LoginSignup
20

More than 5 years have passed since last update.

Knife-Zeroで管理するnodeオブジェクトを任意のattributesに限定する

Last updated at Posted at 2015-06-15

Chef-ClientにはWhitelist Attributesという機能があって、Ohaiが収集した(Automatic)Attributesから、任意のAttributeのみ保存対象することができます。

使い方はclient.rbに書けばOK。

Knife Zero Bootstrap で普通にnodeオブジェクトを作成するとでかい

適当なAmazon EC2インスタンスにbootstrapを仕掛けてみます。

$ knife zero bootstrap 52.69.40.215 -x ec2-user -i ~/.ssh/privatekey --hint ec2 -N test-server
Doing old-style registration with the validation key at ...
Delete your validation key in order to use your user credentials instead

Connecting to 52.69.40.215
52.69.40.215 -----> Installing Chef Omnibus (-v 12)
52.69.40.215 downloading https://www.opscode.com/chef/install.sh
52.69.40.215   to file /tmp/install.sh.2281/install.sh
52.69.40.215 trying wget...
52.69.40.215 Downloading Chef 12 for el...
52.69.40.215 downloading https://www.opscode.com/chef/metadata?v=12&prerelease=false&nightlies=false&p=el&pv=6&m=x86_64
52.69.40.215   to file /tmp/install.sh.2286/metadata.txt
52.69.40.215 trying wget...
52.69.40.215 url    https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-12.3.0-1.el6.x86_64.rpm
52.69.40.215 md5    c19fefcb3d033107e9fbdb3839312584
52.69.40.215 sha256 4b7c846a9ad93564cc203a5ac99890431f7d6ad159c424aa89827fd772c9881d
52.69.40.215 downloaded metadata file looks valid...
52.69.40.215 downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-12.3.0-1.el6.x86_64.rpm
52.69.40.215   to file /tmp/install.sh.2286/chef-12.3.0-1.el6.x86_64.rpm
52.69.40.215 trying wget...
52.69.40.215 Comparing checksum with sha256sum...
52.69.40.215 Installing Chef 12
52.69.40.215 installing with rpm...
52.69.40.215 warning: /tmp/install.sh.2286/chef-12.3.0-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
52.69.40.215 Preparing...                          ################################# [100%]
52.69.40.215 Updating / installing...
52.69.40.215    1:chef-12.3.0-1.el6                ################################# [100%]
52.69.40.215 Thank you for installing Chef!
52.69.40.215 Starting first Chef Client run...
52.69.40.215 Starting Chef Client, version 12.3.0
52.69.40.215 Creating a new client identity for test-server using the validator key.
52.69.40.215 resolving cookbooks for run list: []
52.69.40.215 Synchronizing Cookbooks:
52.69.40.215 Compiling Cookbooks...
52.69.40.215 [2015-06-15T08:00:47+00:00] WARN: Node test-server has an empty run list.
52.69.40.215 Converging 0 resources
52.69.40.215 
52.69.40.215 Running handlers:
52.69.40.215 Running handlers complete
52.69.40.215 Chef Client finished, 0/0 resources updated in 2.739626435 seconds

Whitelistなしで採集したNodeオブジェクトのキーを確認

無策でやるとタップリとれました。固定的な値と状況による値が混在しているので、例えばnodeオブジェクトもgitの管理対象にしたいなーというケースで特に面倒です。

$ knife exec -E "puts nodes.all.first.keys"
tags
filesystem
network
counters
ipaddress
macaddress
ip6address
memory
kernel
lsb
os
os_version
platform
platform_version
platform_family
uptime_seconds
uptime
idletime_seconds
idletime
cpu
virtualization
root_group
block_device
ec2
cloud
ohai_time
languages
command
chef_packages
etc
current_user
init_package
keys
cloud_v2
dmi
hostname
machinename
domain
recipes
roles

Knife Zero Bootstrap でWhitelistを指定する。

Chefに元々ある機能ということで、knife-zeroのv1.7でBootstrap時にWhitelistも使うように機能を追加しました。

たとえばknife.rbにこの様に書いて、あらためてBootstrapしてみます。

knife.rb
knife[:automatic_attribute_whitelist] = [
  "fqdn/",
  "os/",
  "os_version/",
  "hostname",
  "ipaddress/",
  "roles/",
  "recipes/",
  "ipaddress/",
  "platform/",
  "platform_version/",
  "platform_version/",
  "cloud/",
  "cloud_v2/",
  "ec2/ami_id/",
  "ec2/instance_id/",
  "ec2/instance_type/",
  "ec2/placement_availability_zone/",
  "chef_packages/"
]

