From eb29e4325f0d69d87ad5f13c66b5b040ee5f92d3 Mon Sep 17 00:00:00 2001 From: Lucas Moura Date: Wed, 20 May 2020 18:40:13 -0300 Subject: [PATCH 1/2] Add schema for cc_chef module --- cloudinit/config/cc_chef.py | 342 ++++++++++++++++---- tests/unittests/test_handler/test_schema.py | 3 +- 2 files changed, 277 insertions(+), 68 deletions(-) diff --git a/cloudinit/config/cc_chef.py b/cloudinit/config/cc_chef.py index f8c22bcbd34..c46c57a2ae8 100644 --- a/cloudinit/config/cc_chef.py +++ b/cloudinit/config/cc_chef.py @@ -6,81 +6,288 @@ # # This file is part of cloud-init. See LICENSE file for license information. -""" -Chef ----- -**Summary:** module that configures, starts and installs chef. - -This module enables chef to be installed (from packages or -from gems, or from omnibus). Before this occurs chef configurations are -written to disk (validation.pem, client.pem, firstboot.json, client.rb), -and needed chef folders/directories are created (/etc/chef and /var/log/chef -and so-on). Then once installing proceeds correctly if configured chef will -be started (in daemon mode or in non-daemon mode) and then once that has -finished (if ran in non-daemon mode this will be when chef finishes -converging, if ran in daemon mode then no further actions are possible since -chef will have forked into its own process) then a post run function can -run that can do finishing activities (such as removing the validation pem -file). - -**Internal name:** ``cc_chef`` - -**Module frequency:** per always - -**Supported distros:** all - -**Config keys**:: - - chef: - directories: (defaulting to /etc/chef, /var/log/chef, /var/lib/chef, - /var/cache/chef, /var/backups/chef, /var/run/chef) - validation_cert: (optional string to be written to file validation_key) - special value 'system' means set use existing file - validation_key: (optional the path for validation_cert. default - /etc/chef/validation.pem) - firstboot_path: (path to write run_list and initial_attributes keys that - should also be present in this configuration, defaults - to /etc/chef/firstboot.json) - exec: boolean to run or not run chef (defaults to false, unless - a gem installed is requested - where this will then default - to true) - - chef.rb template keys (if falsey, then will be skipped and not - written to /etc/chef/client.rb) - - chef: - chef_license: - client_key: - encrypted_data_bag_secret: - environment: - file_backup_path: - file_cache_path: - json_attribs: - log_level: - log_location: - node_name: - omnibus_url: - omnibus_url_retries: - omnibus_version: - pid_file: - server_url: - show_time: - ssl_verify_mode: - validation_cert: - validation_key: - validation_name: -""" +"""Chef: module that configures, starts and installs chef.""" import itertools import json import os +from textwrap import dedent from cloudinit import subp +from cloudinit.config.schema import ( + get_schema_doc, validate_cloudconfig_schema) from cloudinit import templater from cloudinit import temp_utils from cloudinit import url_helper from cloudinit import util +from cloudinit.settings import PER_ALWAYS + + +frequency = PER_ALWAYS +distros = ["all"] +schema = { + 'id': 'cc_chef', + 'name': 'Chef', + 'title': 'module that configures, starts and installs chef', + 'description': dedent("""\ + This module enables chef to be installed (from packages or + from gems, or from omnibus). Before this occurs chef configurations are + written to disk (validation.pem, client.pem, firstboot.json, + client.rb), and needed chef folders/directories are created + (/etc/chef and /var/log/chef and so-on). Then once installing proceeds + correctly if configured chef will be started (in daemon mode or in + non-daemon mode) and then once that has finished (if ran in non-daemon + mode this will be when chef finishes converging, if ran in daemon mode + then no further actions are possible since chef will have forked into + its