Overriding default attributes


#1

Ohai there,

I’m quite new to chef, sorry for the noobish question. Here is my problem :

I had a set of recipes for my developpment machine that I used to run with
sudo like this :

sudo chef-solo -c config/solo.rb -j config/system.json

At some point, I decided to rework it from the ground up with
chefspectesting which lead me to understand that using sudo was a
very bad idea.

I included the community sudo cookbook in my kitchen, but I don’t have a
clue on how to override the default attributes being set on it. This is the
last content of my system.json file.

{
“run_list”: [ “system::default” ],
“override_attributes”: {
“authorization”: {
“sudo”: {
“prefix”: “/etc”,
“groups”: [ “virtualeo” ],
“users”: [ “virtualeo” ],
“passwordless”: “true”,
“include_sudoers_d”: “true”
}
}
}
}

Launching the command in a ubuntu 13.04 that I virtualized for testing, I
get the following result :

Starting Chef Client, version 11.4.4
Compiling Cookbooks…

================================================================================
Recipe Compile Error in
/home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb

NoMethodError

undefined method `[]’ for nil:NilClass

Cookbook Trace:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/sudo/recipes/default.rb:20:in
from_file' /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb:1:infrom_file’

Relevant File Content:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/sudo/recipes/default.rb:

13: # Unless required by applicable law or agreed to in writing, software
14: # distributed under the License is distributed on an “AS IS” BASIS,
15: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16: # See the License for the specific language governing permissions and
17: # limitations under the License.
18: #
19:
20>> prefix = node[‘authorization’][‘sudo’][‘prefix’]
21:
22: package ‘sudo’ do
23: not_if 'sudo -V’
24: end
25:
26: if node[‘authorization’][‘sudo’][‘include_sudoers_d’]
27: directory “#{prefix}/sudoers.d” do
28: mode '0755’
29: owner ‘root’

[2014-02-03T13:54:31+01:00] ERROR: Running exception handlers
[2014-02-03T13:54:31+01:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated
[2014-02-03T13:54:31+01:00] FATAL: Stacktrace dumped to
/home/virtualeo/.chef/state/cache/chef-stacktrace.out
[2014-02-03T13:54:31+01:00] FATAL: NoMethodError: undefined method
`[]’ for nil:NilClass

What I understand from this stacktrace is that «
node[‘authorization’][‘sudo’][‘prefix’]
» causes the error.

I guess the solution is pretty straightforward but I’m stuck for now !

Thanks in advance

Léonard Messier


#2

The reason your bit is failing is that the precedence for attributes specified via the -j flag is normal. If you get rid of the “override_attributes” level of your hash and bring authorization to the top level it should work.

On February 3, 2014 at 7:08:39 AM, Leonard Messier (leonard.messier@gmail.com) wrote:

Ohai there,

I’m quite new to chef, sorry for the noobish question. Here is my problem :

I had a set of recipes for my developpment machine that I used to run with sudo like this :

sudo chef-solo -c config/solo.rb -j config/system.json

At some point, I decided to rework it from the ground up with chefspec testing which lead me to understand that using sudo was a very bad idea.

I included the community sudo cookbook in my kitchen, but I don’t have a clue on how to override the default attributes being set on it. This is the last content of my system.json file.

{
“run_list”: [ “system::default” ],
“override_attributes”: {
“authorization”: {
“sudo”: {
“prefix”: “/etc”,
“groups”: [ “virtualeo” ],
“users”: [ “virtualeo” ],
“passwordless”: “true”,
“include_sudoers_d”: “true”
}
}
}
}

Launching the command in a ubuntu 13.04 that I virtualized for testing, I get the following result :

Starting Chef Client, version 11.4.4
Compiling Cookbooks…

================================================================================
Recipe Compile Error in /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb

NoMethodError

undefined method `[]’ for nil:NilClass

Cookbook Trace:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/sudo/recipes/default.rb:20:in from_file' /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb:1:infrom_file’

Relevant File Content:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/sudo/recipes/default.rb:

