Reputation: 2112
Chef recipe order execution
I have the following code:
include_recipe 'hashicorp-vault::default'
conn = Faraday.new(:url => 'http://127.0.0.1:8200')
res = conn.put do |req|
req.url '/v1/sys/init'
req.body = '{"secret_shares": 1, "secret_threshold": 1}'
end
The problem is that chef ignores include_recipe 'hashicorp-vault::default' and executes first the other code, so it crashes because vault is not installed.
How can I force to execute hashicorp-vault::default in first place?
Upvotes: 0
Views: 97
Answers (1)
Reputation: 15784
You need to move your code to converge time so the resources defined in the vault recipe have been converged and not just defined:
include_recipe 'hashicorp-vault::default'
ruby_block 'get secret' do
block do
conn = Faraday.new(:url => 'http://127.0.0.1:8200')
node.run_state['res'] = conn.put do |req|
req.url '/v1/sys/init'
req.body = '{"secret_shares": 1, "secret_threshold": 1}'
end
end
end
And in the rest of the recipe (or other later recipes) where you want to get this secret use node.run_state['rest'] this specific hash is not saved as part of the node object and as such will not leak the secret into the chef-server.
This behavior is due to the way chef compile recipes and then converge the resources within it, you can find more details on coderanger's blog
Upvotes: 2
Related Questions
- In what order is a Chef cookbook executed
- How to Change Chef Execution Order?
- Enforce order of execution in chef recipes
- Why last command in chef recipe executing first?
- Chef execute block
- sequence of execution in Chef
- Chef scripts, execute resource and execution order
- Chef recipe execution order
- Chef does non sequential recipe execution
- how to order query execution with opscode chef and database cookbook