[chef] RE: Re: RE: Re: Need cfengine like copy to achieve Self Healing

["Steve Caissie" < >]

Sorry, I'll try to provide a clear example:

I've got a 3rd party monitoring application that requires me to deploy the 
agents and plugins to all of the systems on my network. Here's the cfengine 
syntax to do that:

    monitoring_agent_class::
        /opt/agent-software
            dest=/opt/agent-software
            owner=root
            group=root
            recurse=inf
            purge=true
            server=monitoring_server
            define=restart_agent
        /var/lib/agent-plugins
            dest=/opt/agent-plugins
            owner=root
            group=root
            recurse=inf
            purge=true
            server=monitoring_server
            define=restart_agent

This tells each system on the network to copy the monitoring agent and 
plugins from "monitoring_server". There are multiple levels of directories 
under /opt/agent-software. It is "self healing", because any missing or 
changed files on the destination servers are fixed next time cfengine runs. 
Only the files that need to change are updated. Cfengine guarantees that the 
source and destination directories are an exact match.  I can make a quick 
change to an agent-plugin and next time cfengine runs, that change is 
installed on each server.

I think these are my choices if I want to do this in Chef:

1. remote_directory resource - It doesn't preserve file permissions. If I set 
files_mode=755 on the files in /opt/agent-software, I'd have execute 
permissions on configuration files that should be read-only.

2. tar the directories and use the cookbook_file resource - If I want to be 
100% sure that the destination isn't corrupt, I'd have to untar the tar file 
on every chef run and restart the agent. With the cfengine configuration 
above, the agent would only be restarted if an individual file gets updated.

3. Create an rpm for agent-software and another for agent-plugins - To make 
this "self healing", chef would need a "verify" action in the package 
resource. I'd use the "verify" action to verify that the target system's 
install matches the contents of the rpm.  If it doesn't match, I'd install 
the rpm with a --force option.  I also think creating and maintaining an rpm 
is a lot more complex that the cfengine setup above.

Are there any other Chef options for doing this?

Steve

-----Original Message-----
From: 

 
 
[mailto:
 
 On Behalf Of Michael Hale
Sent: Saturday, February 05, 2011 2:12 PM
To: chef
Subject: [chef] Re: RE: Re: Need cfengine like copy to achieve Self Healing

I'm confused about how recursively copying a directory and preserving
permissions provides "self healing". Can you elaborate on how that
feature of cfengine provides self healing in your environment? It is
possible there is a more idiomatic way to accomplish what you are
after in chef.

On Sat, Feb 5, 2011 at 2:06 PM, Steve Caissie 
<
 >
 wrote:
> I can apply the same mode to all of the files in a directory with 
> remote_directory, but I don't see any way to preserve the source 
> directory's permissions.
>
> Ideally, I'd like to be able to copy from a local or remote source and 
> preserve permissions. Cfengine offers this with the copy action.
>
> Steve
>
>
> -----Original Message-----
> From: 
> 
 
>  
> [mailto:
 
>  On Behalf Of Daniel DeLeo
> Sent: Saturday, February 05, 2011 1:24 PM
> To: 
> 
 
> Subject: [chef] Re: Need cfengine like copy to achieve Self Healing
>
> On Sat, Feb 5, 2011 at 9:59 AM, Steve Caissie 
> <
 >
>  wrote:
>> I'm trying to make my systems self healing with chef. I've been doing this
>> for many years with cfengine. I think chef needs a cfengine like copy
>> resource to make it easier to maintain a self healing environment.
>>
>>
>>
>> In cfengine 2, the copy action has a recursive option that lets you 
>> preserve
>> permissions and create classes if files were changed.  There doesn't appear
>> to be any resource to do this in chef.  You could use a tar file to 
>> preserve
>> permissions, but then the copy isn't idempotent.  There would be no easy 
>> way
>> to tell if files on the destination system have changed.  You could put the
>> files into a package like an rpm, but those packages are more difficult to
>> maintain.  I have a lot of directories that I need to copy and maintain.  I
>> don't want to create an rpm for every directory.
>>
>>
>>
>> It would also be nice if chef didn't have to import all of the files you
>> want to copy.  I'd like to be able to change a directory tree without 
>> having
>> to tell Chef about the change.
>>
>>
>>
>> To get around this limitation, I'm going to try to create an "rsync" LWRP 
>> in
>> chef.
>
> Can you explain a bit more about how what you're looking for differs
> from the existing remote directory[1] resource? Do you just want a
> remote directory that uses a local (i.e., already exists elsewhere on
> the filesystem) source? Do you need permissions that are more varied
> than remote directory provides?
>
>
>>
>> Steve Caissie
>> Director of Operations
>>
>> Vlingo
>>
>>
>
> Thanks,
> Dan DeLeo
>