some particular
command line parameters, but I've to make this operation through a "bash"
resource.

This seems to start an infinite loop as the "bash" resource cause my
resource to be marked as changed and this starts notification again.
I would like the "bash" resource to cause a notification only when it
really modify my wso2platform_greg resource, if possible.

Thank you

Da: Noah Kantrowitz noah@coderanger.net
A: Fabry Zio zziofabry@yahoo.it
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 10:50
Oggetto: [chef] Re: How to suppress notifications in LWRP

Use not_if/only_if to make their activation idempotent.

--Noah

On Apr 23, 2013, at 1:43 AM, Fabry Zio wrote:

Hi all,

I'm developing a custom LWRP to install a sort of application server,
but I've the following problem...

In my actions I've to call some "bash" and "ruby_block" resources in
order to make some elaborations on configuration files (like keystores and
patches) that I cannot do with the "template" resource.
Not always these elaborations bring to a real change in the server
configuration, so not always my LWRP has to notify a resource change (for
example to cause a server restart).
But, as for I can understand, if a "bash" or "ruby_block" resource is
put in the converge_actions list for my LWRP, it will cause a change
notification in my resource even if I never set:
@new_resource.updated_by_last_action(true)

Currently I'm calling the use_inline_resources method at the beginning
of my LWRP.

Is there a way to control this change notification?
Or may I override the set_updated_status method in my LWRP ?

Thank you a lot
Regards

Sean_OMeara · April 23, 2013, 1:51pm

Can you gist your bash resource?

On Tue, Apr 23, 2013 at 5:50 AM, Fabry Zio zziofabry@yahoo.it wrote:

Hi Noah,
thank you for answer.

My problem is that, in the case of keystore update, I have to create a
copy of the keystore, add or substitute required certs (only possible
through bash commands) and then compare the modified keystore with the
original in order to understand if I really added new certificates. Only in
that case I will replace the original one. So I think I have to execute
"bash" resources anyway.

One other possible case is the following... In a recipe I define my LWRP
like this:

wso2platform_greg wso_progr do
...
private_key wso_key
public_cert wso_cert
cacerts wso_cacerts
action :install
notifies :initialize, "wso2platform_greg[#{wso_progr}]", :delayed
end

In this case, if :install action changes the configuration of my resource
I have to re-initialize the server.
The :initialize action only restarts the server with some particular
command line parameters, but I've to make this operation through a "bash"
resource.

This seems to start an infinite loop as the "bash" resource cause my
resource to be marked as changed and this starts notification again.
I would like the "bash" resource to cause a notification only when it
really modify my wso2platform_greg resource, if possible.

Thank you

Da: Noah Kantrowitz noah@coderanger.net
A: Fabry Zio zziofabry@yahoo.it
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 10:50
Oggetto: [chef] Re: How to suppress notifications in LWRP

Use not_if/only_if to make their activation idempotent.

--Noah

On Apr 23, 2013, at 1:43 AM, Fabry Zio wrote:

Hi all,

I'm developing a custom LWRP to install a sort of application server,
but I've the following problem...

In my actions I've to call some "bash" and "ruby_block" resources in
order to make some elaborations on configuration files (like keystores and
patches) that I cannot do with the "template" resource.
Not always these elaborations bring to a real change in the server
configuration, so not always my LWRP has to notify a resource change (for
example to cause a server restart).
But, as for I can understand, if a "bash" or "ruby_block" resource is
put in the converge_actions list for my LWRP, it will cause a change
notification in my resource even if I never set:
@new_resource.updated_by_last_action(true)

Currently I'm calling the use_inline_resources method at the beginning
of my LWRP.

Is there a way to control this change notification?
Or may I override the set_updated_status method in my LWRP ?

Thank you a lot
Regards

Fabry_Zio · April 23, 2013, 3:24pm

Hi Sean,

this is the snippet that initializes the WSO2 server: gist:5444480 · GitHub

and this is the snippet that tries to modify the keystores: This is the function that modify the keystores. The last ruby_block replace the original keystores only if different in size. This is the simpliest way I've found at the moment. · GitHub

They are all parts of the LWRP

Thank you

Da: Sean OMeara someara@gmail.com
A: Fabry Zio zziofabry@yahoo.it
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 15:51
Oggetto: [chef] Re: Re: Re: How to suppress notifications in LWRP

Can you gist your bash resource?

