Attribute Persistence
All attributes except for normal attributes are reset at the beginning
of a Chef Infra Client run. Attributes set via chef-client -j
with a
JSON file have normal precedence and are persisted between Chef Infra
Client runs. Chef Infra Client rebuilds these attributes using automatic
attributes collected by Ohai at the beginning of each Chef Infra Client
run, and then uses default and override attributes that are specified in
cookbooks, roles, environments, and Policyfiles. All attributes are then
merged and applied to the node according to attribute precedence. The
attributes that were applied to the node are saved to the Chef Infra
Server as part of the node object at the conclusion of each Chef Infra
Client run.
Limiting Attribute Persistence
Some organizations find it helpful to control attribute data stored to the Chef Infra Server in order to limit the disk and CPU resources used when processing unused attributes. For example, your organization may find the data from the Ohai Package
plugin useful when writing cookbooks, but you don’t see the need in saving ~100k of package information for each Chef Infra Client run. By limiting the data that is saved to the Chef Infra Server, it will still be available on the node within cookbooks, but won’t be saved to the Chef Infra Server where it is available in searches.
Note
In Chef Infra Client 16.3 the node Blacklist and Whitelist features were renamed to Blocklist and Allowlist. For backwards compatibility the old configuration values will continue to work, but this document will describe the Blocklist and Allowlist names. See each section below for the appropriate legacy configuration values if you are running legacy clients in your organization.
Legacy config mapping:
- automatic_attribute_blacklist -> blocked_automatic_attributes
- default_attribute_blacklist -> blocked_default_attributes
- normal_attribute_blacklist -> blocked_normal_attributes
- override_attribute_blacklist -> blocked_override_attributes
- automatic_attribute_whitelist -> allowed_automatic_attributes
- default_attribute_whitelist -> allowed_default_attributes
- normal_attribute_whitelist -> allowed_normal_attributes
- override_attribute_whitelist -> allowed_override_attributes
- enforce_path_sanity -> enforce_default_paths
Attribute Blocklist
Warning
When attribute blocklist settings are used, any attribute defined in a blocklist will not be saved to the Chef Infra Server and any attribute that is not defined in a blocklist will be saved. Each attribute type must be blocklisted independently of the other attribute types. For example, if blocked_automatic_attributes
defines attributes that will not be saved, but blocked_normal_attributes
, blocked_default_attributes
, and blocked_override_attributes
are not defined, then all normal attributes, default attributes, and override attributes will be saved, as well as the automatic attributes that were not specifically excluded through blocklisting.
Attributes that should not be saved by a node may be blocklisted in the client.rb file. The blocklist is a Hash of keys that specify each attribute to be filtered out.
Attributes are blocklisted by attribute type, with each attribute type being blocklisted independently. Each attribute type—automatic
, default
, normal
, and override
—may define blocklists by using the following settings in the client.rb file:
Setting | Description |
---|---|
blocked_automatic_attributes | A hash that blocklists automatic attributes, preventing blocklisted attributes from being saved. For example: ['network/interfaces/eth0'] . Default value: nil , all attributes are saved. If the array is empty, all attributes are saved. |
blocked_default_attributes | A hash that blocklists default attributes, preventing blocklisted attributes from being saved. For example: ['filesystem/dev/disk0s2/size'] . Default value: nil , all attributes are saved. If the array is empty, all attributes are saved. |
blocked_normal_attributes | A hash that blocklists normal attributes, preventing blocklisted attributes from being saved. For example: ['filesystem/dev/disk0s2/size'] . Default value: nil , all attributes are saved. If the array is empty, all attributes are saved. |
blocked_override_attributes | A hash that blocklists override attributes, preventing blocklisted attributes from being saved. For example: ['map - autohome/size'] . Default value: nil , all attributes are saved. If the array is empty, all attributes are saved. |
Blocklisting Ohai (automatic) Attributes
The recommended practice is to use blocked_automatic_attributes
to block attributes populated by Ohai’s system information gathering. Ohai gathers a large number of attributes that can consume a signicant amount of storage space on the Chef Infra Server. Many of these attributes may be considered highly valuable, while others could be blocklisted without any impact to data available in search. Normal, default, and override attributes are typically much more important attributes used within cookbooks and are more likely to cause issues if they are blocklisted incorrectly.