13: # Unless required by applicable law or agreed to in writing, software
14: # distributed under the License is distributed on an “AS IS” BASIS,
15: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16: # See the License for the specific language governing permissions and
17: # limitations under the License.
18: #
19:
20>> prefix = node[‘authorization’][‘sudo’][‘prefix’]
21:
22: package ‘sudo’ do
23: not_if 'sudo -V’
24: end
25:
26: if node[‘authorization’][‘sudo’][‘include_sudoers_d’]
27: directory “#{prefix}/sudoers.d” do
28: mode '0755’
29: owner ‘root’

[2014-02-03T13:54:31+01:00] ERROR: Running exception handlers
[2014-02-03T13:54:31+01:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated
[2014-02-03T13:54:31+01:00] FATAL: Stacktrace dumped to /home/virtualeo/.chef/state/cache/chef-stacktrace.out
[2014-02-03T13:54:31+01:00] FATAL: NoMethodError: undefined method `[]’ for nil:NilClass

What I understand from this stacktrace is that « node[‘authorization’][‘sudo’][‘prefix’] » causes the error.

I guess the solution is pretty straightforward but I’m stuck for now !

Thanks in advance

Léonard Messier


#3

Hi,

First, editing the metadata file solved the issue indeed !

However, I have a problem in the logic of the process I’m trying to put in
place.

I need to update the /etc/default/grub file
But My user doesn’t have sudo privileges
I use chef-solo with sudo to achieve that
My rspec tests start to fail because I don’t launch rspec with sudo, why
should I
I try to allow my user to act as sudo without using a password
I try to use the sudo cookbook that configures the sudoers file
I need to create a sysadmin group and let my user belong to it
I try to use the users cookbook that edits the system group file to add a
sysadmin group
Chef fails because my user doesn’t have sudo privileges to edit the group
file

It all fails like it should under such circumstances, but I’m wondering how
you avoid such problems.
Do you launch the client with sudo once to allow the necessary operation to
take place ?
Do you do some operations manually, which kinda defeats the point of a
provisioner ?

Thanks in advance

2014-02-05 18:25 GMT+01:00 Leonard Messier leonard.messier@gmail.com:

Thanks Daniel,

I had misunderstood the term << resource >>. I thought it couldn’t find the
needed data bag.
I was not aware of the need to specify dependencies in the metadata file
when including a recipe in another.
I think I should run foodcritic on my cookbooks to avoid such problems in
the future.

2014-02-05 Daniel DeLeo dan@kallistec.com:

On Wednesday, February 5, 2014 at 5:08 AM, Leonard Messier wrote:

Thanks Tom,

Changing it the way you did removed this error. However, another one
appeared.

When trying to create the sudoers.d directory, chef complained about
insufficient permissions. Reading further in the sudo’s cookbook readme, I
found a mention of the << sysadmin >> group not beeing created by the sudo
cookbook itself.
I thought that I would install the users community cookbook, that
essentially creates the sysadmin group when the sysadmins recipe is
included. I created a users in data_bags/users, belonging to a sysadmin
group. I get the following error :

Starting Chef Client, version 11.4.4
Compiling Cookbooks…

================================================================================
Recipe Compile Error in /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb

================================================================================

NameError

Cannot find a resource for users_manage on ubuntu version 13.04

Cookbook Trace:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/users/recipes/sysadmins.rb:23:in from_file' /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb:1:infrom_file’

Relevant File Content:


/home/virtualeo/.oh-my-chef/vendor/cookbooks/users/recipes/sysadmins.rb:

16: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17: # See the License for the specific language governing permissions and

18: # limitations under the License.
19: #
20:
21: # Searches data bag “users” for groups attribute “sysadmin”.
22: # Places returned users in Unix group “sysadmin” with GID 2300.