own process) then a post run function can be executed, which + perform finishing activities (such as removing the validation pem + file)."""), + 'distros': distros, + 'examples': [dedent(""" + chef: + directories: + - /etc/chef + - /var/log/chef + validation_cert: system + install_type: omnibus + initial_attributes: + apache: + prefork: + maxclients: 100 + keepalive: off + run_list: + - recipe[apache2] + - role[db] + encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret + environment: _default + log_level: :auto + omnibus_url_retries: 2 + server_url: https://chef.yourorg.com:4000 + ssl_verify_mode: :verify_peer + validation_name: yourorg-validator""")], + 'frequency': frequency, + 'type': 'object', + 'properties': { + 'chef': { + 'type': 'object', + 'additionalProperties': False, + 'properties': { + 'directories': { + 'type': 'array', + 'items': { + 'type': 'string' + }, + 'uniqueItems': True, + 'description': dedent("""\ + Create the necessary directories for chef to run. By + default, it creates the following directories: + + - ``/etc/chef`` + - ``/var/log/chef`` + - ``/var/lib/chef`` + - ``/var/cache/chef`` + - ``/var/backups/chef`` + - ``/var/run/chef``""") + }, + 'validation_cert': { + 'type': 'string', + 'description': dedent("""\ + Optional string to be written to file validation_key. + Special value ``system`` means set use existing file. + """) + }, + 'validation_key': { + 'type': 'string', + 'default': '/etc/chef/validation.pem', + 'description': dedent("""\ + Optional path for validation_cert. default to + ``/etc/chef/validation.pem``.""") + }, + 'firstboot_path': { + 'type': 'string', + 'default': '/etc/chef/firstboot.json', + 'description': dedent("""\ + Path to write run_list and initial_attributes keys that + should also be present in this configuration, defaults + to ``/etc/chef/firstboot.json``.""") + }, + 'exec': { + 'type': 'boolean', + 'default': False, + 'description': dedent("""\ + define if we should run or not run chef (defaults to + false, unless a gem installed is requested where this + will then default to true).""") + }, + 'client_key': { + 'type': 'string', + 'default': '/etc/chef/client.pem', + 'description': dedent("""\ + Optional path for client_cert. default to + ``/etc/chef/client.pem``.""") + }, + 'encrypted_data_bag_secret': { + 'type': 'string', + 'default': None, + 'description': dedent("""\ + Specifies the location of the secret key used by chef + to encrypt data items. By default, this path is set + to None, meaning that chef will have to look at the + path ``/etc/chef/encrypted_data_bag_secret`` for it. + """) + }, + 'environment': { + 'type': 'string', + 'default': '_default', + 'description': dedent("""\ + Specifies which environment chef will use. By default, + it will use the ``_default`` configuration."""), + }, + 'file_backup_path': { + 'type': 'string', + 'default': '/var/backups/chef', + 'description': dedent("""\ + Specifies the location in which backup files are + stored. By default, it uses the + ``/var/backups/chef`` location.""") + }, + 'file_cache_path': { + 'type': 'string', + 'default': '/var/cache/chef', + 'description': dedent("""\ + Specifies the location in which chef cache files will + be saved. By default, it uses the ``/var/cache/chef`` + location.""") + }, + 'json_attribs': { + 'type': 'string', + 'default': '/etc/chef/firstboot.json', + 'description': dedent("""\ + Specifies the location in which some chef json data is + stored. By default, it uses the + ``/etc/chef/firstboot.json`` location.""") + }, + 'log_level': { + 'type': 'string', + 'default': ':info', + 'description': dedent("""\ + Defines the level of logging to be stored in the log + file. By default this value is set to ``:info``.""") + }, + 'log_location': { + 'type': 'string', + 'default': '/var/log/chef/client.log', + 'description': dedent("""\ + Specifies the location of the chef lof file. By + default, the location is specified at + ``/var/log/chef/client.log``.""") + }, + 'node_name': { + 'type': 'string', + 'description': dedent("""\ + The name of the node to run. By default, we will + use th instance id as the node name.""") + }, + 'omnibus_url': { + 'type': 'string', + 'default': 'https://www.chef.io/chef/install.sh', + 'description': dedent("""\ + Omnibus URL if chef should be installed through + Omnibus. By default, it uses the + ``https://www.chef.io/chef/install.sh``.""") + }, + 'omnibus_url_retries': { + 'type': 'integer', + 'default': 5, + 'description': dedent("""\ + The number of retries that will be attempted to reach + the Omnibus URL""") + }, + 'omnibus_version': { + 'type': 'string', + 'description': dedent("""\ + Optional version string to require for omnibus + install.""") + }, + 'pid_file': { + 'type': 'string', + 'default': '/var/run/chef/client.pid', + 'description': dedent("""\ + The location in which a process identification + number (pid) is saved. By default, it saves + in the ``/var/run/chef/client.pid`` location.""") + }, + 'server_url': { + 'type': 'string', + 'description': 'The URL for the chef server' + }, + 'show_time': { + 'type': 'boolean', + 'default': True, + 'description': 'Show time in chef logs' + }, + 'ssl_verify_mode': { + 'type': 'string', + 'default': ':verify_none', + 'description': dedent("""\ + Set the verify mode for HTTPS requests. We can have + two possible values for this parameter: + + - ``:verify_none``: No validation of SSL \ + certificates. + - ``:verify_peer``: Validate all SSL certificates. + + By default, the parameter is set as ``:verify_none``. + """) + }, + 'validation_name': { + 'type': 'string', + 'description': dedent("""\ + The name of the chef-validator key that Chef Infra + Client uses to access the Chef Infra Server during + the initial Chef Infra Client run.""") + }, + 'force_install': { + 'type': 'boolean', + 'default': False, + 'description': dedent("""\ + If set to ``True``, forces chef installation, even + if it is already installed.""") + }, + 'initial_attributes': { + 'type': 'object', + 'items': { + 'type': 'string' + }, + 'description': dedent("""\ + Specify a list of initial attributes used by the + cookbooks.""") + }, + 'install_type': { + 'type': 'string', + 'default': 'packages', + 'description': dedent("""\ + The type of installation for chef. It can be one of + the following values: + + - packages + - gems + - omnibus""") + }, + 'run_list': { + 'type': 'array', + 'items': { + 'type': 'string' + }, + 'description': 'A run list for a first boot json.' + } + } + } + } +} + +__doc__ = get_schema_doc(schema) + RUBY_VERSION_DEFAULT = "1.8" @@ -125,7 +332,6 @@ 'client_key', 'file_cache_path', 'json_attribs', - 'file_cache_path', 'pid_file', 'encrypted_data_bag_secret', 'chef_license', @@ -192,6 +398,8 @@ def handle(name, cfg, cloud, log, _args): log.debug(("Skipping module named %s," " no 'chef' key in configuration"), name) return + + validate_cloudconfig_schema(cfg, schema) chef_cfg = cfg['chef'] # Ensure the chef directories we use exist @@ -219,7 +427,7 @@ def handle(name, cfg, cloud, log, _args): iid = str(cloud.datasource.get_instance_id()) params = get_template_params(iid, chef_cfg, log) # Do a best effort attempt to ensure that the template values that - # are associated with paths have there parent directory created + # are associated with paths have their parent directory created # before they are used by the chef-client itself. param_paths = set() for (k, v) in params.items(): diff --git a/tests/unittests/test_handler/test_schema.py b/tests/unittests/test_handler/test_schema.py index e19d13b8d6a..99f0b06cd56 100644 --- a/tests/unittests/test_handler/test_schema.py +++ b/tests/unittests/test_handler/test_schema.py @@ -34,7 +34,8 @@ def test_get_schema_coalesces_known_schema(self): 'cc_ubuntu_advantage', 'cc_ubuntu_drivers', 