Menu
I'm using the opscode nginx cookbook for configuring the nginx server on my nodes. The nginx cookbook has some default attributes I'd like to override in my role ("web_server").
These are the attributes I'd like to override:
default['nginx']['version'] = "1.2.2" # in cookbooks/nginx/attributes/default.rb
default['nginx']['source']['prefix'] = "/opt/nginx-#{node['nginx']['version']}" # in cookbooks/nginx/attributes/source.rb
In my roles/web_server.rb file I have something like this:
name "web_server"
description "Setup a web server"
run_list "role[base]", "recipe[nginx]"
override_attributes 'nginx' => {
'install_method' => "source",
'version' => "1.2.3",
'source' => { "prefix" => "/opt/nginx", "checksum" => nil }
}
However, when running the chef-client the nginx recipe ignores my overrides and uses the default ones.
What am I doing wrong here?
Thanks!
591
Use the force_override attribute to ensure that an attribute defined in a cookbook (by an attribute file or by a recipe) takes precedence over an override attribute set by a role or an environment. An automatic attribute contains data that is identified by Ohai at the beginning of every chef-client run.
The sources of Chef attribute in Recipes (in cookbooks) We can specify the attribute at node level while running chef-client. Those attributes are referred to as node attributes. You must precede the attribute name with node. when you set an attribute directly in a recipe.
Roles in Chef are a logical way of grouping nodes. Typical cases are to have roles for web servers, database servers, and so on. One can set custom run list for all the nodes and override attribute value within roles.
According to the Chef Attribute Preference document, this should work:
name "web_server" description "Setup a web server" run_list "role[base]", "recipe[nginx]" default_attributes 'nginx' => { 'install_method' => "source", 'version' => "1.2.3", 'source' => { "prefix" => "/opt/nginx", "checksum" => nil } } You shouldn’t use override_attributes in roles. Once you start using overrides instead of defaults, you’ll quickly end up finding you’ve used the strongest possible override and have no further way to override it. Use default_overrides instead.
The precedence rules around attributes, using only the default level are actually pretty same:
require_two_factor_auth is forced to true with default_overrides in role[single_sign_on], even in QArequire_two_factor_auth is forced to true in production require_two_factor_auth is set to true in auth::two_factor require_two_factor_auth = false However, it’s extremely unusual for the same attribute to be set in all four of those places, though. If the correct value of the attribute really depends on the recipe and the role and and the environment, then usually the resulting value combines features of all three, and a different attribute is set at each level and combined in the recipe.
If this isn’t working, two possibilities are:
chef-client -o "recipe[nginx]" instead of chef-client -o role[web_server] or plain chef-client If that’s not the case, please provide more detail. I use this all the time and it’s always worked, and I’d be concerned if there were edge cases where this does not behave as documented.
163
The attribute precedence chart [1] shows that these four options rank above your role:
12. An override attribute located in an environment
13. A force_override attribute located in a cookbook attribute file
14. A force_override attribute located in a recipe
15. An automatic attribute identified by Ohai at the start of the chef-client run
If these don't appear to be the cause, then perhaps changing your formatting might help. I would write it like:
override_attributes(
nginx: {
install_method: 'source',
version: '1.2.3',
source: {
prefix: '/opt/nginx',
checksum: [ ],
},
}
)
[1] https://docs.chef.io/attributes.html#attribute-precedence
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
