bash Resource
This page is generated from the Chef Infra Client source code.To suggest a change, edit the bash.rb file and submit a pull request to the Chef Infra Client repository.
Use the bash resource to execute scripts using the Bash interpreter. This resource may also use any of the actions and properties that are available to the execute resource. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if
and only_if
to guard this resource for idempotence.
Syntax
The full syntax for all of the properties that are available to the bash resource is:
bash 'name' do
code String
command String, Array # default value: 'name' unless specified
creates String
cwd String
default_env true, false # default value: false
domain String
elevated true, false # default value: false
environment Hash
flags String
group String, Integer
input String
interpreter String
live_stream true, false # default value: false
login true, false # default value: false
password String
returns Integer, Array # default value: 0
timeout Integer, String, Float # default value: 3600
user String, Integer
action Symbol # defaults to :run if not specified
end
where:
bash
is the resource.name
is the name given to the resource block.action
identifies which steps Chef Infra Client will take to bring the node into the desired state.code
,command
,creates
,cwd
,default_env
,domain
,elevated
,environment
,flags
,group
,input
,interpreter
,live_stream
,login
,password
,returns
,timeout
, anduser
are the properties available to this resource.
Actions
The bash resource has the following actions:
:nothing
- This resource block doesn’t act unless notified by another resource to take action. Once notified, this resource block either runs immediately or is queued up to run at the end of a Chef Infra Client run.
:run
- Run a command. (default)
Properties
The bash resource has the following properties:
code
- Ruby Type: String |
REQUIRED
A quoted string of code to be executed.
command
- Ruby Type: String, Array | Default Value:
The resource block's name
An optional property to set the command to be executed if it differs from the resource block’s name.
Note
Use the execute resource to run a single command. Use multiple execute resource blocks to run multiple commands.
creates
- Ruby Type: String
Prevent a command from creating a file when that file already exists.
cwd
- Ruby Type: String
The current working directory from which the command will be run.
default_env
- Ruby Type: true, false | Default Value:
false
When
true
this enables ENV magic to add path_sanity to the PATH and force the locale to English+UTF-8 for parsing output.New in Chef Client 14.2
domain
- Ruby Type: String
Windows only: The domain of the user specified by the user property. If not specified, the username and password specified by the
user
andpassword
properties will be used to resolve that user against the domain in which the system running Chef Infra Client is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the user property.New in Chef Client 12.21
elevated
- Ruby Type: true, false | Default Value:
false
Determines whether the script will run with elevated permissions to circumvent User Access Control (UAC) from interactively blocking the process. This will cause the process to be run under a batch login instead of an interactive login. The user running chef-client needs the ‘Replace a process level token’ and ‘Adjust Memory Quotas for a process’ permissions. The user that is running the command needs the ‘Log on as a batch job’ permission. Because this requires a login, the user and password properties are required.
New in Chef Client 13.3
environment
- Ruby Type: Hash
A Hash of environment variables in the form of
({'ENV_VARIABLE' => 'VALUE'})
. Note: These variables must exist for a command to be run successfully.
flags
- Ruby Type: String
One or more command line flags that are passed to the interpreter when a command is invoked.
group
- Ruby Type: String, Integer
The group name or group ID that must be changed before running a command.
input
- Ruby Type: String
An optional property to set the input sent to the command as STDIN.
New in Chef Infra Client 16.2
live_stream
- Ruby Type: true, false | Default Value:
false
Send the output of the command run by this execute resource block to the Chef Infra Client event stream.
login
- Ruby Type: true, false | Default Value:
false
Use a login shell to run the commands instead of inheriting the existing execution environment.
New in Chef Infra Client 17.0
password
- Ruby Type: String
Windows only: The password of the user specified by the user property. This property is mandatory if user is specified on Windows and may only be specified if user is specified. The sensitive property for this resource will automatically be set to true if password is specified.
New in Chef Client 12.21
returns
- Ruby Type: Integer, Array | Default Value:
0
The return value for a command. This may be an array of accepted values. An exception is raised when the return value(s) do not match.
timeout
- Ruby Type: Integer, String, Float | Default Value:
3600
The amount of time (in seconds) a command is to wait before timing out.
user
- Ruby Type: String, Integer
The user name of the user identity with which to launch the new process. The user name may optionally be specified with a domain, i.e.
domain\user
oruser@my.dns.domain.com
via Universal Principal Name (UPN)format. It can also be specified without a domain simply as user if the domain is instead specified using the domain property. On Windows only, if this property is specified, the password property must be specified.
