2

Due to the fact that i have a large volume of users and groups present on my chef nodes, running chef-client sends all that information to the chef server, causing performance issues.

I can whitelist attributes easily by adding something like this on client.rb :automatic_attribute_whitelist ["etc/group"]

Is there any way to blacklist a specific set of attributes from being sent to the Chef server?

georgthebub
  • 407
  • 6
  • 18
  • https://github.com/opscode-cookbooks/whitelist-node-attrs – sethvargo Aug 26 '14 at 15:36
  • What type of attributes? – sethvargo Aug 26 '14 at 15:36
  • I simply need to exclude the etc/group & etc/passwd node attributes that get sent during each node converge. Whitelisting implies that you specify which attributes you want to keep. It would be a lot simpler if I could simply exclude two attributes and not worry about the rest. – georgthebub Aug 26 '14 at 15:39
  • Why don't you just disable that particular Ohai plugin? http://stevendanna.github.io/blog/2013/04/13/passwd-min-ohai-plugin/ – sethvargo Aug 26 '14 at 16:20
  • That did the trick. Submit it as an answer so I can accept (although this is more of a work around and doesn't specify if chef actually supports blacklisted node attributes). – georgthebub Aug 27 '14 at 01:45

1 Answers1

2

All my comments, as an answer (plus an actual answer).

You can disable the Ohai plugin for passwd if you aren't using those attributes or are connected to an AD.

If you want the attributes available on the node object, but not persisted back to the server, you can do something like this in a cookbook:

class Chef
  class Node
    alias_method :old_save, :save

    def save
      self.default_attrs.delete(:key)
      self.normal_attrs.delete(:other_key)
      self.override_attrs.delete('...')
      self.automatic_attrs.delete('...')
      old_save
    end
  end
end

This would get rather annoying for long lists of attributes, so IRCCloud make a cookbook for it:

sethvargo
  • 26,739
  • 10
  • 86
  • 156