RE: Re: LWRP inside LWRP Execution Question


#1

Thanks for the quick reply Daniel. Unfortunately, I have tried the use_inline_resources without success. I don’t believe I am having issues with notifications, but instead with LWRP resources not even executing. I have tested this code on both Chef 10.18.2 and Chef 11.4.4 with the same results. I have also tried creating a HWRP in the libraries directory of my cookbook with the same problems. Any other ideas?

Suggestions for wrapping existing code (both native resources and LWRPs) to execute as a different user would be helpful as well if there are any examples out there that take a different route (other than fork, change uid / gid and eval() a command string).

Thanks!
Wes

-----Original Message-----
From: Daniel DeLeo on behalf of Daniel DeLeo
Sent: Mon 11/18/2013 3:33 PM
To: chef@lists.opscode.com
Subject: [chef] Re: LWRP inside LWRP Execution Question

On Monday, November 18, 2013 at 12:22 PM, Wes Parish wrote:

	Hi Chef experts!

Quick question on LWRP execution.  I am trying to create an LWRP that will allow me to execute ruby code as a user other than root (for example: To install an RPM as myself while running Chef as root).

Currently, my LWRP forks a process, changes the runtime user / group and executes eval() on the command string passed in.  This seems to work perfectly for any native Chef resource, however, it does not execute LWRPs.  It looks like it loads up the resource for the LWRP and is almost like chef-client passes over the resource as if the idempotence check thinks the resource is already converged.

On a side note, it would be a great feature addition if the ruby_block resource in Chef took a "user" attribute to execute a ruby block as a different user.

Any help would be greatly appreciated!

Thanks,
Wes

This happens because of how LWRPs were originally implemented - they would add any native chef resources you use inside an action block to the primary resource collection after themselves. This was done so that resources inside the LWRP could notify resources outside of the LWRP. After a lot of real world experience, this doesn’t seem to be the best design, so you can opt in to a different “inline_resources” mode in Chef 11, which will run LWRPs as a nested chef run.

There’s a little more explanation of the inline resources stuff in the docs: http://docs.opscode.com/lwrp_custom_provider.html

HTH,


Daniel DeLeo


#2

On Tuesday, November 19, 2013 at 5:29 AM, Wes Parish wrote:

Thanks for the quick reply Daniel. Unfortunately, I have tried the use_inline_resources without success. I don’t believe I am having issues with notifications, but instead with LWRP resources not even executing. I have tested this code on both Chef 10.18.2 and Chef 11.4.4 with the same results. I have also tried creating a HWRP in the libraries directory of my cookbook with the same problems. Any other ideas?

I can’t figure out anything else from your code. You could try running it with -ldebug.

Suggestions for wrapping existing code (both native resources and LWRPs) to execute as a different user would be helpful as well if there are any examples out there that take a different route (other than fork, change uid / gid and eval() a command string).
That’s how you should do it. This article may be informative (even if the tone is a little aggro): http://timetobleed.com/5-things-you-dont-know-about-user-ids-that-will-destroy-you/

Thanks!
Wes


Daniel DeLeo