On Tue, Apr 23, 2013 at 5:50 AM, Fabry Zio zziofabry@yahoo.it wrote:

Hi Noah,

thank you for answer.

My problem is that, in the case of keystore update, I have to create a copy of the keystore, add or substitute required certs (only possible through bash commands) and then compare the modified keystore with the original in order to understand if I really added new certificates. Only in that case I will replace the original one. So I think I have to execute "bash" resources anyway.

One other possible case is the following... In a recipe I define my LWRP like this:

wso2platform_greg wso_progr do

...

private_key wso_key
public_cert wso_cert
cacerts wso_cacerts
action :install
notifies :initialize, "wso2platform_greg[#{wso_progr}]", :delayed
end

In this case, if :install action changes the configuration of my resource I have to re-initialize the server.
The :initialize action only restarts the server with some particular command line parameters, but I've to make this operation through a "bash" resource.

This seems to start an infinite loop as the "bash" resource cause my resource to be marked as changed and this starts notification again.
I would like the "bash" resource to cause a notification only when it really modify my wso2platform_greg resource, if possible.

Thank you

Da: Noah Kantrowitz noah@coderanger.net
A: Fabry Zio zziofabry@yahoo.it
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 10:50
Oggetto: [chef] Re: How to suppress notifications in LWRP

Use not_if/only_if to make their activation idempotent.

--Noah

On Apr 23, 2013, at 1:43 AM, Fabry Zio wrote:

Hi all,

I'm developing a custom LWRP to install a sort of application server, but I've the following
problem...

In my actions I've to call some "bash" and "ruby_block" resources in order to make some elaborations on configuration files (like keystores and patches) that I cannot do with the "template" resource.
Not always these elaborations bring to a real change in the server configuration, so not always my LWRP has to notify a resource change (for example to cause a server restart).
But, as for I can understand, if a "bash" or "ruby_block" resource is put in the converge_actions list for my LWRP, it will cause a change notification in my resource even if I never set: @new_resource.updated_by_last_action(true)

Currently I'm calling the use_inline_resources method at the beginning of my LWRP.

Is there a way to control this change notification?
Or may I override the set_updated_status method in my LWRP ?

Thank you a lot
Regards

Fabry_Zio · April 23, 2013, 3:41pm

Hi John,

thank you for the link. It contains a way to use "execute" and keytool I did not take into consideration.
Unfortunately I've to compare each new certificate and key with the one already in the keystore, as the alias must be always the same.
Anyway, I'll think about it. There could be a compromise for my use case.

Da: John E. Vincent (lusis) lusis.org+chef-list@gmail.com
A: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 15:00
Oggetto: [chef] Re: Re: Re: How to suppress notifications in LWRP

If this is a java keystore, you can use some variant of this, yes?

gist.github.com

https://gist.github.com/lusis/2203083

keytool.rb

keystore = "/etc/java-6-sun/security/cacerts"
keystore_pass = "foobar"

# you'll need foo.cert et. al. in files/default
certs = %w{foo bar bang}

certs.each do |cert|
  cookbook_file "#{Chef::Config[:file_cache_path]}/#{cert}.cert" do
    source "#{cert}.cert"
  end

This file has been truncated. show original

I think someone even converted it to a proper LWRP at some point?

On Tue, Apr 23, 2013 at 5:50 AM, Fabry Zio zziofabry@yahoo.it wrote:

Hi Noah,

thank you for answer.

My problem is that, in the case of keystore update, I have to create a copy of the keystore, add or substitute required certs (only possible through bash commands) and then compare the modified keystore with the original in order to understand if I really added new certificates. Only in that case I will replace the original one. So I think I have to execute "bash" resources anyway.

One other possible case is the following... In a recipe I define my LWRP like this:

wso2platform_greg wso_progr do

...

private_key wso_key
public_cert wso_cert
cacerts wso_cacerts
action :install
notifies :initialize, "wso2platform_greg[#{wso_progr}]", :delayed
end

In this case, if :install action changes the configuration of my resource I have to re-initialize the server.
The :initialize action only restarts the server with some particular command line parameters, but I've to make this operation through a "bash" resource.

