LWRP attributes + template


#1

Hi, reading the README of shorewall community cookbok[1] it says that you
can declare rules by:

  • Doing node.override[:shorewall][:rules] << {} on recipes.
  • A library helper method add_shorewal_rules() that wil << on rules
    attribute also.

I have tested that doing that “append” on override attributes, template
does not need lazy attributes. I dont know why, but it works, even if you
add a rule later on the runlist, on an apache2_app recipe to open 8080.

I wanted to make an LWRP to declare rules on an idempotentially way, but
you cant modify attributes on providers. At least those modifications are
not available when template renders…

My questions:

  • ¿Is this the right way of defining attributes with that override << stuff?
  • ¿Is there any pattern for that situation where your application cookbook
    should open a port on the firewall and you du it by adding a shorewall
    rule? Attributes and then render to template sounds good but that override
    << is an ungly thing :S

Thanks in advance guys!

[1] - http://community.opscode.com/cookbooks/shorewall


Si necesitas una máquina para hacer algo y no la compras al final te darás
cuenta de que has pagado lo mismo y no tienes la máquina.–Henry Ford

Alberto


#2

Hello,

I didn’t like that way node.override[:shorewall][:rules] <<
{}. Have a look at my cookbook with an already formed view
onto attributes and their usage. Long time ago it was based on community
one, but since it has changed a lot.

Regards,
Denis

On 18/02/14 22:04, aL. wrote:

Hi, reading the README of shorewall community cookbok[1] it says that
you can declare rules by:

  • Doing node.override[:shorewall][:rules] << {} on recipes.
  • A library helper method add_shorewal_rules() that wil << on rules
    attribute also.

I have tested that doing that “append” on override attributes,
template does not need lazy attributes. I dont know why, but it works,
even if you add a rule later on the runlist, on an apache2_app recipe
to open 8080.

I wanted to make an LWRP to declare rules on an idempotentially way,
but you cant modify attributes on providers. At least those
modifications are not available when template renders…

My questions:

  • ¿Is this the right way of defining attributes with that override <<
    stuff?
  • ¿Is there any pattern for that situation where your application
    cookbook should open a port on the firewall and you du it by adding a
    shorewall rule? Attributes and then render to template sounds good but
    that override << is an ungly thing :S

Thanks in advance guys!

[1] - http://community.opscode.com/cookbooks/shorewall


Si necesitas una máquina para hacer algo y no la compras al final te
darás cuenta de que has pagado lo mismo y no tienes la máquina.–Henry
Ford

Alberto


#3

Hi!

I have seen that you are appending to the rules array on the rule
definition: node.default[‘shorewall’][‘rules’] <<
Shorewall.compute_rule(rule, data)

Im still asking myself if that is the correct way to do things and if there
is any other way of having all rules(even those adde from other cookbooks)
on attributes when you render the template on your shorewall cookbook.

Im going to ask again ¿Is there any pattern about this?

Thanks for your repply.


Si necesitas una máquina para hacer algo y no la compras al final te darás
cuenta de que has pagado lo mismo y no tienes la máquina.–Henry Ford

Alberto

On Tue, Feb 18, 2014 at 3:27 PM, Denis Barishev denis.barishev@gmail.comwrote:

Hello,

I didn’t like that way node.override[:shorewall][:rules] << {}.
Have a look at my cookbook with an already formed view onto attributes and
their usage. Long time ago it was based on community one, but since it has
changed a lot.

https://github.com/dennybaa/shorewall

Regards,
Denis

On 18/02/14 22:04, aL. wrote:

Hi, reading the README of shorewall community cookbok[1] it says that you
can declare rules by:

  • Doing node.override[:shorewall][:rules] << {} on recipes.
  • A library helper method add_shorewal_rules() that wil << on rules
    attribute also.

I have tested that doing that “append” on override attributes, template
does not need lazy attributes. I dont know why, but it works, even if you
add a rule later on the runlist, on an apache2_app recipe to open 8080.

