[chef] managing system files with Chef

[Sascha Bates < >]

Chef wants to manage config files as templates.  I get that.  I'm wondering how people are handling system configuration files that are large and sometimes unwieldy?  For example, in Red Hat, the /etc/sendmail.cf  is 700 lines and we update just one.  Should I really keep a template or cookbook file for something like that?  We are running primarily RH4 and RH5 and have identified the following choices for system configuration files:

Appropriate them as templates or manage them with complex string substitution in ruby/bash blocks and manual checks to enforce idempotence.  

The first has pitfalls.  We shouldn't be managing system files at that level.  Patching should be an automated process, and trying to keep an eye on system files during the patch process is not something I'm interested in.   Also it means that only one recipe can ever manage that file.  In most cases that's fine, but in others, it won't work.  Example: I have two different cookbooks that add keys to the root authorized_keys file in some cases.  Or what if two different things want to insert things in the modprobe.conf?  I have a system config recipe that inserts lines into the modprobe.conf to disable IPv6 and a KVM recipe that inserts the kvm module lines.  

On the other hand, using regex string substitutions in files is complex, can be messy looking and I'm getting the impression this method is discouraged.  I also regard the use of the bash block as the last resort in a recipe.  But it has the easiest way to do string substitution in files (using sed).  I have been using this to manage settings in sshd_config, sendmail.cf, submit.cf, and a few other places.

So those are my thoughts.  What are others doing to manage ssh configs, sendmail, snmp, module configs, etc?  I'm really curious.

Sascha