For example, automatic attribute data similar to:
{
"filesystem" => {
"/dev/disk0s2" => {
"size" => "10mb"
},
"map - autohome" => {
"size" => "10mb"
}
},
"network" => {
"interfaces" => {
"eth0" => {...},
"eth1" => {...},
}
}
}
To blocklist the filesystem
attributes and allow the other attributes to be saved, update the client.rb file:
blocked_automatic_attributes ['filesystem']
When a blocklist is defined, any attribute of that type that is not specified in that attribute blocklist will be saved. So based on the previous blocklist for automatic attributes, the filesystem
and map - autohome
attributes will not be saved, but the network
attributes will.
For attributes that contain slashes (/
) within the attribute value, such as the filesystem
attribute '/dev/diskos2'
, use an array. For
example:
blocked_automatic_attributes [['filesystem', '/dev/diskos2']]
Attribute Allowlist
Warning
When attribute allowlist settings are used, only the attributes defined in a allowlist will be saved and any attribute that is not defined in a allowlist will not be saved. Each attribute type is allowlisted independently of the other attribute types. For example, if automatic_attribute_allowlist
defines attributes to be saved, but normal_attribute_allowlist
, default_attribute_allowlist
, and
override_attribute_allowlist
are not defined, then all normal attributes, default attributes, and override attributes are saved, as well as the automatic attributes that were specifically included through allowlisting.
Attributes that should be saved by a node may be allowlisted in the client.rb file. The allowlist is a hash of keys that specifies each attribute to be saved.
Attributes are allowlisted by attribute type, with each attribute type being allowlisted independently. Each attribute type—automatic
, default
, normal
, and override
—may define allowlists by using the following settings in the client.rb file:
Setting | Description |
---|---|
allowed_automatic_attributes | A hash that allowlists automatic attributes, preventing non-allowlisted attributes from being saved. For example: ['network/interfaces/eth0'] . Default value: nil , all attributes are saved. If the hash is empty, no attributes are saved. |
allowed_default_attributes | A hash that allowlists default attributes, preventing non-allowlisted attributes from being saved. For example: ['filesystem/dev/disk0s2/size'] . Default value: nil , all attributes are saved. If the hash is empty, no attributes are saved. |
allowed_normal_attributes | A hash that allowlists normal attributes, preventing non-allowlisted attributes from being saved. For example: ['filesystem/dev/disk0s2/size'] . Default value: nil , all attributes are saved. If the hash is empty, no attributes are saved. |
allowed_override_attributes | A hash that allowlists override attributes, preventing non-allowlisted attributes from being saved. For example: ['map - autohome/size'] . Default value: nil , all attributes are saved. If the hash is empty, no attributes are saved. |
Allowlisting Ohai (automatic) Attributes
The recommended practice is to use allowed_automatic_attributes
to allow specific attributes populated by Ohai’s system information gathering. Ohai gathers a large number of attributes that can consume a signicant amount of storage space on the Chef Infra Server. Many of these attributes may be considered highly valuable, while others could be skipped without any impact to data available in search. Normal, default, and override attributes are typically much more important attributes used within cookbooks and are more likely to cause issues if they are ommited from an allowlist incorrectly.
For example, automatic attribute data similar to:
{
"filesystem" => {
"/dev/disk0s2" => {
"size" => "10mb"
},
"map - autohome" => {
"size" => "10mb"
}
},
"network" => {
"interfaces" => {
"eth0" => {...},
"eth1" => {...},
}
}
}
To allowlist the network
attributes and prevent the other attributes from being saved, update the client.rb file:
allowed_automatic_attributes ['network/interfaces/']
When a allowlist is defined, any attribute of that type that is not specified in that attribute allowlist will not be saved. So based on the previous allowlist for automatic attributes, the filesystem
and map - autohome
attributes will not be saved, but the network
attributes will.
Leave the value empty to prevent all attributes of that attribute type from being saved:
allowed_automatic_attributes []
For attributes that contain slashes (/
) within the attribute value, such as the filesystem
attribute '/dev/diskos2'
, use an array. For example:
allowed_automatic_attributes [['filesystem', '/dev/diskos2']]
Was this page helpful?