23>> users_manage “sysadmin” do
24: group_id 2300
25: action [ :remove, :create ]
26: end
27:

[2014-02-05T13:54:52+01:00] ERROR: Running exception handlers
[2014-02-05T13:54:52+01:00] ERROR: Exception handlers complete

Chef Client failed. 0 resources updated
[2014-02-05T13:54:53+01:00] FATAL: Stacktrace dumped to /home/virtualeo/.chef/state/cache/chef-stacktrace.out
[2014-02-05T13:54:53+01:00] FATAL: NameError: Cannot find a resource for users_manage on ubuntu version 13.04

This means more or less what it says. There is no resource named
users_manage defined. If you expect this to be provided by a LWRP, and
you don’t have a typo or something, then the cookbook isn’t being loaded
properly. On chef-solo, the most common cause of this is that you are using
a cookbook that is not in your run_list and also not in the dependencies of
any cookbooks in your run_list. Chef-solo will allow you to run recipes
from such cookbooks, but the earlier stage of the chef run uses the
run_list and dependency information to determine the correct order to load
LWRPs, attributes files, and other non-recipe files. So a cookbook that
isn’t in the run_list or reachable by dependencies won’t have its
non-recipe files loaded, which will cause errors like this.

See also:

http://docs.opscode.com/essentials_cookbook_metadata.html

http://docs.opscode.com/breaking_changes_chef_11.html#non-recipe-file-evaluation-includes-dependencies

HTH,


Daniel DeLeo


Léonard Messier
Développeur web PHP/Javascript/MySQL
http://www.leonardmessier.com


Léonard Messier
Développeur web PHP/Javascript/MySQL
http://www.leonardmessier.com


#4

Thanks Tom,

Changing it the way you did removed this error. However, another one
appeared.

When trying to create the sudoers.d directory, chef complained about
insufficient permissions. Reading further in the sudo’s cookbook readme, I
found a mention of the << sysadmin >> group not beeing created by the sudo
cookbook itself.
I thought that I would install the users community cookbook, that
essentially creates the sysadmin group when the sysadmins recipe is
included. I created a users in data_bags/users, belonging to a sysadmin
group. I get the following error :

Starting Chef Client, version 11.4.4
Compiling Cookbooks…

================================================================================
Recipe Compile Error in
/home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb

NameError

Cannot find a resource for users_manage on ubuntu version 13.04

Cookbook Trace:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/users/recipes/sysadmins.rb:23:in
from_file' /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb:1:infrom_file’

Relevant File Content:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/users/recipes/sysadmins.rb:

16: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17: # See the License for the specific language governing permissions and
18: # limitations under the License.
19: #
20:
21: # Searches data bag “users” for groups attribute “sysadmin”.
22: # Places returned users in Unix group “sysadmin” with GID 2300.
23>> users_manage “sysadmin” do
24: group_id 2300
25: action [ :remove, :create ]
26: end
27:

[2014-02-05T13:54:52+01:00] ERROR: Running exception handlers
[2014-02-05T13:54:52+01:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated
[2014-02-05T13:54:53+01:00] FATAL: Stacktrace dumped to
/home/virtualeo/.chef/state/cache/chef-stacktrace.out
[2014-02-05T13:54:53+01:00] FATAL: NameError: Cannot find a resource
for users_manage on ubuntu version 13.04

My recipe set is on this git
repohttps://github.com/CaptainQuirk/.oh-my-chef/tree/dev,
on the dev branch

Thanks in advance

2014-02-03 Tom Duffield tom@getchef.com:

The reason your bit is failing is that the precedence for attributes
specified via the -j flag is normal. If you get rid of the
"override_attributes" level of your hash and bring authorization to the top
level it should work.

On February 3, 2014 at 7:08:39 AM, Leonard Messier (
leonard.messier@gmail.com //leonard.messier@gmail.com) wrote:

Ohai there,

I’m quite new to chef, sorry for the noobish question. Here is my problem :

I had a set of recipes for my developpment machine that I used to run with
sudo like this :

sudo chef-solo -c config/solo.rb -j config/system.json

At some point, I decided to rework it from the ground up with chefspectesting which lead me to understand that using sudo was a very bad idea.

