Do you think IIT Guwahati certified course can help you in your career?
No
Introduction
A chef resource is a piece of an operating system that outlines the intended state of a node to which one wants to transition from the existing configuration using resource providers.
It helps in knowing the current status of the target machine using the Ohai mechanism of Chef.
It also helps in getting the target machine to that state. The resources are in a group of recipes that describe the working configuration.
The primary use of the windows_ie_esc resource is to adjust the Internet Explorer extensibility and security settings.
Syntax
Here is the complete syntax for all the available resources of the windows_ie_esc resource:
windows_ie_esc 'name' do
scopes Array
action Symbol # defaults to :enable if not given
end
Here:
The resource is “windows_ie_esc”.
The name given to the resource block is the “name”.
Here the “action” identifies the steps Chef Infra Client will take to bring the node into the desired state.
The property available to this resource is “scopes”.
Actions
Following are the actions the windows_ie_esc chef resource has:
:disable
It disables the Internet Explorer extensibility and security settings for scoped users.
:enable
It enables Internet Explorer extensibility and security settings for scoped users (default).
:nothing
The resource block does not take action unless another resource notifies it to take action. Once it is notified, this resource block either runs immediately
or is lined up to run at the end of a Chef Infra Client run.
Properties
Following are the properties windows_ie_esc chef resource has :
scopes
Ruby Type: Array | required
By this security config, the Windows user scopes are targeted.
Common Resource Functionality
Common Properties
The properties given below are common to every resource:
compile_time
Ruby Type: true, false | Default Value:false
It controls the phase in which the resource is run on the node. It is set to false while Chef Infra Client configures the node (the coverage phase) and sets it to true while the resource collection (the complete phase) is built.
This chef resource “:quiet” will not display the full stack trace; the recipe will continue to run if a resource fails.
retries
Ruby Type: Integer | Default Value:0
Retries are the number of attempts to catch exceptions and retry the resource.
retry_delay
Ruby Type: Integer | Default Value:2
It is the delay in seconds between retry attempts.
sensitive
Ruby Type: true, false | Default Value:false
Ensure that Chef Infra Client does not log sensitive resource data.
Notifications
notifies
Ruby Type: Symbol, 'Chef::Resource[String]'
The syntax for notifies is:
notifies :action, 'resource[name]', :timer
When a state of resource changes, it notifies another resource to take action.
Set the 'resource[name]', the :action that the resource should take, and then the :timer to complete that action.
A resource uses a “notifies” statement to notify each resource. It may notify more than one resource at a time.
If the referenced resource does not exist, we get an error. However, “subscribes” will not fail if the source resource is not there.
A timer specifies the point at which a notification runs during a Chef Infra Client run. Various timers are given below-
:before
It specifies that the action should run on a notified resource before processing the resource block in which the notification is present.
:delayed
Specifies that a notification should be in a queue and executed at the end of a Chef Infra Client run.
:immediate, :immediately
It specifies that a notification should be run immediately for each resource notified.
subscribes
Ruby Type: Symbol, 'Chef::Resource[String]'
The syntax for subscribes is:
subscribes :action, 'resource[name]', :timer
If the status of the resource being listened to changes, one resource may listen to anot\her resource and then take appropriate action.
Set the 'resource[name]', the “:action” that the resource should take, and then the “:timer” to complete that action.
The “subscribes” does not apply the specified action to the resource that it listens to. For example:
file '/etc/nginx/ssl/example.crt' do
mode '0600'
owner 'root'
end
service 'nginx' do
subscribes :reload, 'file[/etc/nginx/ssl/example.crt]', :immediately
end
In this instance the subscribes property reloads the nginx service whenever its certificate file, found at /etc/nginx/ssl/example.crt, is updated.
Subscribes makes no changes to the certificate file itself and executes the :reload action for its resource (here nginx) when the change is noticed.
There won't be a problem with the subscription if the other resource is nonexistent. In contrast, notifications have stricter semantics and will report an error if the other resource isn't there.
A timer specifies the point at which a notification run during a Chef Infra Client run. The following timers are available:
:before
Specifies that the action should run on a notified resource before processing the resource block in which the notification is present.
:delayed
Specifies that a notification should be in a queue and executed at the end of a Chef Infra Client run.
:immediate, :immediately
It specifies that a notification should be run immediately for each resource notified.
Guards
During the execution stage of a Chef Infra Client run, the state of a node can be evaluated using a guard property. A guard property informs Chef Infra Client if it should continue executing a resource based on the results of this analysis. A guard property accepts either a Ruby block value or a string value.
A string executes as a shell command. The guard is applied when the command returns 0. If the command returns any other value, the guard property is useless.In a powershell_script, string guards can return true in addition to 0 and run Windows PowerShell commands.
If the block, executed as a ruby code, returns true, the guard property is applied else the guard property remains unused for the false condition.
A guard property enables a resource to check for the desired state as it is being executed, and if it is present, Chef Infra Client will do nothing to help verify that a resource is idempotent.
Properties of Gaurd
A guard evaluated during the execution phase of a Chef Infra Client run can be defined using the following properties:
not_if
It prevents a resource from executing when the condition is true.
only_if
This property allow a resource to execute only if the condition is true.
Examples
The given examples shows different approaches for using the windows_ie_esc resource in recipes:
Secure the Desktop with a Screensaver and Password
windows_ie_esc 'Turn off Internet Explorer ESC for admin' do
scopes [:admin]
action :disable
end
Disable Requiring a Screensaver with a Password
windows_ie_esc 'Enforce Internet Explorer ESC for all user scopes' do
scopes [:admin, :user]
action :enable
end
Frequently Asked Questions
What is the default value for group_name_for_expired_passwords?
“Users” is the default value for group_name_for_expired_passwords.
What are the properties that define the guard?
not_if and only_if properties define the guard.
How do I check my chef's server status?
To check the status of all the services, you can use the chef-server-ctl status command.
What is Chef infra server?
Chef Infra Server is a hub for configuration data, storing cookbooks, node policies, and managed node metadata.
What do you mean by Action?
Action decides the set of activities that Chef Client Run will perform to bring the node to its desired state.
Conclusion
This article contains the basic information of CHEF RESOURCES Windows_ie_esc Resource. In this article, we have discussed the different properties and common resources of the chef resource. The reader can carry out a thorough understanding of the topic by referring to the Official Documentation. For more information on Chef and DevOps, Refer-