Merge pull request 'Move allowed node attrs to config file, apply automatically' (#634) from dev/allowed_node_attrs into master
Reviewed-on: #634
This commit was merged in pull request #634.
This commit is contained in:
+4
-2
@@ -28,5 +28,7 @@ knife[:automatic_attribute_whitelist] = %w[
|
|||||||
|
|
||||||
# Added to /etc/chef/client.rb on node bootstrap
|
# Added to /etc/chef/client.rb on node bootstrap
|
||||||
# https://docs.chef.io/attribute_persistence/
|
# https://docs.chef.io/attribute_persistence/
|
||||||
knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
|
# Source of truth: site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml
|
||||||
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
|
normal_attrs = YAML.load_file(File.expand_path("../site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml", __dir__))
|
||||||
|
knife[:normal_attribute_allowlist] = normal_attrs
|
||||||
|
knife[:allowed_normal_attributes] = normal_attrs
|
||||||
|
|||||||
@@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- knife_zero
|
||||||
|
- kosmos_kvm
|
||||||
|
- kosmos-ejabberd
|
||||||
|
- openresty
|
||||||
|
- vm_host
|
||||||
@@ -26,6 +26,33 @@
|
|||||||
|
|
||||||
include_recipe "apt"
|
include_recipe "apt"
|
||||||
|
|
||||||
|
cookbook_file "/etc/chef/chef_normal_attributes.yml" do
|
||||||
|
source "chef_normal_attributes.yml"
|
||||||
|
owner "root"
|
||||||
|
group "root"
|
||||||
|
mode "0644"
|
||||||
|
end
|
||||||
|
|
||||||
|
ruby_block "update allowed_normal_attributes in client.rb" do
|
||||||
|
block do
|
||||||
|
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
|
||||||
|
fe = Chef::Util::FileEdit.new("/etc/chef/client.rb")
|
||||||
|
fe.search_file_replace_line(
|
||||||
|
/^allowed_normal_attributes.*/,
|
||||||
|
"allowed_normal_attributes #{whitelist.inspect}"
|
||||||
|
)
|
||||||
|
fe.write_file
|
||||||
|
|
||||||
|
Chef::Config[:allowed_normal_attributes] = whitelist
|
||||||
|
Chef::Config[:normal_attribute_allowlist] = whitelist
|
||||||
|
end
|
||||||
|
not_if do
|
||||||
|
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
|
||||||
|
client_rb = ::File.read("/etc/chef/client.rb")
|
||||||
|
whitelist.all? { |attr| client_rb.include?(attr) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
directory "/etc/apt/keyrings" do
|
directory "/etc/apt/keyrings" do
|
||||||
mode "0755"
|
mode "0755"
|
||||||
action :create
|
action :create
|
||||||
|
|||||||
Reference in New Issue
Block a user