how to pass ohai hints through chef knife bootstrap command

2
votes

I need to disable the passwd plugin in my chef-client environment to avoid a FATAL error due to the large number of users.

The way I did for the local client is to add the following line to the client.rb file:

ohai[:disabled_plugins] = ["passwd"]

When bootstrapping a managed node, I would like to have the same done through the knife bootstrap command to the managed node. From the knife doc, here is the syntax:

--hint HINT_NAME[=HINT_FILE]

An Ohai hint to be set on the target of the bootstrap. The hint is contained in a file and is formatted as JSON: {"attribute":"value","attribute":"value"...}. HINT_NAME is the name of the hint and HINT_FILE is the name of the hint file located at

/etc/chef/ohai/hints/HINT_FILE.json

Use multiple --hint options in the command to specify multiple hints.

This is what I did:

On the chef workstation, under /etc/chef/ohai/hints/HINT_FIILE.jason, it has the following content:

{disabled_plugins:["passwd"]}

Here is the knife bootstrap command:

knife bootstrap [managed_node_name] --hint disabled_plugins -sudo -x user -P [password] -N "test_node"

When the command is completed, on the managed_node, a new file is created: /etc/chef/ohai/hints/disabled_plugins.json, with the following content:

{}

This doesn't seem right...

Any idea what I did wrong?

3
chef-infraknife

3 Answers

1
votes

Let's suppose you have in your workstation (the one where you run knife) a file /home/user/test.json containing the following information

{ "foo": "bar" }

On the node (the server which will perform a chef-run) you'll find the file in /etc/chef/ohai/hints/foo.json using the following syntax:

$ knife bootstrap --hint foo=/home/user/test.json

This time /etc/chef/ohai/hints/foo.json on the node will contain

{ "foo": "bar" }
0
votes

I don't think that the --hint option works the way you think, or is implied by the manual page. It doesn't appear to read from the /etc/chef/ohai/hints directory on the Chef workstation, rather from the filename you specify to the --hint option.

This should work:

$ cat > myhint.json << EOF
{disabled_plugins:["passwd"]}
EOF
$ knife bootstrap --hint=myhint.json blah blah
0
votes

So I had the same issue and could not get hints to work properly as it doesn't seem to work in this particular way + lack of documenation samples.

In the end I just opted to edit the chef-full.erb which is the bootstrap default template use to generate the client.rb

To get the right file run this:

$ gem contents chef | grep bootstrap | grep full
/home/henryt/.rvm/gems/ruby-1.9.3-p547/gems/chef-11.16.4/lib/chef/knife/bootstrap/chef-full.erb

Then vim that chef-full.erb file and add ohai :disabled_plugins line inside the client.rb here document (cat > /etc/chef/client.rb <<'EOP')

Ohai::Config[:disabled_plugins] = [:Passwd]

My patch file:

--- ~me/.rvm/gems/ruby-1.9.3-p547/gems/chef-11.16.4/lib/chef/knife/bootstrap/chef-full.erb.orig
   2016-07-22 00:53:33.689961205 -0700
+++ ~me/.rvm/gems/ruby-1.9.3-p547/gems/chef-11.16.4/lib/chef/knife/bootstrap/chef-full.erb
2016-07-22 00:44:21.253493396 -0700
@@ -64,6 +64,7 @@

cat > /etc/chef/client.rb <<'EOP'
<%= config_content %>
+Ohai::Config[:disabled_plugins] = [:Passwd]
EOP

cat > /etc/chef/first-boot.json <<'EOP'

Now every time I bootstrap a machine the client.rb gets generated with that ohai :disabled_plugins line and I don't have to have a custom client.rb file.