Idempotentation in chef


#1

Hi Experts
#Login to mysql
script "password change" do
interpreter "bash"
user "root"
cwd "/tmp"
code <<-EOH
root_temp_pass=$(grep 'A temporary password' /mysql/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
#Login as root
mysql -uroot -p"$root_temp_pass" --connect-expired-password Be "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Czt732ck#';"
But my above is executing two time and thats why its giving error.
How can i run it once so that it does not fail .Thanks


#2

Hey,
You need a guard, something like this would do the trick :

script "password change" do
    interpreter "bash"
    user        "root"
    cwd         "/tmp"
    code <<-EOH
        root_temp_pass=$(grep 'A temporary password' /mysql/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
        mysql -uroot -p"$root_temp_pass" --connect-expired-password Be "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Czt732ck#';" && touch /var/tmp/password_changed
EOH
    not_if { ::File.exists?("/var/tmp/password_changed") }
end

#3

Thank you for your advise.:slight_smile:


#4

I try to stay away from any script,execute or ruby blocks when there are resources or cookbooks that cover the situation. If there were none I would then do a custom resource.


#5

Thanks you i agree. My problem is iam not able to install mysql2_chef_gem that is the reason i have to do custom MySQL change password.
If i try to install mysql2_chef_gem i get error Package: No candidate version available for mysql-community-client, mysql-community-devel


#6

Hi Experts after writing the below command

script "password change" do
    interpreter "bash"
    user        "root"
    cwd         "/tmp"
    code <<-EOH
        root_temp_pass=$(grep 'A temporary password' /mysql/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
        mysql -uroot -p"$root_temp_pass" --connect-expired-password Be "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Czt732ck#';" && touch /var/tmp/password_changed
EOH
    not_if { ::File.exists?("/var/tmp/password_changed") }
end
```when i run kitchen converge
i get error like
- script[password change]
       [2019-03-05T15:44:56+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process terminated by signal 9 (KILL)
       [2019-03-05T15:44:56+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process terminated by signal 9 (KILL)
Now in the Kitchen.yml file if i say enforce_idempotency: false 
the code runs fine ,I mean kitchen converge happens successfully.
Its strange how can i get through this idempotency issue .Thanks

#7

The kitchen feature enforce_idempotency means something very specific and doesn't magically guarantee idempotency nor was it the intent. I'd read the following PR to understand what that flag does and what it's purpose is https://github.com/test-kitchen/test-kitchen/pull/875