[chef] Re: Need cfengine like copy to achieve Self Healing

["Steve Caissie" < >]

Sean,

Your cookbook looks interesting. Please keep me posted on the progress.
For now, I think I'm going to put the source files on load balanced
servers running the rsync daemon. The security isn't great, but it's a
good first step.

Thanks for the pointers to the papers.

Steve

-----Original Message-----
From: Sean OMeara 
[mailto:
 
 
Sent: Saturday, February 05, 2011 6:53 PM
To: 

 
Subject: [chef] Re: Need cfengine like copy to achieve Self Healing

I've been playing around with this kind of stuff myself.

Inspired by reading this:
http://www.cs.tufts.edu/~couch/publications/aims-08-ops.pdf

And more specifically this:
http://www.usenix.org/event/lisa06/tech/full_papers/wu/wu.pdf

Check out this cookbook here for a (not quite all the way working)
example:

https://github.com/someara/cookbooks-affs/blob/master/freeipa/recipes/se
rver.rb

The "copying" functionality you're asking about is achieved by
allowing the root accounts within the closure generate and place their
pub keys in authorized_keys via an ohai plugin and a small utility
cookbook

https://github.com/someara/cookbooks-affs/blob/master/ohai/files/default
/plugins/rootuser_user_rsa_public.rb

https://github.com/someara/cookbooks-affs/blob/master/sshroot2rootssh/re
cipes/default.rb

Then, within the actual server.rb, use node attributes and searching
to "negotiate" for master and go into an "if master" , "unless master"
construct to decide what to do.

In the event that the "master" disappears, others within the system
will take over its duties, achieving self healing via convergence
within the system, as long as something deletes the master node from
chef server. (nagios trigger or manual intervention)

YMMV

-s