Common Resource Functionality
Chef resources include common properties, notifications, and resource guards.
Common Properties
The following properties are common to every resource:
compile_time
Ruby Type: true, false | Default Value:
false
Control the phase during which the resource is run on the node. Set to true to run while the resource collection is being built (the
compile phase
). Set to false to run while Chef Infra Client is configuring the node (theconverge phase
).ignore_failure
Ruby Type: true, false, :quiet | Default Value:
false
Continue running a recipe if a resource fails for any reason.
:quiet
won’t display the full stack trace and the recipe will continue to run if a resource fails.retries
Ruby Type: Integer | Default Value:
0
The number of attempts to catch exceptions and retry the resource.
retry_delay
Ruby Type: Integer | Default Value:
2
The delay in seconds between retry attempts.
sensitive
Ruby Type: true, false | Default Value:
false
Ensure that sensitive resource data isn’t logged by Chef Infra Client.
Notifications
notifies
Ruby Type: Symbol, 'Chef::Resource[String]'
A resource may notify another resource to take action when its state changes. Specify a
'resource[name]'
, the:action
that resource should take, and then the:timer
for that action. A resource may notify more than one resource; use anotifies
statement for each resource to be notified.If the referenced resource doesn’t exist, an error is raised. In contrast,
subscribes
won’t fail if the source resource isn’t found.
A timer specifies the point during a Chef Infra Client run at which a notification is run. The following timers are available:
:before
Specifies that the action on a notified resource should be run before processing the resource block in which the notification is located.
:delayed
Default. Specifies that a notification should be queued up, and then executed at the end of a Chef Infra Client run.
:immediate
,:immediately
Specifies that a notification should be run immediately, for each resource notified.
The syntax for notifies
is:
notifies :action, 'resource[name]', :timer
subscribes
Ruby Type: Symbol, 'Chef::Resource[String]'
A resource may listen to another resource, and then take action if the
state of the resource being listened to changes. Specify a
'resource[name]'
, the :action
to be taken, and then the :timer
for
that action.
Note that subscribes
doesn’t apply the specified action to the
resource that it listens to - for example:
file '/etc/nginx/ssl/example.crt' do
mode '0600'
owner 'root'
end
service 'nginx' do
subscribes :reload, 'file[/etc/nginx/ssl/example.crt]', :immediately
end
In this case the subscribes
property reloads the nginx
service
whenever its certificate file, located under
/etc/nginx/ssl/example.crt
, is updated. subscribes
doesn’t make any
changes to the certificate file itself, it merely listens for a change
to the file, and executes the :reload
action for its resource (in this
example nginx
) when a change is detected.
If the other resource doesn’t exist, the subscription won’t raise an
error. Contrast this with the stricter semantics of notifies
, which
will raise an error if the other resource doesn’t exist.
A timer specifies the point during a Chef Infra Client run at which a notification is run. The following timers are available:
:before
Specifies that the action on a notified resource should be run before processing the resource block in which the notification is located.
:delayed
Default. Specifies that a notification should be queued up, and then executed at the end of a Chef Infra Client run.
:immediate
,:immediately
Specifies that a notification should be run immediately, for each resource notified.
The syntax for subscribes
is:
subscribes :action, 'resource[name]', :timer
Guards
A guard property can be used to evaluate the state of a node during the execution phase of a Chef Infra Client run. Based on the results of this evaluation, a guard property is then used to tell Chef Infra Client if it should continue executing a resource. A guard property accepts either a string value or a Ruby block value:
- A string is executed as a shell command. If the command returns
0
, the guard is applied. If the command returns any other value, then the guard property isn’t applied. String guards in a powershell_script run Windows PowerShell commands and may returntrue
in addition to0
. - A block is executed as Ruby code that must return either
true
orfalse
. If the block returnstrue
, the guard property is applied. If the block returnsfalse
, the guard property isn’t applied.
