Recipe attributes for previous resources


I’m using the sshd cookbook to configure the ssh server on hosts. I include
this recipe with a set of attributes in an attribute file to configure my
sshd config file. One of which is this:

default[‘sshd’][‘sshd_config’][‘PasswordAuthentication’] = ‘no’

I then have the following in one of the recipes in my base cookbook which
gets applied to all nodes:

include_recipe ‘sshd’

I have another recipe that creates a user on a machine and configures it.
Only for machines where this user exists I want to enable password
authentication for SSH, so this user works for the purpose it’s designed
for. In the recipe I set the following:

node.set[‘sshd’][‘sshd_config’][‘PasswordAuthentication’] =
'yes’include_recipe ‘sshd’

Everything works well if I run the user create recipe before the base
recipe as the attribute gets changed before the sshd recipe is run. If I
run the user creation recipe after the base then password authentication is
disabled as the sshd recipe has already been included and run before the
attribute change.

My question is what is the best way to handle this situation? Is there some
way to notify the template of an attribute change in the recipe or do I
have to redefine the sshd config template resource?
Otherwise do I just have to deal with having a recipe where the order in
the run list is important within a cookbook (and not be able to handle this
with include_recipe for a dependency, as the user recipe isn’t run on every

Yoshi Spendiff
Ops Engineer
Mobile: +1 778 952 2025