This seems to start an infinite loop as the "bash" resource cause my resource to be marked as changed and this starts notification again.
I would like the "bash" resource to cause a notification only when it really modify my wso2platform_greg resource, if possible.

Thank you

Da: Noah Kantrowitz noah@coderanger.net
A: Fabry Zio zziofabry@yahoo.it
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 10:50
Oggetto: [chef] Re: How to suppress notifications in LWRP

Use not_if/only_if to make their activation idempotent.

--Noah

On Apr 23, 2013, at 1:43 AM, Fabry Zio wrote:

Hi all,

I'm developing a custom LWRP to install a sort of application server, but I've the following
problem...

In my actions I've to call some "bash" and "ruby_block" resources in order to make some elaborations on configuration files (like keystores and patches) that I cannot do with the "template" resource.
Not always these elaborations bring to a real change in the server configuration, so not always my LWRP has to notify a resource change (for example to cause a server restart).
But, as for I can understand, if a "bash" or "ruby_block" resource is put in the converge_actions list for my LWRP, it will cause a change notification in my resource even if I never set: @new_resource.updated_by_last_action(true)

Currently I'm calling the use_inline_resources method at the beginning of my LWRP.

Is there a way to control this change notification?
Or may I override the set_updated_status method in my LWRP ?

Thank you a lot
Regards

John_E_Vincent_lusis · April 23, 2013, 3:42pm

I'd have to check but I'm pretty sure keytool can return a fingerprint of
the cert. That could be one way to compare.

On Tue, Apr 23, 2013 at 11:41 AM, Fabry Zio zziofabry@yahoo.it wrote:

Hi John,

thank you for the link. It contains a way to use "execute" and keytool I
did not take into consideration.
Unfortunately I've to compare each new certificate and key with the one
already in the keystore, as the alias must be always the same.
Anyway, I'll think about it. There could be a compromise for my use case.

Da: John E. Vincent (lusis) lusis.org+chef-list@gmail.com
A: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 15:00
Oggetto: [chef] Re: Re: Re: How to suppress notifications in LWRP

If this is a java keystore, you can use some variant of this, yes?

recipe for adding certs to keytool · GitHub

I think someone even converted it to a proper LWRP at some point?

On Tue, Apr 23, 2013 at 5:50 AM, Fabry Zio zziofabry@yahoo.it wrote:

Hi Noah,
thank you for answer.

My problem is that, in the case of keystore update, I have to create a
copy of the keystore, add or substitute required certs (only possible
through bash commands) and then compare the modified keystore with the
original in order to understand if I really added new certificates. Only in
that case I will replace the original one. So I think I have to execute
"bash" resources anyway.

One other possible case is the following... In a recipe I define my LWRP
like this:

wso2platform_greg wso_progr do
...
private_key wso_key
public_cert wso_cert
cacerts wso_cacerts
action :install
notifies :initialize, "wso2platform_greg[#{wso_progr}]", :delayed
end

In this case, if :install action changes the configuration of my resource
I have to re-initialize the server.
The :initialize action only restarts the server with some particular
command line parameters, but I've to make this operation through a "bash"
resource.

This seems to start an infinite loop as the "bash" resource cause my
resource to be marked as changed and this starts notification again.
I would like the "bash" resource to cause a notification only when it
really modify my wso2platform_greg resource, if possible.

Thank you

Da: Noah Kantrowitz noah@coderanger.net
A: Fabry Zio zziofabry@yahoo.it
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Inviato: Martedì 23 Aprile 2013 10:50
Oggetto: [chef] Re: How to suppress notifications in LWRP

Use not_if/only_if to make their activation idempotent.

--Noah

On Apr 23, 2013, at 1:43 AM, Fabry Zio wrote:

Hi all,

I'm developing a custom LWRP to install a sort of application server,
but I've the following problem...

In my actions I've to call some "bash" and "ruby_block" resources in
order to make some elaborations on configuration files (like keystores and
patches) that I cannot do with the "template" resource.
Not always these elaborations bring to a real change in the server
configuration, so not always my LWRP has to notify a resource change (for
example to cause a server restart).
But, as for I can understand, if a "bash" or "ruby_block" resource is
put in the converge_actions list for my LWRP, it will cause a change
notification in my resource even if I never set:
@new_resource.updated_by_last_action(true)

Currently I'm calling the use_inline_resources method at the beginning
of my LWRP.

