[chef-dev] Re: Re: CHEF-2988 allowed_recipes, restricted_recipes, and override_recipes

Chronological Thread 
  • From: Chris Roberts < >
  • To: Ringo De Smet < >
  • Cc: Bryan McLellan < >,
  • Subject: [chef-dev] Re: Re: CHEF-2988 allowed_recipes, restricted_recipes, and override_recipes
  • Date: Thu, 22 Mar 2012 10:23:14 -0700

On Thu, Mar 22, 2012 at 7:50 AM, Ringo De Smet < " target="_blank"> > wrote:

On 21 March 2012 20:06, Bryan McLellan < " target="_blank"> > wrote:
Let's talk about this patch and what the design gives us versus what
it locks us into.

http://tickets.opscode.com/browse/CHEF-2988 - Run List Modifiers

Provides three new options to modify run lists:

--allowed-recipes: Restricts what recipes are allowed in the run list
to only those provided. This restriction is not applied to recipe
--restricted-recipes: Restricts provided recipes from running. If a
restricted recipe is a dependency of another recipe, neither are
allowed to run.
--override-runlist: Replaces the current run list with provided run
list. This override is only applied for the current run.

Nowhere in the ticket I can read what problem is that Chris Roberts tries to solve with these options. Personally, I would like to see Chris step in first and describe the original problem he had. Only then can we check if the proposed solution is the best fit for the problem and within the current Chef architecture.


These options were added as an expert tool to be used as a situation requires. Triggering an application deployment which provides only a subset of the run list (as previously described) can be one situation. Another situation could be where a recipe encounters an unexpected state leading to a failed run. To provide an example scenario:

* An emergency application update needs to be deployed
* During the chef run an unrelated recipe (to the application deployment) fails
* Chef run has now halted and the application update has not completed
* Failing recipe must be fixed before the application update may be deployed

These options provide the ability to ignore the failing recipe (or explicitly specify the application deployment recipe) and continue on with the run. This lets the application update be applied while allowing a fix to the broken recipe to be pushed out once it has been completed and properly tested.

While ideally all recipes in all cookbooks should work properly, it may not always be the case. They may encounter an unexpected state on the system or make a bad assumption about data they are processing. If/when this happens, especially within a third party recipe, tracking down and fixing the problem may not be trivial and adds to the time required to get an update applied. These options provide a tool to handle these situations.

- Chris

Archive powered by MHonArc 2.6.16.