'cc_write_files', - 'cc_zypper_add_repo' + 'cc_zypper_add_repo', + 'cc_chef' ], [subschema['id'] for subschema in schema['allOf']]) self.assertEqual('cloud-config-schema', schema['id']) From 0186b90b4d9171e895898664e743c0c85084c903 Mon Sep 17 00:00:00 2001 From: Lucas Moura Date: Thu, 25 Jun 2020 17:52:45 -0300 Subject: [PATCH 2/2] Update chef schema --- cloudinit/config/cc_chef.py | 233 +++++++++++++++++++----------------- 1 file changed, 121 insertions(+), 112 deletions(-) diff --git a/cloudinit/config/cc_chef.py b/cloudinit/config/cc_chef.py index c46c57a2ae8..aaf7136629c 100644 --- a/cloudinit/config/cc_chef.py +++ b/cloudinit/config/cc_chef.py @@ -23,6 +23,70 @@ from cloudinit.settings import PER_ALWAYS +RUBY_VERSION_DEFAULT = "1.8" + +CHEF_DIRS = tuple([ + '/etc/chef', + '/var/log/chef', + '/var/lib/chef', + '/var/cache/chef', + '/var/backups/chef', + '/var/run/chef', +]) +REQUIRED_CHEF_DIRS = tuple([ + '/etc/chef', +]) + +# Used if fetching chef from a omnibus style package +OMNIBUS_URL = "https://www.chef.io/chef/install.sh" +OMNIBUS_URL_RETRIES = 5 + +CHEF_VALIDATION_PEM_PATH = '/etc/chef/validation.pem' +CHEF_ENCRYPTED_DATA_BAG_PATH = '/etc/chef/encrypted_data_bag_secret' +CHEF_ENVIRONMENT = '_default' +CHEF_FB_PATH = '/etc/chef/firstboot.json' +CHEF_RB_TPL_DEFAULTS = { + # These are ruby symbols... + 'ssl_verify_mode': ':verify_none', + 'log_level': ':info', + # These are not symbols... + 'log_location': '/var/log/chef/client.log', + 'validation_key': CHEF_VALIDATION_PEM_PATH, + 'validation_cert': None, + 'client_key': '/etc/chef/client.pem', + 'json_attribs': CHEF_FB_PATH, + 'file_cache_path': '/var/cache/chef', + 'file_backup_path': '/var/backups/chef', + 'pid_file': '/var/run/chef/client.pid', + 'show_time': True, + 'encrypted_data_bag_secret': None, +} +CHEF_RB_TPL_BOOL_KEYS = frozenset(['show_time']) +CHEF_RB_TPL_PATH_KEYS = frozenset([ + 'log_location', + 'validation_key', + 'client_key', + 'file_cache_path', + 'json_attribs', + 'pid_file', + 'encrypted_data_bag_secret', + 'chef_license', +]) +CHEF_RB_TPL_KEYS = list(CHEF_RB_TPL_DEFAULTS.keys()) +CHEF_RB_TPL_KEYS.extend(CHEF_RB_TPL_BOOL_KEYS) +CHEF_RB_TPL_KEYS.extend(CHEF_RB_TPL_PATH_KEYS) +CHEF_RB_TPL_KEYS.extend([ + 'server_url', + 'node_name', + 'environment', + 'validation_name', +]) +CHEF_RB_TPL_KEYS = frozenset(CHEF_RB_TPL_KEYS) +CHEF_RB_PATH = '/etc/chef/client.rb' +CHEF_EXEC_PATH = '/usr/bin/chef-client' +CHEF_EXEC_DEF_ARGS = tuple(['-d', '-i', '1800', '-s', '20']) + + frequency = PER_ALWAYS distros = ["all"] schema = { @@ -30,18 +94,14 @@ 'name': 'Chef', 'title': 'module that configures, starts and installs chef', 'description': dedent("""\ - This module enables chef to be installed (from packages or - from gems, or from omnibus). Before this occurs chef configurations are + This module enables chef to be installed (from packages, + gems, or from omnibus). Before this occurs, chef configuration is written to disk (validation.pem, client.pem, firstboot.json, - client.rb), and needed chef folders/directories are created - (/etc/chef and /var/log/chef and so-on). Then once installing proceeds - correctly if configured chef will be started (in daemon mode or in - non-daemon mode) and then once that has finished (if ran in non-daemon - mode this will be when chef finishes converging, if ran in daemon mode - then no further actions are possible since chef will have forked into - its own process) then a post run function can be executed, which - perform finishing activities (such as removing the validation pem - file)."""), + client.rb), and required directories are created (/etc/chef and + /var/log/chef and so-on). If configured, chef will be + installed and started in either daemon or non-daemon mode. + If run in non-daemon mode, post run actions are executed to do + finishing activities such as removing validation.pem."""), 'distros': distros, 'examples': [dedent(""" chef: @@ -82,12 +142,11 @@ Create the necessary directories for chef to run. By default, it creates the following directories: - - ``/etc/chef`` - - ``/var/log/chef`` - - ``/var/lib/chef`` - - ``/var/cache/chef`` - - ``/var/backups/chef`` - - ``/var/run/chef``""") + {chef_dirs}""").format( + chef_dirs="\n".join( + [" - ``{}``".format(d) for d in CHEF_DIRS] + ) + ) }, 'validation_cert': { 'type': 'string', @@ -98,22 +157,22 @@ }, 'validation_key': { 'type': 'string', - 'default': '/etc/chef/validation.pem', + 'default': CHEF_VALIDATION_PEM_PATH, 'description': dedent("""\ Optional path for validation_cert. default to - ``/etc/chef/validation.pem``.""") + ``{}``.""".format(CHEF_VALIDATION_PEM_PATH)) }, 'firstboot_path': { 'type': 'string', - 'default': '/etc/chef/firstboot.json', + 'default': CHEF_FB_PATH, 'description': dedent("""\ Path to write run_list and initial_attributes keys that should also be present in this configuration, defaults - to ``/etc/chef/firstboot.json``.""") + to ``{}``.""".format(CHEF_FB_PATH)) }, 'exec': { 'type': 'boolean', - 'default': False, + 'default': False, 'description': dedent("""\ define if we should run or not run chef (defaults to false, unless a gem installed is requested where this @@ -121,10 +180,10 @@ }, 'client_key': { 'type': 'string', - 'default': '/etc/chef/client.pem', + 'default': CHEF_RB_TPL_DEFAULTS['client_key'], 'description': dedent("""\ Optional path for client_cert. default to - ``/etc/chef/client.pem``.""") + ``{}``.""".format(CHEF_RB_TPL_DEFAULTS['client_key'])) }, 'encrypted_data_bag_secret': { 'type': 'string', @@ -133,54 +192,59 @@ Specifies the location of the secret key used by chef to encrypt data items. By default, this path is set to None, meaning that chef will have to look at the - path ``/etc/chef/encrypted_data_bag_secret`` for it. - """) + path ``{}`` for it. + """.format(CHEF_ENCRYPTED_DATA_BAG_PATH)) }, 'environment': { 'type': 'string', - 'default': '_default', + 'default': CHEF_ENVIRONMENT, 'description': dedent("""\ Specifies which environment chef will use. By default, - it will use the ``_default`` configuration."""), + it will use the ``{}`` configuration. + """.format(CHEF_ENVIRONMENT)) }, 'file_backup_path': { 'type': 'string', - 'default': '/var/backups/chef', + 'default': CHEF_RB_TPL_DEFAULTS['file_backup_path'], 'description': dedent("""\ Specifies the location in which backup files are stored. By default, it uses the - ``/var/backups/chef`` location.""") + ``{}`` location.""".format( + CHEF_RB_TPL_DEFAULTS['file_backup_path'])) }, 'file_cache_path': { 'type': 'string', - 'default': '/var/cache/chef', + 'default': CHEF_RB_TPL_DEFAULTS['file_cache_path'], 'description': dedent("""\ Specifies the location in which chef cache files will - be saved. By default, it uses the ``/var/cache/chef`` - location.""") + be saved. By default, it uses the ``{}`` + location.""".format( + CHEF_RB_TPL_DEFAULTS['file_cache_path'])) }, 'json_attribs': { 'type': 'string', - 'default': '/etc/chef/firstboot.json', + 'default': CHEF_FB_PATH, 'description': dedent("""\ Specifies the location in which some chef json data is stored. By default, it uses the - ``/etc/chef/firstboot.json`` location.""") + ``{}`` location.""".format(CHEF_FB_PATH)) }, 'log_level': { 'type': 'string', - 'default': ':info', + 'default': CHEF_RB_TPL_DEFAULTS['log_level'], 'description': dedent("""\ Defines the level of logging to be stored in the log - file. By default this value is set to ``:info``.""") + file. By default this value is set to ``{}``. + """.format(CHEF_RB_TPL_DEFAULTS['log_level'])) }, 'log_location': { 'type': 'string', - 'default': '/var/log/chef/client.log', + 'default': CHEF_RB_TPL_DEFAULTS['log_location'], 'description': dedent("""\ Specifies the location of the chef lof file. By default, the location is specified at - ``/var/log/chef/client.log``.""") + ``{}``.""".format( + CHEF_RB_TPL_DEFAULTS['log_location'])) }, 