Search code examples

Chef overriding attributes from another recipe in same cookbook

I have a cookbook with 2 recipes.

attributes/default.rb default['vpn']['crt'] = 'nocrt'

The default recipe has a file resource that creates a generic crt file

file 'cert' do
    path "/etc/vpn/#{node.default['network']['hostname']}.crt"
    owner 'root'
    group 'root'
    mode '0644'
    content node.default['vpn']['crt']

In the second recipe client.rb, I include the default recipe, load an encrypted data bag for that "client" and override the attribute. BUT it doesn't get overridden.

include_recipe 'my-cookbook'

vault = ChefVault::Item.load('auth', 'client')

node.override['vpn']['crt'] = vault['crt']


The file's content == 'nocrt'

According to Chef's Attribute Precedence, it should override with the content of vault['crt'].


Javier Cortejoso: Your answer works when used in the file resource.

But consider this for example:


default['network']['hostname'] = 'generic-host-name'

In recipes/default.rb:['network']['hostname'])['network']['hostname'])['network']['hostname'])

In recipes/client.rb:

node.override['network']['hostname'] = 'client-host-name'
include_recipe 'cookbook::default'

So even if even I change the order of execution to the client.rb recipe first, then default.rb after overriding, it still gives me the hostname 'generic-host-name':

==> default: [2015-03-04T17:30:43+00:00] INFO: generic-host-name
==> default: [2015-03-04T17:30:43+00:00] INFO: generic-host-name
==> default: [2015-03-04T17:30:43+00:00] INFO: {}


I'm a ****in idiot. I had both of these in my Vagrant file:

chef.add_role "cookbook"
chef.add_recipe "cookbook::client"

Thanks Javier Cortejoso for pointing clarifying the lazy attribute loading for me.


  • IMO It seems that the attribute is overridden after the compilation file['cert']. It a "time" problem and not a "priority" problem. There are some points you may take care in order to get correct order of execution of your recipes:

    • The order of execution should be running first the recipe where you override the attribute (client.rb), and later the recipe where you use the overridden attribute (default.rb).

    • You can also use the lazy attribute evaluation for your attribute with the content.

    So your default.rb should be:

        include_recipe 'my-cookbook::client'
        file 'cert' do
            path "/etc/vpn/#{node.default['network']['hostname']}.crt"
            owner 'root'
            group 'root'
            mode '0644'
            content lazy node.default['vpn']['crt']