Bootstrapされたインスタンスの/etc/chef/client.rbには、automatic_attribute_whitelistが追加されました。

/etc/chef/client.rb
log_location     STDOUT
chef_server_url  "chefzero://localhost:8889"
validation_client_name "chef-validator"
node_name "test-server"
ssl_verify_mode :none
automatic_attribute_whitelist ["fqdn/", "os/", "os_version/", "hostname", "ipaddress/", "roles/", "recipes/", "ipaddress/", "platform/", "platform_version/", "platform_version/", "cloud/", "cloud_v2/", "ec2/ami_id/", "ec2/instance_id/", "ec2/instance_type/", "ec2/placement_availability_zone/", "chef_packages/"]

Whitelistを指定したNodeオブジェクトの様子

ローカルのnode.json(nodes/test-server.json)にあるキーはこれだけになりました。

$ knife exec -E "puts nodes.all.first.keys"
tags
os
os_version
hostname
ipaddress
roles
recipes
platform
platform_version
cloud
cloud_v2
ec2
chef_packages

Vimで直接開いても画面に収まるくらいですね。

nodes/test-server.json
{
  "name": "test-server",
  "normal": {
    "tags": [

    ]
  },
  "automatic": {
    "os": "linux",
    "os_version": "3.14.35-28.38.amzn1.x86_64",
    "hostname": "test-server",
    "ipaddress": "10.0.1.122",
    "roles": [

    ],
    "recipes": [

    ],
    "platform": "amazon",
    "platform_version": "2015.03",
    "cloud": {
      "public_ips": [
        "52.69.40.215"
      ],
      "private_ips": [
        "10.0.1.122"
      ],
      "public_ipv4": "52.69.40.215",
      "public_hostname": "",
      "local_ipv4": "10.0.1.122",
      "local_hostname": "test-server.ap-northeast-1.compute.internal",
      "provider": "ec2"
    },
    "cloud_v2": {
      "public_ipv4_addrs": [
        "52.69.40.215"
      ],
      "local_ipv4_addrs": [
        "10.0.1.122"
      ],
      "provider": "ec2",
      "public_hostname": "",
      "local_hostname": "test-server.ap-northeast-1.compute.internal",
      "public_ipv4": "52.69.40.215",
      "local_ipv4": "10.0.1.122"
    },
    "ec2": {
      "ami_id": "ami-cbf90ecb",
      "instance_id": "i-0ef561fb",
      "instance_type": "t2.micro",
      "placement_availability_zone": "ap-northeast-1c"
    },
    "chef_packages": {
      "chef": {
        "version": "12.3.0",
        "chef_root": "/opt/chef/embedded/apps/chef/lib"
      },
      "ohai": {
        "version": "8.3.0",
        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.1.0/gems/ohai-8.3.0/lib/ohai"
      }
    }
  }
}

これならあまりじゃんじゃんと変更はされません。

もうBootstrapしちゃったホストのclient.rbだけを更新して、Whitelist対応したい?

あら古いknife-zeroでBootstrapしちゃったわよ。という環境は、--no-convergeでbootstrapするやり方が用意されています。

--[no-]converge              Bootstrap without Chef-Client Run.(for only update client.rb)

通常のBootstrapは一度Chef-Clientが走るため、再度実行する際には気を使いましたが、--no-convergeオプションで実行しないという選択肢を追加。

$ knife zero bootstrap 52.69.40.215 -x ec2-user -i ~/.ssh/private_key --hint ec2 -N test-server --no-converge
Doing old-style registration with the validation key at ...
Delete your validation key in order to use your user credentials instead

Connecting to 52.69.40.215
52.69.40.215 -----> Existing Chef installation detected
52.69.40.215 Starting first Chef Client run...
52.69.40.215 Execution of Chef-Client has been canceled due to bootstrap_converge is false. <= Chef-Client実行をとりやめて終了

client.rbが書き換わったので、zero converge(chef_client)を実行すればスッキリNodeになります。

$ knife zero converge name:test-server -x ec2-user -i ~/.ssh/private_key -a cloud_v2.public_ipv4 
52.69.40.215 Starting Chef Client, version 12.3.0
52.69.40.215 resolving cookbooks for run list: []
52.69.40.215 Synchronizing Cookbooks:
52.69.40.215 Compiling Cookbooks...
52.69.40.215 [2015-06-15T08:27:08+00:00] WARN: Node test-server has an empty run list.
52.69.40.215 Converging 0 resources
52.69.40.215 [2015-06-15T08:27:08+00:00] WARN: Could not find whitelist attribute fqdn/.
52.69.40.215 
52.69.40.215 Running handlers:
52.69.40.215 Running handlers complete
52.69.40.215 Chef Client finished, 0/0 resources updated in 1.669752105 seconds

--[no-]convergeのフラグはknife[:bootstrap_converge]としてknife.rbでも指定OK、CLIオプション優先です。

knife[:bootstrap_converge] = true/false

ちなみに初回のBootstrapで--no-convergeしちゃうと、そもそもnodeオブジェクトができないため、その後convergeができません。やり直しです。


Twitterで拾った意見と、Github Issueに突貫してきたどこか異国の兄さん達のフィードバックが反映されました。

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
20