search

tobami / littlechef

Cook with Chef without a Chef Server
Apache License 2.0
472 stars 70 forks source link

node attributes not being saved with 'ufw' cookbook #110

Open mipearson opened 12 years ago

mipearson commented 12 years ago

I'm unsure whether this is a 'bug' or my misunderstanding of how littlechef works.

I'm using the 'ufw' cookbook to manage firewall rules on a machine I'm provisioning with littlechef.

The cookbook's recipe contains this stanza:

old_state = node['firewall']['state']
new_state = node['firewall']['rules'].to_s
Chef::Log.debug "Old firewall state:#{old_state}"
Chef::Log.debug "New firewall state:#{new_state}"

#check to see if the firewall rules changed.
#the rules are always changed the first run
if old_state == new_state
  Chef::Log.info "Firewall rules unchanged."
else
  Chef::Log.info "Firewall rules updated."
  node['firewall']['state'] = new_state

  #drop rules and re-enable
  execute "ufw --force reset"

  # ... rest of recipe to add rules again ...

The problem I have is the firewall 'state' is never saved to the my node's .json, and therefore the firewall is reset every time this recipe is run.

Should the state be saved? If so, when/where in littlechef does this happen?

I'm assuming this cookbook works as advertised when run with knife/chef server.

tobami commented 12 years ago

You assumption is correct, though this cookbook's case is a bit confusing.

There are a couple of cookbooks that use node.save, at which point the current node attributes (well, everything) is saved. That only works with a Chef Server. For obvious reasons, Chef Solo cannot save the new info anywhere, so LittleChef by design cannot support that. It could be argued that it is a Chef anti-patern...

What I don't quite understand is why it is a problem in the ufw cookbook, because they don't call node.save in any of the recipes. Reassigning attribute values mid-cookbook should only affect the current run as long as they are not saved.

tobami commented 12 years ago

In any case I marked this issue as "enhancement". We can add a list of cookbooks that use node.save to the documentation so that users are aware of which cookbooks can break when using Chef Solo. A preliminary one:

$ grep -r "node.save" opscode-cookbooks ./wordpress/recipes/default.rb: node.save ./drbd/recipes/default.rb:node.save unless Chef::Config[:solo] ./database/recipes/master.rb: node.save ./zenoss/recipes/server.rb: node.save ./aws/providers/ebs_volume.rb: node.save unless Chef::Config[:solo] ./rsyslog/recipes/server.rb:node.save unless Chef::Config[:solo] ./ossec/recipes/server.rb:node.save ./ossec/recipes/client.rb:node.save ./sql_server/recipes/server.rb:node.save unless Chef::Config[:solo] ./postgresql/recipes/server.rb:node.save unless Chef::Config[:solo] ./mysql/recipes/server.rb