I included the community sudo cookbook in my kitchen, but I don’t have a
clue on how to override the default attributes being set on it. This is the
last content of my system.json file.

{
“run_list”: [ “system::default” ],
“override_attributes”: {
“authorization”: {
“sudo”: {
“prefix”: “/etc”,
“groups”: [ “virtualeo” ],
“users”: [ “virtualeo” ],
“passwordless”: “true”,
“include_sudoers_d”: “true”
}
}
}
}

Launching the command in a ubuntu 13.04 that I virtualized for testing, I
get the following result :

Starting Chef Client, version 11.4.4
Compiling Cookbooks…

================================================================================
Recipe Compile Error in /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb

NoMethodError

undefined method `[]’ for nil:NilClass

Cookbook Trace:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/sudo/recipes/default.rb:20:in from_file' /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb:1:infrom_file’

Relevant File Content:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/sudo/recipes/default.rb:

13: # Unless required by applicable law or agreed to in writing, software
14: # distributed under the License is distributed on an “AS IS” BASIS,
15: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16: # See the License for the specific language governing permissions and
17: # limitations under the License.
18: #
19:
20>> prefix = node[‘authorization’][‘sudo’][‘prefix’]
21:
22: package ‘sudo’ do
23: not_if 'sudo -V’
24: end
25:
26: if node[‘authorization’][‘sudo’][‘include_sudoers_d’]
27: directory “#{prefix}/sudoers.d” do
28: mode '0755’
29: owner ‘root’

[2014-02-03T13:54:31+01:00] ERROR: Running exception handlers
[2014-02-03T13:54:31+01:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated
[2014-02-03T13:54:31+01:00] FATAL: Stacktrace dumped to /home/virtualeo/.chef/state/cache/chef-stacktrace.out
[2014-02-03T13:54:31+01:00] FATAL: NoMethodError: undefined method `[]’ for nil:NilClass

What I understand from this stacktrace is that << node[‘authorization’][‘sudo’][‘prefix’]

causes the error.

I guess the solution is pretty straightforward but I’m stuck for now !

Thanks in advance

Léonard Messier


Léonard Messier
Développeur web PHP/Javascript/MySQL
http://www.leonardmessier.com


#5

On Wednesday, February 5, 2014 at 5:08 AM, Leonard Messier wrote:

Thanks Tom,

Changing it the way you did removed this error. However, another one appeared.

When trying to create the sudoers.d directory, chef complained about insufficient permissions. Reading further in the sudo’s cookbook readme, I found a mention of the « sysadmin » group not beeing created by the sudo cookbook itself.
I thought that I would install the users community cookbook, that essentially creates the sysadmin group when the sysadmins recipe is included. I created a users in data_bags/users, belonging to a sysadmin group. I get the following error :

Starting Chef Client, version 11.4.4
Compiling Cookbooks…

================================================================================
Recipe Compile Error in /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb

NameError

Cannot find a resource for users_manage on ubuntu version 13.04

Cookbook Trace:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/users/recipes/sysadmins.rb:23:in from_file' /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb:1:infrom_file’

Relevant File Content:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/users/recipes/sysadmins.rb:

16: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17: # See the License for the specific language governing permissions and
18: # limitations under the License.
19: #
20:
21: # Searches data bag “users” for groups attribute “sysadmin”.
22: # Places returned users in Unix group “sysadmin” with GID 2300.
23>> users_manage “sysadmin” do
24: group_id 2300
25: action [ :remove, :create ]
26: end
27:

[2014-02-05T13:54:52+01:00] ERROR: Running exception handlers
[2014-02-05T13:54:52+01:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated
[2014-02-05T13:54:53+01:00] FATAL: Stacktrace dumped to /home/virtualeo/.chef/state/cache/chef-stacktrace.out
[2014-02-05T13:54:53+01:00] FATAL: NameError: Cannot find a resource for users_manage on ubuntu version 13.04

This means more or less what it says. There is no resource named users_manage defined. If you expect this to be provided by a LWRP, and you don’t have a typo or something, then the cookbook isn’t being loaded properly. On chef-solo, the most common cause of this is that you are using a cookbook that is not in your run_list and also not in the dependencies of any cookbooks in your run_list. Chef-solo will allow you to run recipes from such cookbooks, but the earlier stage of the chef run uses the run_list and dependency information to determine the correct order to load LWRPs, attributes files, and other non-recipe files. So a cookbook that isn’t in the run_list or reachable by dependencies won’t have its non-recipe files loaded, which will cause errors like this.