A guard property is useful for ensuring that a resource is idempotent by allowing that resource to test for the desired state as it’s being executed, and then if the desired state is present, for Chef Infra Client to don’thing.
PropertiesThe following properties can be used to define a guard that’s evaluated during the execution phase of a Chef Infra Client run:
not_if
Prevent a resource from executing when the condition returns
true
.only_if
Allow a resource to execute only if the condition returns
true
.
Examples
The following examples demonstrate various approaches for using the bash resource in recipes:
Compile an application
bash 'install_something' do
user 'root'
cwd '/tmp'
code <<-EOH
wget http://www.example.com/tarball.tar.gz
tar -zxf tarball.tar.gz
cd tarball
./configure
make
make install
EOH
end
Using escape characters in a string of code
In the following example, the find
command uses an escape character (\
). Use a second escape character (\\
) to preserve the escape character in the code string:
bash 'delete some archives ' do
code <<-EOH
find ./ -name "*.tar.Z" -mtime +180 -exec rm -f {} \\;
EOH
ignore_failure true
end
Install a file from a remote location
The following is an example of how to install the foo123 module for Nginx. This module adds shell-style functionality to an Nginx configuration file and does the following:
- Declares three variables
- Gets the Nginx file from a remote location
- Installs the file using Bash to the path specified by the
src_filepath
variable
src_filename = "foo123-nginx-module-v#{node['nginx']['foo123']['version']}.tar.gz"
src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}"
extract_path = "#{Chef::Config['file_cache_path']}/nginx_foo123_module/#{node['nginx']['foo123']['checksum']}"
remote_file 'src_filepath' do
source node['nginx']['foo123']['url']
checksum node['nginx']['foo123']['checksum']
owner 'root'
group 'root'
mode '0755'
end
bash 'extract_module' do
cwd ::File.dirname(src_filepath)
code <<-EOH
mkdir -p #{extract_path}
tar xzf #{src_filename} -C #{extract_path}
mv #{extract_path}/*/* #{extract_path}/
EOH
not_if { ::File.exist?(extract_path) }
end
Install an application from git
git "#{Chef::Config[:file_cache_path]}/ruby-build" do
repository 'git://github.com/rbenv/ruby-build.git'
revision 'master'
action :sync
end
bash 'install_ruby_build' do
cwd "#{Chef::Config[:file_cache_path]}/ruby-build"
user 'rbenv'
group 'rbenv'
code <<-EOH
./install.sh
EOH
environment 'PREFIX' => '/usr/local'
end
Using Attributes in Bash Code
The following recipe shows how an attributes file can be used to store certain settings. An attributes file is located in the `attributes/`` directory in the same cookbook as the recipe which calls the attributes file. In this example, the attributes file specifies certain settings for Python that are then used across all nodes against which this recipe will run.
Python packages have versions, installation directories, URLs, and checksum files. An attributes file that exists to support this type of recipe would include settings like the following:
default['python']['version'] = '2.7.1'
if python['install_method'] == 'package'
default['python']['prefix_dir'] = '/usr'
else
default['python']['prefix_dir'] = '/usr/local'
end
default['python']['url'] = 'http://www.python.org/ftp/python'
default['python']['checksum'] = '80e387...85fd61'
and then the methods in the recipe may refer to these values. A recipe that is used to install Python will need to do the following:
- Identify each package to be installed (implied in this example, not shown)
- Define variables for the package
version
and theinstall_path
- Get the package from a remote location, but only if the package does not already exist on the target system
- Use the bash resource to install the package on the node, but only when the package is not already installed
version = node['python']['version']
install_path = "#{node['python']['prefix_dir']}/lib/python#{version.split(/(^\d+\.\d+)/)[1]}"
remote_file "#{Chef::Config[:file_cache_path]}/Python-#{version}.tar.bz2" do
source "#{node['python']['url']}/#{version}/Python-#{version}.tar.bz2"
checksum node['python']['checksum']
mode '0755'
not_if { ::File.exist?(install_path) }
end
bash 'build-and-install-python' do
cwd Chef::Config[:file_cache_path]
code <<-EOF
tar -jxvf Python-#{version}.tar.bz2
(cd Python-#{version} && ./configure #{configure_options})
(cd Python-#{version} && make && make install)
EOF
not_if { ::File.exist?(install_path) }
end