301565b910
This moves the whitelist for nodes' "normal" attributes to a config file, which is loaded live during every run and applied in memory in case the node's local file hasn't been updated before the client run. Fixes allowed attributes being overwritten/removed in the node info JSON files.
35 lines
1.1 KiB
Ruby
35 lines
1.1 KiB
Ruby
current_dir = File.dirname(__FILE__)
|
|
|
|
cookbook_path ["#{current_dir}/../site-cookbooks", "#{current_dir}/../cookbooks"]
|
|
node_path "nodes"
|
|
role_path "roles"
|
|
environment_path "environments"
|
|
data_bag_path "data_bags"
|
|
encrypted_data_bag_secret "#{current_dir}/encrypted_data_bag_secret"
|
|
local_mode true # Chef local mode, replacing Solo
|
|
|
|
# Knife-Zero config, see https://knife-zero.github.io/40_configuration/
|
|
# Prevent attributes from being saved to the node files
|
|
knife[:automatic_attribute_whitelist] = %w[
|
|
fqdn
|
|
os
|
|
os_version
|
|
hostname
|
|
ipaddress
|
|
roles
|
|
recipes
|
|
ipaddress
|
|
platform
|
|
platform_version
|
|
cloud
|
|
cloud_v2
|
|
chef_packages
|
|
]
|
|
|
|
# Added to /etc/chef/client.rb on node bootstrap
|
|
# https://docs.chef.io/attribute_persistence/
|
|
# Source of truth: site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml
|
|
normal_attrs = YAML.load_file(File.expand_path("../site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml", __dir__))
|
|
knife[:normal_attribute_allowlist] = normal_attrs
|
|
knife[:allowed_normal_attributes] = normal_attrs
|