See also:

http://docs.opscode.com/essentials_cookbook_metadata.html
http://docs.opscode.com/breaking_changes_chef_11.html#non-recipe-file-evaluation-includes-dependencies

HTH,


Daniel DeLeo


#6

Thanks Daniel,

I had misunderstood the term << resource >>. I thought it couldn’t find the
needed data bag.
I was not aware of the need to specify dependencies in the metadata file
when including a recipe in another.
I think I should run foodcritic on my cookbooks to avoid such problems in
the future.

2014-02-05 Daniel DeLeo dan@kallistec.com:

On Wednesday, February 5, 2014 at 5:08 AM, Leonard Messier wrote:

Thanks Tom,

Changing it the way you did removed this error. However, another one
appeared.

When trying to create the sudoers.d directory, chef complained about
insufficient permissions. Reading further in the sudo’s cookbook readme, I
found a mention of the << sysadmin >> group not beeing created by the sudo
cookbook itself.
I thought that I would install the users community cookbook, that
essentially creates the sysadmin group when the sysadmins recipe is
included. I created a users in data_bags/users, belonging to a sysadmin
group. I get the following error :

Starting Chef Client, version 11.4.4
Compiling Cookbooks…

================================================================================
Recipe Compile Error in /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb

================================================================================

NameError

Cannot find a resource for users_manage on ubuntu version 13.04

Cookbook Trace:

/home/virtualeo/.oh-my-chef/vendor/cookbooks/users/recipes/sysadmins.rb:23:in from_file' /home/virtualeo/.oh-my-chef/cookbooks/system/recipes/default.rb:1:infrom_file’

Relevant File Content:


/home/virtualeo/.oh-my-chef/vendor/cookbooks/users/recipes/sysadmins.rb:

16: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17: # See the License for the specific language governing permissions and

18: # limitations under the License.
19: #
20:
21: # Searches data bag “users” for groups attribute “sysadmin”.
22: # Places returned users in Unix group “sysadmin” with GID 2300.

23>> users_manage “sysadmin” do
24: group_id 2300
25: action [ :remove, :create ]
26: end
27:

[2014-02-05T13:54:52+01:00] ERROR: Running exception handlers
[2014-02-05T13:54:52+01:00] ERROR: Exception handlers complete

Chef Client failed. 0 resources updated
[2014-02-05T13:54:53+01:00] FATAL: Stacktrace dumped to /home/virtualeo/.chef/state/cache/chef-stacktrace.out
[2014-02-05T13:54:53+01:00] FATAL: NameError: Cannot find a resource for users_manage on ubuntu version 13.04

This means more or less what it says. There is no resource named
users_manage defined. If you expect this to be provided by a LWRP, and
you don’t have a typo or something, then the cookbook isn’t being loaded
properly. On chef-solo, the most common cause of this is that you are using
a cookbook that is not in your run_list and also not in the dependencies of
any cookbooks in your run_list. Chef-solo will allow you to run recipes
from such cookbooks, but the earlier stage of the chef run uses the
run_list and dependency information to determine the correct order to load
LWRPs, attributes files, and other non-recipe files. So a cookbook that
isn’t in the run_list or reachable by dependencies won’t have its
non-recipe files loaded, which will cause errors like this.

See also:

http://docs.opscode.com/essentials_cookbook_metadata.html

http://docs.opscode.com/breaking_changes_chef_11.html#non-recipe-file-evaluation-includes-dependencies

HTH,


Daniel DeLeo


Léonard Messier
Développeur web PHP/Javascript/MySQL
http://www.leonardmessier.com