Merge pull request 'Move allowed node attrs to config file, apply automatically' (#634) from dev/allowed_node_attrs into master
Reviewed-on: #634
This commit was merged in pull request #634.
This commit is contained in:
+4
-2
@@ -28,5 +28,7 @@ knife[:automatic_attribute_whitelist] = %w[
|
||||
|
||||
# Added to /etc/chef/client.rb on node bootstrap
|
||||
# https://docs.chef.io/attribute_persistence/
|
||||
knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
|
||||
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
|
||||
# Source of truth: site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml
|
||||
normal_attrs = YAML.load_file(File.expand_path("../site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml", __dir__))
|
||||
knife[:normal_attribute_allowlist] = normal_attrs
|
||||
knife[:allowed_normal_attributes] = normal_attrs
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
- knife_zero
|
||||
- kosmos_kvm
|
||||
- kosmos-ejabberd
|
||||
- openresty
|
||||
- vm_host
|
||||
@@ -26,6 +26,33 @@
|
||||
|
||||
include_recipe "apt"
|
||||
|
||||
cookbook_file "/etc/chef/chef_normal_attributes.yml" do
|
||||
source "chef_normal_attributes.yml"
|
||||
owner "root"
|
||||
group "root"
|
||||
mode "0644"
|
||||
end
|
||||
|
||||
ruby_block "update allowed_normal_attributes in client.rb" do
|
||||
block do
|
||||
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
|
||||
fe = Chef::Util::FileEdit.new("/etc/chef/client.rb")
|
||||
fe.search_file_replace_line(
|
||||
/^allowed_normal_attributes.*/,
|
||||
"allowed_normal_attributes #{whitelist.inspect}"
|
||||
)
|
||||
fe.write_file
|
||||
|
||||
Chef::Config[:allowed_normal_attributes] = whitelist
|
||||
Chef::Config[:normal_attribute_allowlist] = whitelist
|
||||
end
|
||||
not_if do
|
||||
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
|
||||
client_rb = ::File.read("/etc/chef/client.rb")
|
||||
whitelist.all? { |attr| client_rb.include?(attr) }
|
||||
end
|
||||
end
|
||||
|
||||
directory "/etc/apt/keyrings" do
|
||||
mode "0755"
|
||||
action :create
|
||||
|
||||
Reference in New Issue
Block a user