Last Updated: November 05, 2020
· trinitronx

How to delete persistent node attributes in Chef

Did you accidentally set node.normal[:foo][:bar] = 'something bad' in your chef recipe?

Then you found that the node's normal attributes persisted between chef runs, and you really wanted to use the default attribute precedence level in your cookbook's attributes/default.rb file?

Knife exec is your friend:

knife exec -E "nodes.transform(:all) {|n| n.normal_attrs[:foo].delete(:bar) rescue nil }"


I needed to delete some default, normal, and override attributes for the sudo cookbook on all nodes, so I used:

knife exec -E "nodes.transform(:all) {|n| n.default_attrs['authorization']['sudo'].delete('groups') rescue nil }"
knife exec -E "nodes.transform(:all) {|n| n.normal_attrs['authorization']['sudo'].delete('groups') rescue nil }"
knife exec -E "nodes.transform(:all) {|n| n.override_attrs['authorization']['sudo'].delete('groups') rescue nil }"

If I only wanted to do that on a certain node, I would pass a Solr query to node.transform():

knife exec -E "nodes.transform('name:dfw-mynode-01') {|n| n.default_attrs['authorization']['sudo'].delete('groups') rescue nil }"

Note: Knife exec is powerful... with great power comes great responsibility

2 Responses
Add your response

Will this also work for and automatic attribute (that OHAI sets)? Would you format like [:etc].delete(:passwd) ?

update: This model should work for automatic attributes

knife exec -E "nodes.transform(:all) { |n| n.automatic_attrs[:etc].delete(:passwd) rescue nil }"

over 1 year ago ·

Do we know if this runs the embedded script in parallel across all the nodes, similar to knife winrm?

over 1 year ago ·