Noob q: using someone else's LWRP

Chef Infra (archive)
1

Questions at the top. Details and explanations and sources are below.

FIRST QUESTION: how do I actually fetch someone else’s LWRP? Do I git clone it into my chef_repo/cookbooks directory (if it’s on github, for example)? Or some other something?

SECOND QUESTION: what do I need to put in the …/recipe/default.rb and …/metadata.rb to be able to use a given LWRP in my …/recipes/default.rb. I’m a bit confused because the ‘include_recipe’ statement is for, well, recipes, not cookbooks.

Discussion:

============================

I’m experimenting with chef using chef-client -z mode on centos7. chef is v12-whatever is current in the chef-stable.repo.

I’ve written very simple recipes, such as creating and permissioning a /pub directory. Worked great.

[vagrant@cw chef_repo]$ pwd
/home/vagrant/chef_repo
[vagrant@cw chef_repo]$ sudo chef-client -z cookbooks/pub/recipes/default.rb 

<snip>

[vagrant@cw chef_repo]$ ls -la /pub 
total 4
drwxrwsr-x.  2 nobody pub     6 Apr 27 06:03 .

now, for the purposes of this discussion, let’s say I want to do acls. And in fact, there’s a lovely LWRP that looks like it’ll do just fine at

https://github.com/nightw/posix_acl

FIRST QUESTION: how do I fetch it? Do I git clone it into my chef_repo/cookbooks directory? Or some other something?

Assuming the answer to question 1 is ‘git clone’ into my cookbooks directory…

SECOND QUESTION: what do I need to put in the pub/recipe/default.rb and pub/metadata.rb to be able to use the posix_acl call in my pub/recipes/default.rb. I’m a bit confused because the ‘include_recipe’ statement is for, well, recipes, not cookbooks.

=============================

Here are the gory details. I understand what most of the words in the error messages (at the bottom) are saying, but I don’t know how to parse them out into a solution. As the comedian says…‘a little help here…?’

Thanks.

Gory details:

  [vagrant@cw chef_repo]$ ls -la cookbooks/
  total 16
  drwxrwxr-x. 4 vagrant vagrant   48 Apr 27 06:24 .
  drwxrwxr-x. 7 vagrant vagrant 4096 Apr 26 07:05 ..
  drwxrwxr-x. 6 vagrant vagrant 4096 Apr 27 06:22 posix_acl
  drwxrwxr-x. 6 vagrant vagrant 4096 Apr 26 07:07 pub
  -rw-rw-r--. 1 vagrant vagrant 3147 Apr 26 07:05 README.md 
  [vagrant@cw chef_repo]$

=============================
This works fine:

[vagrant@cw ~] cd chef_repo/ [vagrant@cw chef_repo] cat cookbooks/pub/recipes/default.rb

Cookbook:: pub

Recipe:: default

Copyright:: 2017, The Authors, All Rights Reserved.

user ‘nobody’ do
comment 'the nopriv nobody user’
uid '99’
shell '/bin/nologin’
end

group ‘pub’ do
action :create
gid '470’
append true
end

directory ‘/pub’ do
action :create
owner 'nobody’
group 'pub’
mode '02775’
end

====================================

This doesn’t:

====================================

[vagrant@cw chef_repo]$ cat cookbooks/pub/metadata.rb 
name 'pub'
maintainer 'The Authors'
maintainer_email 'you@example.com'
license 'All Rights Reserved'
description 'Installs/Configures pub'
long_description 'Installs/Configures pub'
version '0.1.0'
chef_version '>= 12.1' if respond_to?(:chef_version)

# The `issues_url` points to the location where issues for this cookbook are
# tracked.  A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/pub/issues'

# The `source_url` points to the development reposiory for this cookbook.  A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/pub'

depends 'posix_acl'

=========================

[vagrant@cw chef_repo]$ cat cookbooks/pub/recipes/default.rb
#
# Cookbook:: pub
# Recipe:: default
#
# Copyright:: 2017, The Authors, All Rights Reserved.

include_recipe ‘posix_acl::default’

user ‘nobody’ do
comment 'the nopriv nobody user’
uid '99’
shell '/bin/nologin’
end

group ‘pub’ do
action :create
gid '470’
append true
end

directory ‘/pub’ do
action :create
owner 'nobody’
group 'pub’
mode '02775’
end

posix_acl “/pub” do
group 'pub’
read true
write true
execute true
recursive true
default true
end

==================================

[vagrant@cw chef_repo]$ sudo chef-client -z cookbooks/pub/recipes/default.rb
[2017-04-27T07:11:22+01:00] INFO: Started chef-zero at chefzero://localhost:8889 with repository at /home/vagrant
One version per cookbook

