Hi All,
I’m running into an issue with node attributes and I’m not sure what I’m doing
wrong.

I wrote a wrapper cookbook to the Opscode openssh cookbook
(http://community.opscode.com/cookbooks/openssh). My wrapper is called
"test_openssh" and within it I have two recipes: “test_openssh::base"
and “test_openssh::compute_node”. The idea is that the attribute file for
"base” will set the sshd_config params for nodes that have test_openssh::base
in their run_list and nodes that have test_openssh::compute_node get the
sshd_config params in this recipe applied and not anything else. Below are the
contents of the two recipes and the associated attributes files:

test_openssh::base recipe -
include_recipe “openssh”

test_openssh::base attributes -
default[‘test_openssh’][‘version’] = "0.1.0"
node.default[“openssh”][“server”][“permit_root_login”] = "without-password"
node.default[“openssh”][“server”][“password_authentication”] = "yes"
node.default[“openssh”][“server”][“challenge_response_authentication”] = "no"
node.default[“openssh”][“server”][“max_startups”] = 2048
node.default[“openssh”][“server”][“use_dns”] = "yes"
node.default[“openssh”][“server”][“x11_forwarding”] = “yes”

node.default[“openssh”][“server”][“allow_users”] = “*”

test_openssh::compute_node recipe -
include_recipe “openssh”

test_openssh::compute_node attributes -
default[:test_openssh][:version] = "0.1.0"
node.default[“openssh”][“server”][“permit_root_login”] = "without-password"
node.default[“openssh”][“server”][“password_authentication”] = "no"
node.default[“openssh”][“server”][“challenge_response_authentication”] = "no"
node.default[“openssh”][“server”][“max_startups”] = 2048
node.default[“openssh”][“server”][“use_dns”] = "no"
node.default[“openssh”][“server”][“x11_forwarding”] = "yes"
node.default[“openssh”][“server”][“allow_users”] = [“root”]

The real difference between the two recipes is the “allow_users”,
“password_authentication” and “use_dns” parameters. When I apply these changes
on a node I noticed that not all the attributes are applied as expected. For
instance, on a node that is supposed to have only the “base” recipe, the
allow_users parameter gets set even though that line is commented in the
recipe. I’ve tried a few different node object types - override, force_default
but I can’t seem to get to work right. Any assistance with this would be
greatly appreciated.

Thanks in advance,
Anand

Hi Anand,

On Tue, Oct 29, 2013 at 12:37 AM, Anand asrini@upenn.edu wrote:

Hi All,
I'm running into an issue with node attributes and I'm not sure what I'm
doing
wrong.

I wrote a wrapper cookbook to the Opscode openssh cookbook
(http://community.opscode.com/cookbooks/openssh). My wrapper is called
"test_openssh" and within it I have two recipes: "test_openssh::base"
and "test_openssh::compute_node". The idea is that the attribute file for
"base" will set the sshd_config params for nodes that have
test_openssh::base
in their run_list and nodes that have test_openssh::compute_node get the
sshd_config params in this recipe applied and not anything else. Below are
the
contents of the two recipes and the associated attributes files:

The thing to note here is that attribute files are not associated with
recipes. You can have multiple attributes files, and they can have names
like your recipes, but that doesn't affect whether they're loaded. If your
cookbook is loaded, Chef will always load the attributes from "default.rb"
first, then load all of the remaining attributes files. This documentation
describes how to affect the order:

If you want some attributes to be set only for particular recipes, you'll
need to set the attributes within those recipes. Another approach is to
have roles for "base" and "compute_node" which override attributes as
required.

Zac