Accessing Chef Databag Items from within attributes

In Chef parlance, databags are global variables saved in JSON format and are stored and accessible on the Chef server. Given that these are indexed and can be searched up along with the fact that they can be encrypted make them ideal candidates to store secrets such as credentials/ssh keys.

Chef provides an easy way to search and fetch databag and databag items from within a recipe:

For ex to fetch a databag called admins, it’s as easy as:

admins = data_bag('admins')

And to fetch databag items:

admins.each do |login|
    admin = data_bag_item('admins', login)
    user_name = admin['id']
    ssh_keys = admin['ssh_keys']
    groups = admin['groups']
end

Unfortunately, the data_bag and data_bag_item helpers are not accessible from within attributes and it seems as of now, the working way is to use Chef::DataBagItem.load method like so:

credentials  = Chef::DataBagItem.load('admins','sathya')

Author

Sathyajith Bhat

Author, AWS Container Hero and DevOps Specialist.

Statutory warning: Decimals in your logrotate config can be bad for your server’s disk space

12 December 2016·Updated: 30 December 2021·308 words·2 mins

DevOps Chef Logrotate Ruby

Last night as I was about to head to sleep, Sensu started emailing me about disk space warnings on one of the backend servers. That’s strange, I thought. I had set up logrotate with appropriate limits to ensure the log file size is reasonable and rotation happens on a daily basis. Curious, I ssh’d into the server to investigate. Running a df -h indicated as expected the disk space in use was over 70% (which is the trigger for sensu to send a notification) and the log files had grown way over expected size.

Chef Zero, Cookbooks and Data Bags locations

31 October 2016·Updated: 2 January 2022·339 words·2 mins

DevOps Chef

I like chef-zero a lot. There’s so much overlap between chef’s products: chef-zero, chef-solo, chef-apply - yes, each have their own uses, but I digress. Chef-zero has been relatively pain-free for me - except when I tried to get it running - trying to figure out why it wasn’t fetching the cookbooks was so annoying! I went and RTFM couple of times, no dice. Then I decided to not skim read and read the entire thing.

Of nginx’s mid cut off responses and proxy buffers

13 March 2017·Updated: 2 January 2022·470 words·3 mins

DevOps Nginx

Among the services I look after, the biggest and high-profile - is the user facing website. The website is your bog-standard typical frontend(powered by Express/Angular) which fetches data via an API which is powered by the backend(built on Rails). Typical flow is that Express receives the request from the browser, makes a request to the backend which is then served using Rails API via nginx which acts as the reverse proxy.

Related