Chef overriding attributes from another recipe in same cookbook

Question

I have a cookbook with 2 recipes.

attributes/default.rb default['vpn']['crt'] = 'nocrt'

The default recipe has a file resource that creates a generic crt file

file 'cert' do
    path "/etc/vpn/#{node.default['network']['hostname']}.crt"
    owner 'root'
    group 'root'
    mode '0644'
    content node.default['vpn']['crt']
end

In the second recipe client.rb, I include the default recipe, load an encrypted data bag for that "client" and override the attribute. BUT it doesn't get overridden.

include_recipe 'my-cookbook'

vault = ChefVault::Item.load('auth', 'client')

node.override['vpn']['crt'] = vault['crt']

...

The file's content == 'nocrt'

According to Chef's Attribute Precedence, it should override with the content of vault['crt'].

UPDATE:

Javier Cortejoso: Your answer works when used in the file resource.

But consider this for example:

attributes/default.rb:

default['network']['hostname'] = 'generic-host-name'

In recipes/default.rb:

Chef::Log.info(node['network']['hostname'])
Chef::Log.info(node.default['network']['hostname'])
Chef::Log.info(node.override['network']['hostname'])

In recipes/client.rb:

node.override['network']['hostname'] = 'client-host-name'
include_recipe 'cookbook::default'

So even if even I change the order of execution to the client.rb recipe first, then default.rb after overriding, it still gives me the hostname 'generic-host-name':

==> default: [2015-03-04T17:30:43+00:00] INFO: generic-host-name
==> default: [2015-03-04T17:30:43+00:00] INFO: generic-host-name
==> default: [2015-03-04T17:30:43+00:00] INFO: {}

SOLUTION

I'm a ****in idiot. I had both of these in my Vagrant file:

chef.add_role "cookbook"
chef.add_recipe "cookbook::client"

Thanks Javier Cortejoso for pointing clarifying the lazy attribute loading for me.

Answer 1

IMO It seems that the attribute is overridden after the compilation file['cert']. It a "time" problem and not a "priority" problem. There are some points you may take care in order to get correct order of execution of your recipes:

• The order of execution should be running first the recipe where you override the attribute (client.rb), and later the recipe where you use the overridden attribute (default.rb).

• You can also use the lazy attribute evaluation for your attribute with the content.

So your default.rb should be:

    include_recipe 'my-cookbook::client'
    file 'cert' do
        path "/etc/vpn/#{node.default['network']['hostname']}.crt"
        owner 'root'
        group 'root'
        mode '0644'
        content lazy node.default['vpn']['crt']
    end