[chef] Check for changes in a data bag.

[John Hanks < >]

I have a recipe which looks in a data bag item to get a list of yum
groups and individual rpms to install at a nodes first boot, like so:

# recipes/default.rb
# Install packages assigned to this node/role.
manifest = data_bag_item("manifests", node[:yum][:manifest])

# Build a yum compatible list of groups.
grplist = ""
manifest["groups"].each do |g|
  grplist = grplist + " \"#{g}\""
end

# Install Groups
execute "groupinstall" do
  command "yum -y groupinstall #{grplist} > /tmp/chef-yum.log 2>&1 &&
touch /tmp/chef-yum-groupinstall.done"
  creates "/tmp/chef-yum-groupinstall.done"
  action :run
end

# Build a yum compatible list of packages.
pkglist = ""
manifest["packages"].each do |p|
  pkglist = pkglist + " \"#{p}\""
end

# Install Packages.
execute "packageinstall" do
  command "yum -y -t install #{pkglist} >> /tmp/chef-yum.log 2>&1 &&
touch /tmp/chef-yum-packageinstall.done"
  creates "/tmp/chef-yum-packageinstall.done"
  action :run
end

# Clean up everything and make sure everything is up to date.
execute "yum-clean-all" do
  command "yum clean all && yum -y update >> /tmp/chef-yum.log 2>&1"
  action :run
end

This works great, I get a yum run at a nodes first boot with all
packages the node needs from the specified data bag. What I want now
is to have each subsequent chef run look at the data bag and see if
there have been any changes since the last run and if so, rerun yum to
pick up those changes. Is there an easy way to do this using the data
bag's revision number perhaps or do I need to somehow checksum the
data bag contents and store the checksum? Should I just let yum run
each time? Rerunning this tends to add a couple of minutes or more to
the length of the chef-client run but is otherwise harmless.

jbh