Hi Chef experts!
Quick question on LWRP execution. I am trying to create an LWRP that will allow me to execute ruby code as a user other than root (for example: To install an RPM as myself while running Chef as root).
Currently, my LWRP forks a process, changes the runtime user / group and executes eval() on the command string passed in. This seems to work perfectly for any native Chef resource, however, it does not execute LWRPs. It looks like it loads up the resource for the LWRP and is almost like chef-client passes over the resource as if the idempotence check thinks the resource is already converged.
On a side note, it would be a great feature addition if the ruby_block resource in Chef took a “user” attribute to execute a ruby block as a different user.
Any help would be greatly appreciated!
Thanks,
Wes
================
./resources/ruby_block_run_as.rb
actions :create
default_action :create
attribute :block_name, :kind_of => String, :name_attribute => true
attribute :code, :kind_of => String, :required => true
attribute :user, :kind_of => String, :required => true
================
./providers/ruby_block_run_as.rb
require 'chef/mixin/shell_out’
include Chef::Mixin::ShellOut
def whyrun_supported?
true
end
action :create do
raise “ruby_block_run_as only supported on Linux!” if node[“platform”] == “windows”
converge_by(“Create #{@new_resource}”) do
p = shell_out(“stat -c ‘%a’ /var/chef/cache/”)
old_perms = Integer(“0#{p.stdout}”)
# Fix perms on cache dir
dir_resource = directory “/var/chef/cache/checksums” do
mode 0777
end
dir_resource.run_action(:create)
as_user(new_resource.user, new_resource.code)
dir_resource = directory "/var/chef/cache/checksums" do
mode old_perms
end
dir_resource.run_action(:create)
end
end
def proc_from
Proc.new
end
def as_user(user, code)
p = shell_out(“getent passwd #{user}”)
uid = Integer(p.stdout.split(":")[2])
gid = Integer(p.stdout.split(":")[3])
fork_pid = fork do
Process::GID.change_privilege(gid)
Process::UID.change_privilege(uid)
eval(code)
exit
end
Process.wait(fork_pid)
new_resource.updated_by_last_action(true)
end
================
./recipes/ruby_block_run_as_test.rb
mylwrp_ruby_block_run_as “test ruby block as another user” do
user "myuser"
code <<-EOH
#### This resource (native) works fine with “myuser” owning the file
resource = file “/mnt/root_squash_mount/testFile.2” do
content(“asdf”)
end
resource.run_action(:create)
#### This resource (lwrp) never executes
resource2 = thanksgiving_common_copy "COPY" do
srcDirName "/tmp/copy_src"
destDirName "/tmp/copy_dest"
end
resource2.run_action(:copy)
EOH
end