[2017-04-27T07:11:22+01:00] INFO: Forking chef instance to converge…
Starting Chef Client, version 12.19.36
[2017-04-27T07:11:22+01:00] INFO: *** Chef 12.19.36 ***
[2017-04-27T07:11:22+01:00] INFO: Platform: x86_64-linux
[2017-04-27T07:11:22+01:00] INFO: Chef-client pid: 5198
[2017-04-27T07:11:24+01:00] INFO: Run List is []
[2017-04-27T07:11:24+01:00] INFO: Run List expands to []
[2017-04-27T07:11:24+01:00] INFO: Starting Chef Run for chef_admin
[2017-04-27T07:11:24+01:00] INFO: Running start handlers
[2017-04-27T07:11:24+01:00] INFO: Start handlers complete.
[2017-04-27T07:11:24+01:00] INFO: HTTP Request Returned 404 Not Found: Object not found:
resolving cookbooks for run list: []
[2017-04-27T07:11:24+01:00] INFO: Loading cookbooks []
Synchronizing Cookbooks:
Installing Cookbook Gems:
Compiling Cookbooks…
[2017-04-27T07:11:24+01:00] WARN: MissingCookbookDependency:
Recipe posix_acl::default is not in the run_list, and cookbook 'posix_acl’
is not a dependency of any cookbook in the run_list. To load this recipe,
first add a dependency on cookbook ‘posix_acl’ in the cookbook you’re
including it from in that cookbook’s metadata.

Running handlers:
[2017-04-27T07:11:24+01:00] ERROR: Running exception handlers
Running handlers complete
[2017-04-27T07:11:24+01:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 01 seconds
[2017-04-27T07:11:24+01:00] FATAL: Stacktrace dumped to /home/vagrant/.chef/local-mode-cache/cache/chef-stacktrace.out
[2017-04-27T07:11:24+01:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-04-27T07:11:24+01:00] ERROR: Cookbook posix_acl not found. If you’re loading posix_acl from another cookbook, make sure you configure the dependency in your metadata
[2017-04-27T07:11:24+01:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

2

Hi!

I’m not going to answer all of your questions as it’s late here, but I
wanted to help unblock you by answering a few.

A LWRP (which in the newest chef is just called custom resource) is a
"lightweight resource provider". It’s an older style of extending
resources. So just like in a recipe that uses a file or directory resource,
you can use an LWRP or custom resource in your cookbooks in the same way.

To make a LWRP or custom resource available for use, you need to make sure
that your cookbook has a dependency on the cookbook that you want to use
LWRPs from. For example the tomcat cookbook here:
https://github.com/chef-cookbooks/tomcat has the tomcat_install resource.
You would add a dependency in your metadata.rb of depends ‘tomcat’ to use
the resources that are available in that cookbook. For this cookbook, as
you have done you would update the metadata.rb with the depends ‘posix_acl’

When it comes to actually obtaining the cookbooks to be used there are a
number of ways to do it depending on whether your environment is isolated
from the internet, or what you are using to manage dependencies (often
berkshelf is used for managing dependencies)Looking at
https://github.com/nightw/posix_acl what I’ve determined is that looking at
the public supermarket (https://supermarket.chef.io/) it hasn’t been
published there. So that makes it a little more complicated, but if using
berkshelf you can specify using git as mentioned in the documentation here
https://docs.chef.io/berkshelf.html, or you can download locally and then
specify the location as to where your system would find the cookbook.

Now based on your error message you are trying to run chef-client in a
local mode without specifying a run-list. Try something more like

chef-client --local-mode --runlist ‘recipe[pub::default]’

Also, this might be obvious to you but just wanted to let you know:

include_recipe ‘posix_acl::default’

is going to do whatever is in that recipe which is installing the acl
package.

and posix_acl is the resource that has the create and check actions. So in
your recipe you’re both including the recipe and using the resources
provided in the cookbook which are 2 different things (And might be exactly
what you want).

Hope this helps unblock you some.

3

Many thanks!

Needing to add the --run-list was something I was completely missing. That gave me enough to proceed to some more google-fu… and as it turns out specifying pathing is something that is explicitly required when there are recipe and cookbook (and probably other) dependencies; for some reason I simply assumed if everything was all in the same ‘cookbooks’ directory it wouldn’t be an issue; it is. (right?)

addendum: http://gettingstartedwithchef.com/first-steps-with-chef.html at the ‘First Chef Run’ part gave me some specific hints on how to do the following.

so, for tonight (and for future seekers), what works is:

create two more files. I called them:

 specs.rb for the specs that chef-client local-mode needs (such as pathing)
 pub.json   this holds my run-list for the pub recipe.

[vagrant@cw chef_repo]$ cat specs.rb 

file_cache_path "/home/vagrant/chef_repo/chef-local"
cookbook_path "/home/vagrant/chef_repo/cookbooks"

[vagrant@cw chef_repo]$ cat pub.json 

{
  "run_list": [ "recipe[pub::default]" ]
}

[vagrant@cw chef_repo]$ sudo chef-client -z -c specs.rb -j pub.json 

<snip>

Chef Client finished, 1/7 resources updated in 04 seconds

No errors, results as expected. Note that absolute pathing is apparently required. the ‘.’ , ‘…’, and ‘~’ yielded unpredictables; admittedly these are bash shell constructs, but sometimes they carry over.

Thank you again for giving me the key that I needed to break loose.