RE: Re: Re: RE: Re: RE: ohai, number ldap accounts


#1

Chris,

It is in the node attributes after all…

ohai
disabled_plugins
0 passwd

I will test more…

Randy

-----Original Message-----
From: Van Fossan,Randy
Sent: Wednesday, March 28, 2012 8:49 PM
To: chef@lists.opscode.com
Subject: RE: [chef] Re: Re: RE: Re: RE: ohai, number ldap accounts

Nope… It is not in /etc/chef/client.rb

-----Original Message-----
From: Chris [mailto:grocerylist@gmail.com]
Sent: Wednesday, March 28, 2012 8:47 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: RE: Re: RE: ohai, number ldap accounts

Does [:ohai][:disabled_plugins] show up on your node after convergence?

On Wed, Mar 28, 2012 at 5:39 PM, Van Fossan,Randy vanfossr@oclc.org wrote:

Hi Chris,
I made the following changes to my chef-client cookbook and I cannot get it to work.

I added the following to the chef-client/attributes/default.rb
default[:ohai][:disabled_plugins] = [ “passwd” ]

And I added the following to
chef-client/templates/default/client.rb.erb
<% if node.attribute?(“ohai”) &&
node[“ohai”].attribute?(“disabled_plugins”) -%>

Ohai::Config[:disabled_plugins] = [<%=
node[“ohai”][“disabled_plugins”].join(",") %>] <% end -%>

It doesn’t populate the /etc/chef/client.rb file. I am not sure what I am doing wrong.

Randy

-----Original Message-----
From: Chris [mailto:grocerylist@gmail.com]
Sent: Wednesday, March 28, 2012 2:26 PM
To: Van Fossan,Randy
Subject: Re: [chef] Re: RE: Re: RE: ohai, number ldap accounts

Actually, I dropped into the environments. But yeah, thats pretty much what it looks like.

On Wed, Mar 28, 2012 at 11:20 AM, Van Fossan,Randy vanfossr@oclc.org wrote:

Hi Chris,

I assume that your attributes file looks something like

default[:ohai][:disabled_plugins] = [“passwd”,“someotherplugin”]

Thanks
Randy

-----Original Message-----
From: Chris [mailto:grocerylist@gmail.com]
Sent: Wednesday, March 28, 2012 1:46 PM
To: chef@lists.opscode.com
Subject: [chef] Re: RE: Re: RE: ohai, number ldap accounts

While this probably isn’t the ‘proper’ way, I added:

<% if node.attribute?(“ohai”) &&
node[“ohai”].attribute?(“disabled_plugins”) -%>

Ohai::Config[:disabled_plugins] = [<%=
node[“ohai”][“disabled_plugins”].join(",") %>] <% end -%>

to the client.rb template in the chef-client cookbook. Yes, it does go away if you upgrade your cookbook, but for me thats been pretty safe since it takes an act of nature to upgrade anything.

On Wed, Mar 28, 2012 at 9:52 AM, Van Fossan,Randy vanfossr@oclc.org wrote:

That is good news. I need to incorporate that in the chef-client cookbook so that when the node is bootstrapped, it doesn’t pull the data in after the first run. Anyone, Know how I can incorporate the plugin disable when doing a bootstrap? I do not want to delete the plugin as there may be reason to use it in the future or on a particular node.

I am not sure where to incorporate this…
Ohai::Config[:disabled_plugins] = [ “passwd” ]

Thanks all
Randy

-----Original Message-----
From: Daniel DeLeo [mailto:ddeleo@kallistec.com] On Behalf Of Daniel
DeLeo
Sent: Wednesday, March 28, 2012 11:58 AM
To: chef@lists.opscode.com
Cc: GJZULAUF@jw.org; KAKiner@jw.org; EMENDOZA@jw.org
Subject: [chef] Re: RE: ohai, number ldap accounts

On Wednesday, March 28, 2012 at 8:25 AM, IDROSSI@jw.org wrote:

Hi Randy,

We are experiencing this very same issue and were recently looking for a solution. We use centrify to pull in AD accounts for authorization. The nodes are pulling in tons of data for all of these user groups and accounts.

If we’re not doing anything with specific user accounts in recipes/templates, should we be safe to just disable the Ohai plugin that pulls in the user accounts from AD?
Chef doesn’t use ohai data to lookup user/group data for file/template/directory or execute/script or user/group resources. It uses Ruby’s Etc module, which in turn uses the getpwent family of functions.

So it’s totally safe to remove the plugin if you don’t need the data for other reasons.


Dan DeLeo


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.