Is there a way to control this change notification?
Or may I override the set_updated_status method in my LWRP ?

Thank you a lot
Regards

kallistec · April 23, 2013, 3:44pm

On Tuesday, April 23, 2013 at 8:24 AM, Fabry Zio wrote:

Hi Sean,

this is the snippet that initializes the WSO2 server: https://gist.github.com/FabryZio/5444480

and this is the snippet that tries to modify the keystores: This is the function that modify the keystores. The last ruby_block replace the original keystores only if different in size. This is the simpliest way I've found at the moment. · GitHub

They are all parts of the LWRP

Thank you
If I were you, I'd look at making at least two LWRPs out of this. First of all, take all the keystore stuff out, and make a LWRP. In that LWRP, it'll be much easier if you avoid using Chef resources and instead use lower level stuff like shell_out. Then make your app server LWRP use the keystore LWRP.

--
Daniel DeLeo

Sean_OMeara · April 23, 2013, 4:04pm

You need to add convergence checks to all your execute/bash resources.

The whole point of the use_inline_resources, is so that if any nested
resources need to fix their subject, the caller will be updated too.
'execute' and 'script' type resources need to guarded by not_if/only_if, or
have an action of :nothing, and be triggered by something else.

The actions in the LWRP DSL should be thought of as the state the resource
needs to be in....
..so in gistfile1.txt, you want the contents of :initialize actions that
"put this into the state of being initialized"

If you use nothing but core resource (file/template/cron/mount/etc), this
is transparent and magic. If you step outside those and start using
execute/script or "raw" ruby to change system state, it is your
responsibility to make sure that action is only taken when necessary.

Basically, you want to refactor everything to look like this:

ruby_block "create_key_files" do
block do
puts "#{blawk blawk}"
do
not_if { CODE THAT DETERMINES IF THE KEYFILES ARE ALREADY CREATED }
end

ruby_block "create_ca_files" do
block do
puts "#{blawk blawk}"
end
not_if { CODE THAT DETERMINES IF THE CA FILES ARE ALREADY CREATED }
end

bash "add_server_keys" do
command "echo #{bash bash}"
not_if "test is the sever_keys are already added"
end

Now, this being said... this particular problem looks like its going to
require some non-trivial code in the test sections.
To help with this, you can factor out some of the convergence tests into
the libraries directory if your cookbook

recipes/my_recipe.rb

ruby_block "promise a thing" do
block do
puts "my_block"
end
not_if { some_function }
only_if { some_other_function }
end

libraries/default.rb

def some_function

a bunch of detective work

end

def some_other_function

a bunch of detective work

end

Hope this helps, and good luck!

-s

On Tue, Apr 23, 2013 at 11:44 AM, Daniel DeLeo dan@kallistec.com wrote:

On Tuesday, April 23, 2013 at 8:24 AM, Fabry Zio wrote:

Hi Sean,

this is the snippet that initializes the WSO2 server:
https://gist.github.com/FabryZio/5444480

and this is the snippet that tries to modify the keystores:
This is the function that modify the keystores. The last ruby_block replace the original keystores only if different in size. This is the simpliest way I've found at the moment. · GitHub

They are all parts of the LWRP

Thank you

If I were you, I'd look at making at least two LWRPs out of this. First of
all, take all the keystore stuff out, and make a LWRP. In that LWRP, it'll
be much easier if you avoid using Chef resources and instead use lower
level stuff like shell_out. Then make your app server LWRP use the keystore
LWRP.

--
Daniel DeLeo

Topic		Replies	Views
Inline resource not to notify LWRP changed Chef Infra (archive)	1	392	June 20, 2018
Chef LWRP and new_resource.updated_by_last_action and use_inline_resources Chef Infra (archive)	1	1399	July 1, 2015
LWRP and new_resource.updated_by_last_action Chef Infra (archive)	1	439	December 6, 2011
LWRP + notification Chef Infra (archive)	3	409	August 19, 2013
Container LWRPs and notifications Chef Infra (archive)	2	253	February 15, 2011

How to suppress notifications in LWRP

recipes/my_recipe.rb

libraries/default.rb

a bunch of detective work

a bunch of detective work

Related topics