Skip to main content

Attribute Persistence

All attributes, except for normal attributes, are reset at the beginning of a Chef Infra Client run. Attributes set using chef-client -j with a JSON file have normal precedence and are persisted between Chef Infra Client runs. Chef Infra Client rebuilds these attributes using automatic attributes collected by Ohai at the beginning of each Chef Infra Client run, and then uses default and override attributes that are specified in cookbooks, roles, environments, and Policyfiles. All attributes are then merged and applied to the node according to attribute precedence. The attributes that were applied to the node are saved to the Chef Infra Server as part of the node object at the conclusion of each Chef Infra Client run.

Limiting Attribute Persistence

Some organizations find it helpful to control attribute data stored by the Chef Infra Server, whether to limit the disk and CPU resources used when processing unused attributes, or to keep secrets like API keys from being submitted to the server. For example, your organization may find the data from the Ohai Package plugin useful when writing cookbooks, but don’t see the need in saving ~100kB of package information for each Chef Infra Client run. Attribute data will still be available on the node within cookbooks, but any information you limit won’t be saved to the Chef Infra Server for use in searches.

You can block or allow the saving of specific key using the client.rb file. Each setting is an array of keys specifying each attribute to be filtered out or allowed. Use a “/” to separate subkeys, for example network/interfaces.

For attributes containing slashes (/) within the attribute value, such as the filesystem attribute, use a nested array. For example:

blocked_automatic_attributes [['filesystem', '/dev/diskos2']]

Note

In Chef Infra Client 16.3, the node Blacklist and Whitelist features were deprecated and renamed to Blocklist and Allowlist. In Chef Infra Client 18.4.12 these features became EOL. For backwards compatibility, the old configuration values will continue to work through Chef Infra Client 17.x

See each section below for the appropriate legacy configuration values if you are running legacy clients in your organization.

Legacy attribute config mapping:

  • automatic_attribute_blacklist -> blocked_automatic_attributes
  • default_attribute_blacklist -> blocked_default_attributes
  • normal_attribute_blacklist -> blocked_normal_attributes
  • override_attribute_blacklist -> blocked_override_attributes
  • automatic_attribute_whitelist -> allowed_automatic_attributes
  • default_attribute_whitelist -> allowed_default_attributes
  • normal_attribute_whitelist -> allowed_normal_attributes
  • override_attribute_whitelist -> allowed_override_attributes

Attribute Blocklist

Warning

When attribute blocklist settings are used, any attribute defined in a blocklist will not be saved to the Chef Infra Server and any attribute that is not defined in a blocklist will be saved. Each attribute type must be blocklisted independently of the other attribute types. For example, if blocked_automatic_attributes defines attributes that will not be saved, but blocked_normal_attributes, blocked_default_attributes, and blocked_override_attributes are not defined, then all normal attributes, default attributes, and override attributes will be saved, as well as the automatic attributes that were not specifically excluded through blocklisting.

Attributes are blocklisted by attribute type, with each attribute type being blocklisted independently in the client.rb file.

The four attribute types are:

  • automatic
  • default
  • normal
  • override

The blocklist settings are:

blocked_automatic_attributes

An array that blocklists automatic attributes, preventing blocklisted attributes from being saved. For example: ['packages'].

Default value: nil, all attributes are saved.

If the array is empty, all attributes are saved.

blocked_default_attributes

An array that blocklists default attributes, preventing blocklisted attributes from being saved. For example: ['filesystem/dev/disk0s2/size'].

Default value: nil, all attributes are saved.

If the array is empty, all attributes are saved.

blocked_normal_attributes

An array that blocklists normal attributes, preventing blocklisted attributes from being saved. For example: ['filesystem/dev/disk0s2/size'].

Default value: nil, all attributes are saved.

If the array is empty, all attributes are saved.

blocked_override_attributes

An array that blocklists override attributes, preventing blocklisted attributes from being saved. For example: ['map - autohome/size'].

Default value: nil, all attributes are saved.

If the array is empty, all attributes are saved.

Blocklisting Ohai (automatic) attributes

Use blocked_automatic_attributes to block attributes populated by Ohai’s system information gathering.

Ohai gathers a large number of attributes that can consume a significant amount of storage space on the Chef Infra Server. Many of these attributes may be considered highly valuable, while others could be blocklisted without any impact to data available in search. Normal, default, and override attributes are typically much more important attributes used within cookbooks and are more likely to cause issues if they’re blocklisted incorrectly.

Example

The following shows an example of automatic attribute data.

{
  "filesystem" => {
    "/dev/disk0s2" => {
      "size" => "10mb"
    },
    "map - autohome" => {
      "size" => "10mb"
    }
  },
  "network" => {
    "interfaces" => {
      "eth0" => {...},
      "eth1" => {...},
    }
  }
}

To blocklist the filesystem attributes and allow Infra Client to save the other attributes, update the client.rb.

blocked_automatic_attributes ['filesystem']

This blocklist blocks Chef Infra Client from saving the filesystem and map - autohome attributes, but saves the network attributes.

Attribute Allowlist

Warning

When attribute allowlist settings are used, only the attributes defined in a allowlist will be saved and any attribute that is not defined in a allowlist will not be saved. Each attribute type is allowlisted independently of the other attribute types. For example, if automatic_attribute_allowlist defines attributes to be saved, but normal_attribute_allowlist, default_attribute_allowlist, and override_attribute_allowlist are not defined, then all normal attributes, default attributes, and override attributes are saved, as well as the automatic attributes that were specifically included through allowlisting.

Attributes are allowlisted by attribute type, with each attribute type being allowlisted independently in the client.rb file.

The four attribute types are:

  • automatic
  • default
  • normal
  • override

The allowlist settings are:

allowed_automatic_attributes

An array that allows saving specific automatic attributes. For example: ['network/interfaces/eth0'].

Default value: nil, all attributes are saved.

If the array is empty, no attributes are saved.

allowed_default_attributes

An array that allows saving specific default attributes. For example: ['filesystem/dev/disk0s2/size'].

Default value: nil, all attributes are saved.

If the array is empty, no attributes are saved.

allowed_normal_attributes

An array that allows saving specific normal attributes. For example: ['filesystem/dev/disk0s2/size'].

Default value: nil, all attributes are saved.

If the array is empty, no attributes are saved.

allowed_override_attributes

An array that allows specific override attributes, preventing blocklisted attributes from being saved. For example: ['map - autohome/size'].

Default value: nil, all attributes are saved.

If the array is empty, no attributes are saved.

Edit this page on GitHub

Thank you for your feedback!

×









Search Results