- From: Sean OMeara <
>
- To:
- Subject: [chef] Re: Need cfengine like copy to achieve Self Healing
- Date: Sat, 5 Feb 2011 18:53:04 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=R3dnmApd/uDDeI+h5pFDZ1xZxSVbgwTzkS2P7g0p3dIMhZfUFMDiMSBJUCS5HKBUeR JjGtmrj2wv2qHlcMgj856tHPLJ/dsir+J/RxRRJ4Op+Av1Cd05fbJuJXJcZK1tyVNXIW MAZHN2cFKMJmwvr9Ibs+vOg011mbpOAwnK1QI=
I've been playing around with this kind of stuff myself.
Inspired by reading this:
http://www.cs.tufts.edu/~couch/publications/aims-08-ops.pdf
And more specifically this:
http://www.usenix.org/event/lisa06/tech/full_papers/wu/wu.pdf
Check out this cookbook here for a (not quite all the way working) example:
https://github.com/someara/cookbooks-affs/blob/master/freeipa/recipes/server.rb
The "copying" functionality you're asking about is achieved by
allowing the root accounts within the closure generate and place their
pub keys in authorized_keys via an ohai plugin and a small utility
cookbook
https://github.com/someara/cookbooks-affs/blob/master/ohai/files/default/plugins/rootuser_user_rsa_public.rb
https://github.com/someara/cookbooks-affs/blob/master/sshroot2rootssh/recipes/default.rb
Then, within the actual server.rb, use node attributes and searching
to "negotiate" for master and go into an "if master" , "unless master"
construct to decide what to do.
In the event that the "master" disappears, others within the system
will take over its duties, achieving self healing via convergence
within the system, as long as something deletes the master node from
chef server. (nagios trigger or manual intervention)
YMMV
-s
Archive powered by MHonArc 2.6.16.