Attribute Sources
Chef Infra Client evaluates attributes in the order that they are defined in the run-list, including any attributes that are in the run-list as cookbook dependencies.
Attributes are provided to Chef Infra Client from the following locations:
- JSON files passed using the
chef-client -j
- Nodes (collected by Ohai at the start of each Chef Infra Client run)
- Attribute files (in cookbooks)
- Recipes (in cookbooks)
- Environments
- Roles
- Policyfiles
Notes:
- Many attributes are maintained in the chef-repo for Policyfiles, environments, roles, and cookbooks (attribute files and recipes)
- Many attributes are collected by Ohai on each individual node at the start of every Chef Infra Client run
- The attributes that are maintained in the chef-repo are uploaded to the Chef Infra Server from the workstation, periodically
- Chef Infra Client will pull down the node object from the Chef Infra
Server and then reset all the attributes except
normal
. The node object will contain the attribute data from the previous Chef Infra Client run including attributes set with JSON files using-j
. - Chef Infra Client will update the cookbooks on the node (if required), which updates the attributes contained in attribute files and recipes
- Chef Infra Client will update the role and environment data (if required)
- Chef Infra Client will rebuild the attribute list and apply attribute precedence while configuring the node
- Chef Infra Client pushes the node object to the Chef Infra Server at the end of a Chef Infra Client run; the updated node object on the Chef Infra Server is then indexed for search and is stored until the next Chef Infra Client run
Automatic Attributes (Ohai)
An automatic attribute is a specific detail about a node, such as an IP address, a host name, a list of loaded kernel modules, and so on. Automatic attributes are detected by Ohai and are then used by Chef Infra Client to ensure that they are handled properly during every Chef Infra Client run. The most commonly accessed automatic attributes are:
Attribute | Description |
---|---|
node['platform'] | The platform on which a node is running. This attribute helps determine which providers will be used. |
node['platform_family'] | The platform family is a Chef Infra specific grouping of similar platforms where cookbook code can often be shared. For example, `rhel` includes Red Hat Linux, Oracle Linux, CentOS, and several other platforms that are almost identical to Red Hat Linux. |
node['platform_version'] | The version of the platform. This attribute helps determine which providers will be used. |
node['ipaddress'] | The IP address for a node. If the node has a default route, this is the IPV4 address for the interface. If the node does not have a default route, the value for this attribute should be nil . The IP address for default route is the recommended default value. |
node['macaddress'] | The MAC address for a node, determined by the same interface that detects the node['ipaddress'] . |
node['fqdn'] | The fully qualified domain name for a node. This is used as the name of a node unless otherwise set. |
node['hostname'] | The host name for the node. |
node['domain'] | The domain for the node. |
node['recipes'] | A list of recipes associated with a node (and part of that node's run-list). |
node['roles'] | A list of roles associated with a node (and part of that node's run-list). |
node['ohai_time'] | The time at which Ohai was last run. This attribute is not commonly used in recipes, but it is saved to the Chef Infra Server and can be accessed using the knife status subcommand. |
Ohai collects a list of automatic attributes at the start of each Chef
Infra Client run. This list will vary from organization to organization,
by server type, and by the platform that runs those servers. All the
attributes collected by Ohai are unmodifiable by Chef Infra Client. Run
the ohai
command on a system to see which automatic attributes Ohai
has collected for a particular node.
Attribute Files
An attribute file is located in the attributes/
sub-directory for a
cookbook. When a cookbook is run against a node, the attributes
contained in all attribute files are evaluated in the context of the
node object. Node methods (when present) are used to set attribute
values on a node. For example, the apache2
cookbook contains an
attribute file called default.rb
, which contains the following
attributes:
default['apache']['dir'] = '/etc/apache2'
default['apache']['listen_ports'] = [ '80','443' ]
The use of the node object (node
) is implicit in the previous example;
the following example defines the node object itself as part of the
attribute:
node.default['apache']['dir'] = '/etc/apache2'
node.default['apache']['listen_ports'] = [ '80','443' ]
Another (much less common) approach is to set a value only if an
attribute has no value. This can be done by using the _unless
variants
of the attribute priority methods:
default_unless
normal_unless
Use the _unless
variants carefully (and only when necessary) because
when they are used, attributes applied to nodes may become out of sync
with the values in the cookbooks as these cookbooks are updated. This
approach can create situations where two otherwise identical nodes end
up having slightly different configurations and can also be a challenge
to debug.
File Methods
Use the following methods within the attributes file for a cookbook or within a recipe. These methods correspond to the attribute type of the same name:
override
default
normal
_unless
attribute?
A useful method that is related to attributes is the attribute?
method. This method will check for the existence of an attribute, so
that processing can be done in an attributes file or recipe, but only if
a specific attribute exists.
Using attribute?()
in an attributes file:
if attribute?('ec2')
# ... set stuff related to EC2
end
Using attribute?()
in a recipe:
if node.attribute?('ec2')
# ... do stuff on EC2 nodes
end
Attributes from Recipes
A recipe is the most fundamental configuration element within the organization. A recipe:
- Is authored using Ruby, which is a programming language designed to read and behave in a predictable manner
- Is mostly a collection of resources, defined using patterns (resource names, attribute-value pairs, and actions); helper code is added around this using Ruby, when needed
- Must define everything that is required to configure part of a system
- Must be stored in a cookbook
- May be included in another recipe
- May use the results of a search query and read the contents of a data bag (including an encrypted data bag)
- May have a dependency on one (or more) recipes
- Must be added to a run-list before it can be used by Chef Infra Client
- Is always executed in the same order as listed in a run-list
An attribute can be defined in a cookbook (or a recipe) and then used to
override the default settings on a node. When a cookbook is loaded
during a Chef Infra Client run, these attributes are compared to the
attributes that are already present on the node. Attributes that are
defined in attribute files are first loaded according to cookbook order.
For each cookbook, attributes in the default.rb
file are loaded first,
and then additional attribute files (if present) are loaded in lexical
sort order. When the cookbook attributes take precedence over the
default attributes, Chef Infra Client applies those new settings and
values during a Chef Infra Client run on the node.
Attributes from Roles
A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a Chef Infra Client runs, it merges its own attributes and run-lists with those contained within each assigned role.
An attribute can be defined in a role and then used to override the default settings on a node. When a role is applied during a Chef Infra Client run, these attributes are compared to the attributes that are already present on the node. When the role attributes take precedence over the default attributes, Chef Infra Client applies those new settings and values during a Chef Infra Client run.
A role attribute can only be set to be a default attribute or an
override attribute. A role attribute cannot be set to be a normal
attribute. Use the default_attribute
and override_attribute
methods
in the .rb
attributes file or the default_attributes
and
override_attributes
hashes in a JSON data file.
Attributes from Environments
An environment is a way to map an organization’s real-life workflow to what can be configured and managed when using Chef Infra. This mapping is accomplished by setting attributes and pinning cookbooks at the environment level. With environments, you can change cookbook configurations depending on the system’s designation. For example, by designating different staging and production environments, you can then define the correct URL of a database server for each environment. Environments also allow organizations to move new cookbook releases from staging to production with confidence by stepping releases through testing environments before entering production.
Attributes can be defined in an environment and then used to override the default attributes in a cookbook. When an environment is applied during a Chef Infra Client run, environment attributes are compared to the attributes that are already present on the node. When the environment attributes take precedence over the default attributes, Chef Infra Client applies those new settings and values during a Chef Infra Client run.
Environment attributes can be set to either default
attribute level or
an override
attribute level.