I wanted to make an LWRP to declare rules on an idempotentially way, but
you cant modify attributes on providers. At least those modifications are
not available when template renders…

My questions:

  • ¿Is this the right way of defining attributes with that override <<
    stuff?
  • ¿Is there any pattern for that situation where your application cookbook
    should open a port on the firewall and you du it by adding a shorewall
    rule? Attributes and then render to template sounds good but that override
    << is an ungly thing :S

Thanks in advance guys!

[1] - http://community.opscode.com/cookbooks/shorewall


Si necesitas una máquina para hacer algo y no la compras al final te darás
cuenta de que has pagado lo mismo y no tienes la máquina.–Henry Ford

Alberto


#4

Hi,

I think there’s nothing wrong with << operation itself. I just don’t
think that it’s correct to operate with override in this case.

First you should keep in mind that the attributes are merged between
nodes, roles and environments
. In other words, when two cookbooks are
assigning the same default attribute on the node level (doesn’t meter in
attribute file or recipe) the later cookbook’s value will win.

Say you have run_list of two cookbooks [‘foo’, ‘bar’].

foo/attributes/default.rb
default[‘foo’][‘arr’] = [‘Array’, ‘in’, ‘foo’]

bar/recipes/default.rb
default[‘foo’][‘arr’] = [‘I’, ‘want’, ‘foo’]

The later value wins, and when template from cookbook foo will render
node[‘foo’][‘arr’] attribute. We end up with not that we want. We want
the arrays to be merged but it won’t happen.

That’s why, in the source cookbook we define array and later cookbooks
can use it on the same level, however we must use << (push) for an
array, because an assignment will overwrite everything.

My shorewall cookbook operates on default level, you can easily use
add_shorewall_rules, add_shorewall_zone definitions right away in any of
your recipes. Further you might want to added some hard-coded rules or
zones use role and environment default attributes.
If you might want to override anything you can use normal, override
attributes in cookbooks, roles or environments.
Everything should work as you expect.

Regards,
Denis

On 19/02/14 16:32, aL. wrote:

Hi!

I have seen that you are appending to the rules array on the rule
definition: node.default[‘shorewall’][‘rules’] <<
Shorewall.compute_rule(rule, data)

Im still asking myself if that is the correct way to do things and if
there is any other way of having all rules(even those adde from other
cookbooks) on attributes when you render the template on your
shorewall cookbook.

Im going to ask again ¿Is there any pattern about this?

Thanks for your repply.


Si necesitas una máquina para hacer algo y no la compras al final te
darás cuenta de que has pagado lo mismo y no tienes la máquina.–Henry
Ford

Alberto

On Tue, Feb 18, 2014 at 3:27 PM, Denis Barishev
<denis.barishev@gmail.com mailto:denis.barishev@gmail.com> wrote:

Hello,

I didn't like that way node.override[:shorewall][:rules] <<
{<rulehash>}. Have a look at my cookbook with an already formed
view onto attributes and their usage. Long time ago it was based
on community one, but since it has changed a lot.

https://github.com/dennybaa/shorewall

Regards,
Denis


On 18/02/14 22:04, aL. wrote:
Hi, reading the README of shorewall community cookbok[1] it says
that you can declare rules by:

- Doing node.override[:shorewall][:rules] << {<rulehash>} on recipes.
- A library helper method add_shorewal_rules() that wil << on
rules attribute also.

I have tested that doing that "append" on override attributes,
template does not need lazy attributes. I dont know why, but it
works, even if you add a rule later on the runlist, on an
apache2_app recipe to open 8080.

I wanted to make an LWRP to declare rules on an idempotentially
way, but you cant modify attributes on providers. At least those
modifications are not available when template renders..


My questions:


- ¿Is this the right way of defining attributes with that
override << stuff?
- ¿Is there any pattern for that situation where your application
cookbook should open a port on the firewall and you du it by
adding a shorewall rule? Attributes and then render to template
sounds good but that override << is an ungly thing :S


Thanks in advance guys!



[1] - http://community.opscode.com/cookbooks/shorewall

--
Si necesitas una máquina para hacer algo y no la compras al final
te darás cuenta de que has pagado lo mismo y no tienes la
máquina.--Henry Ford

Alberto