- Chef Infra (archive)

Rob_V_Brown · March 20, 2014, 5:31pm

Hi,

I have an execute resource that creates an /etc/crypttab file from infomation
on the server. I’m seeing an odd behavior. On initial run of chef-client, the
file isn’t correct, it’s missing the uuid of the device. However, if I delete
the /etc/crypttab file and re-run chef-client, the /etc/crypttab is correctly
populated.

Here’s what it looks like:

execute "add-to-crypttab-#{device[0]}-uuid" do
	uuid = Mixlib::ShellOut.new("cryptsetup luksUUID #{device[0]}")
	uuid.run_command
	UUID = uuid.stdout.chomp
	command "echo \"#{phys}-luks UUID=#{UUID} /root/#{phys}-luks

luks" >> /etc/crypttab"
not_if "grep #{phys}-luks /etc/crypttab"
end

I’m trying to figure out why it’s not correct on the initial run. Any ideas?
Is it possible to delay this so that it works as expected during the initial
run of the recipe.

Thanks,
Bob

kallistec · March 21, 2014, 6:14pm

On Thursday, March 20, 2014 at 10:31 AM, rob.v.brown@roberthalf.com wrote:

Hi,

I have an execute resource that creates an /etc/crypttab file from infomation
on the server. I'm seeing an odd behavior. On initial run of chef-client, the
file isn't correct, it's missing the uuid of the device. However, if I delete
the /etc/crypttab file and re-run chef-client, the /etc/crypttab is correctly
populated.

Here's what it looks like:

execute "add-to-crypttab-#{device[0]}-uuid" do
uuid = Mixlib::ShellOut.new("cryptsetup luksUUID #{device[0]}")
uuid.run_command
UUID = uuid.stdout.chomp
command "echo "#{phys}-luks UUID=#{UUID} /root/#{phys}-luks
luks" >> /etc/crypttab"
not_if "grep #{phys}-luks /etc/crypttab"
end

I'm trying to figure out why it's not correct on the initial run. Any ideas?
Is it possible to delay this so that it works as expected during the initial
run of the recipe.

Thanks,
Bob

This is a compile-time vs. converge-time issue. Some previous chef resource is doing something to the system which makes the result of "cryptsetup luksUUID #{device[0]}” have the result you expect. However, resources are only converged after all of your recipe code has been evaluated. The best way to work around this for now is to use lazy attribute evaluation, described here: Common Resource Functionality

--
Daniel DeLeo

Topic		Replies	Views
[RESOLVED] Differences in using sudo with test-kitchen vs chef-client Chef Infra (archive)	2	1230	August 8, 2017
File format change after cookbook upload Chef Infra (archive)	5	458	February 7, 2019
How to prevent chef from replacing my files Chef Infra (archive)	11	1092	October 7, 2016
Populating encrypted_data_bag_secret? Chef Infra (archive)	2	418	December 28, 2011
[SOLVED] Encrypted data bag in recipe key not found Chef Infra (archive)	2	1038	January 5, 2018

Related topics