[chef] Re: Re: A line resource?

["John E. Vincent (lusis)" < >]

On Mon, Jan 9, 2012 at 12:36 AM, KC Braunschweig
<
 >
 wrote:
> There's http://augeas.net/ . It can be used for something like this. I
> think the puppet people use it, or at least they did a year ago (the
> last time I touched puppet). Haven't heard of this with Chef. I would
> try to avoid this if at all possible. It's at least very hard to be
> idempotent with this sort of editing.
>
> KC
>

KC is pretty spot on. The general rule is to either let chef manage
the whole file or not at all. Anyone who has used Augeus will tell you
that it's more trouble that it's worth in the long run (especially if
you shave the lens yak). If your application supports the concept of a
.d directory, you can let chef manage overrides as fragments there.

Obviously, not everything is perfect though. There are situations and
applications that still only work with a monolithic config file and
you might want to manage a subset. A good example is haproxy. At my
former employer, we wanted to manage haproxy backends based on
services that various instances needed. In that case, we leveraged
haproxy_join (https://github.com/joewilliams/haproxy_join) to build
the monolithic file for us. It worked/works awesome.

The point being, it might be worth your while to write a small utility
like that or ultimately an LWRP that builds the final file for you.

You can also use the tried and true sed approach. I do this for things
like cross-platform sshd_config editing to modify PermitRootLogin for
Rackspace Cloud nodes. (https://gist.github.com/1231ecf138da10662eae)

The biggest thing to be careful of is that you don't inadvertently
trigger a a service restart.