- From: "Jason J. W. Williams" <
>
- To:
- Subject: [chef] Re: managing system files with Chef
- Date: Thu, 5 May 2011 11:34:44 -0600
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=qZnkWgzMjgCnSta9B/4nniPbqiaTxSCNTwuVHlm3JBrE7z10tkVNzTya1x/Dmca+X1 LnARpJF7+rPNUz5ZfB9HOcrXDBeO3FcKbv+RzSafiVGnHHAWHRQJ9Iacz6iVUWfPLTOd uCe82HbzY0031/IbrHFfx3jsbPhQaJ2qBji48=
Hi Sasha
>
The first has pitfalls. We shouldn't be managing system files at that
>
level. Patching should be an automated process, and trying to keep an eye
>
on system files during the patch process is not something I'm interested in.
>
Also it means that only one recipe can ever manage that file. In most
>
cases that's fine, but in others, it won't work. Example: I have two
>
different cookbooks that add keys to the root authorized_keys file in some
>
cases. Or what if two different things want to insert things in the
>
modprobe.conf? I have a system config recipe that inserts lines into the
>
modprobe.conf to disable IPv6 and a KVM recipe that inserts the kvm module
>
lines.
We're in the same boat on things like Nagios NRPE configs where
depending on the role of the server different checks need to be
present or not. We're planning to handle it with templates and
conditional Ruby blocks. Our plan is to use the roles the server
belongs to activate particular blocks for checks specific to those
roles. I would imagine a similar solution might work in your scenario.
That would be much cleaner than patching I would imagine.
-J
Archive powered by MHonArc 2.6.16.