'node_name': { 'type': 'string', @@ -190,15 +254,15 @@ }, 'omnibus_url': { 'type': 'string', - 'default': 'https://www.chef.io/chef/install.sh', + 'default': OMNIBUS_URL, 'description': dedent("""\ Omnibus URL if chef should be installed through Omnibus. By default, it uses the - ``https://www.chef.io/chef/install.sh``.""") + ``{}``.""".format(OMNIBUS_URL)) }, 'omnibus_url_retries': { 'type': 'integer', - 'default': 5, + 'default': OMNIBUS_URL_RETRIES, 'description': dedent("""\ The number of retries that will be attempted to reach the Omnibus URL""") @@ -211,11 +275,12 @@ }, 'pid_file': { 'type': 'string', - 'default': '/var/run/chef/client.pid', + 'default': CHEF_RB_TPL_DEFAULTS['pid_file'], 'description': dedent("""\ The location in which a process identification number (pid) is saved. By default, it saves - in the ``/var/run/chef/client.pid`` location.""") + in the ``{}`` location.""".format( + CHEF_RB_TPL_DEFAULTS['pid_file'])) }, 'server_url': { 'type': 'string', @@ -228,7 +293,7 @@ }, 'ssl_verify_mode': { 'type': 'string', - 'default': ':verify_none', + 'default': CHEF_RB_TPL_DEFAULTS['ssl_verify_mode'], 'description': dedent("""\ Set the verify mode for HTTPS requests. We can have two possible values for this parameter: @@ -237,8 +302,8 @@ certificates. - ``:verify_peer``: Validate all SSL certificates. - By default, the parameter is set as ``:verify_none``. - """) + By default, the parameter is set as ``{}``. + """.format(CHEF_RB_TPL_DEFAULTS['ssl_verify_mode'])) }, 'validation_name': { 'type': 'string', @@ -270,9 +335,9 @@ The type of installation for chef. It can be one of the following values: - - packages - - gems - - omnibus""") + - ``packages`` + - ``gems`` + - ``omnibus``""") }, 'run_list': { 'type': 'array', @@ -280,6 +345,12 @@ 'type': 'string' }, 'description': 'A run list for a first boot json.' + }, + "chef_license": { + 'type': 'string', + 'description': dedent("""\ + string that indicates if user accepts or not license + related to some of chef products""") } } } @@ -289,68 +360,6 @@ __doc__ = get_schema_doc(schema) -RUBY_VERSION_DEFAULT = "1.8" - -CHEF_DIRS = tuple([ - '/etc/chef', - '/var/log/chef', - '/var/lib/chef', - '/var/cache/chef', - '/var/backups/chef', - '/var/run/chef', -]) -REQUIRED_CHEF_DIRS = tuple([ - '/etc/chef', -]) - -# Used if fetching chef from a omnibus style package -OMNIBUS_URL = "https://www.chef.io/chef/install.sh" -OMNIBUS_URL_RETRIES = 5 - -CHEF_VALIDATION_PEM_PATH = '/etc/chef/validation.pem' -CHEF_FB_PATH = '/etc/chef/firstboot.json' -CHEF_RB_TPL_DEFAULTS = { - # These are ruby symbols... - 'ssl_verify_mode': ':verify_none', - 'log_level': ':info', - # These are not symbols... - 'log_location': '/var/log/chef/client.log', - 'validation_key': CHEF_VALIDATION_PEM_PATH, - 'validation_cert': None, - 'client_key': "/etc/chef/client.pem", - 'json_attribs': CHEF_FB_PATH, - 'file_cache_path': "/var/cache/chef", - 'file_backup_path': "/var/backups/chef", - 'pid_file': "/var/run/chef/client.pid", - 'show_time': True, - 'encrypted_data_bag_secret': None, -} -CHEF_RB_TPL_BOOL_KEYS = frozenset(['show_time']) -CHEF_RB_TPL_PATH_KEYS = frozenset([ - 'log_location', - 'validation_key', - 'client_key', - 'file_cache_path', - 'json_attribs', - 'pid_file', - 'encrypted_data_bag_secret', - 'chef_license', -]) -CHEF_RB_TPL_KEYS = list(CHEF_RB_TPL_DEFAULTS.keys()) -CHEF_RB_TPL_KEYS.extend(CHEF_RB_TPL_BOOL_KEYS) -CHEF_RB_TPL_KEYS.extend(CHEF_RB_TPL_PATH_KEYS) -CHEF_RB_TPL_KEYS.extend([ - 'server_url', - 'node_name', - 'environment', - 'validation_name', -]) -CHEF_RB_TPL_KEYS = frozenset(CHEF_RB_TPL_KEYS) -CHEF_RB_PATH = '/etc/chef/client.rb' -CHEF_EXEC_PATH = '/usr/bin/chef-client' -CHEF_EXEC_DEF_ARGS = tuple(['-d', '-i', '1800', '-s', '20']) - - def post_run_chef(chef_cfg, log): delete_pem = util.get_cfg_option_bool(chef_cfg, 'delete_validation_post_exec',