"Private" node attributes

Is there a way to have “private” node attributes in Chef? By private I mean I don’t necessarily want them overridden. I simply want multiple recipes to have read-only access to them so that I don’t duplicate/hard-code the values of these attributes in various recipes.

There are two ways. One is to simply not override the attributes. Declare them to be read-only with a comment. You wouldn’t have an enforcement mechanism, of course.

The other option I can think of is to use ohai to generate these attributes, which would make them automatic attributes. That would make sense especially if these attributes describe something about the hardware, software etc. that the recipe would run in. I would be cautious about using ohai for regular configuration–type attributes, though, because it is somewhat unexpected, and future developers may scratch their heads about what is going on.

Kevin Keane
Whom the IT Pros Call
The NetTech
Our values: Privacy, Liberty, Justice
See https://www.4nettech.com/corp/the-nettech-values.html

If what your looking for is a constant, and not really a node attribute at all, you can create a library
with a simple Ruby class providing a constant attribute in its interface.

You can then reference that library in the desired recipes so those recipes have access to the constant.

If you need to set the attribute, rather than hard code it, you can do something similar providing an API
that allows the value to be accessed (read/write).


What you want sounds exactly like DataBags [1] or if you want it securely encrypted even Vaults [2].

You could also write a small library to merge [3] the node attributes you already have with the DataBag/Vault data.

[1] https://docs.chef.io/data_bags.html
[2] https://docs.chef.io/chef_vault.html
[3] http://www.rubydoc.info/github/opscode/chef/Chef/Mixin/DeepMerge