General discussion about Chef

[chef] RE: Re: Re: Re: RE: Augeas support


Chronological Thread 
  • From: Kevin Keane Subscription < >
  • To: < >
  • Subject: [chef] RE: Re: Re: Re: RE: Augeas support
  • Date: Tue, 19 Feb 2013 05:16:35 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=sendgrid.info; h=subject :from:to:mime-version:content-type:in-reply-to:references :sender; q=dns; s=smtpapi; b=WkxFLZl8JSYXpH3jgEsevAJTAPKm/yzsBZd RjcqcnOWyTAu4juRcFleELmB7BEOFTYn48jocCh5qcZArrDQ6Fwl/LuNB57KD5kz G0LOhRPcJoRC0JwKgfIi6KMEVEjWGrv6gq8Wkogv0pKOFYI57QXQ+myrq97nWAMX 9iAYl2R8=
Title: RE: [chef] Re: Re: Re: RE: Augeas support

-----Original message-----
> From:Joshua Timberman <
 
 ">
 >
> 
> By all means, don't use the community cookbook if it doesn't fit your preference, use case, supported platforms or standards.

Totally understood. Unfortunately, when it comes to such a basic cookbook as Apache, that means foregoing a very large share of the benefit of Chef - too many community cookbooks depend on it.

> Using Apache HTTPD as an example is a great exploration into the insanity of managing something that is at it's core relatively simple to install and run. At the end of the day, you have:
> 
> 1. A package of files that get extracted on disk.
> 2. A configuration file.
> 3. A daemonized service that runs.

I think this goes to the core of the matter. That assumption may have been true a few years ago, but it isn't any more today. Today, this is really only the middle of the day. At the end of the day, you also have (at least):

4. The PKI infrastructure for SSL support (support for /etc/pki/tls as well as NSS)
5. A couple dozen RPM packages that assume that they can drop their configuration file into /etc/httpd/conf.d
6. Other packages such as logwatch and logrotate built around RedHat's assumptions.
7. Daemon user names (which users do or don't need permissions on httpd.conf or the SSL keys?)
8. (Currently) 160 SELinux file contexts that refer to the original paths.
9. 30 SELinux booleans that need to be supported.
8a and 9a. The same thing for AppArmor on the platforms that use that.

Not saying that all of these things aren't working with the OpsCode cookbook (in fact, most probably do work), just that they are as much part of setting up Apache as the first items you mentioned are.

I completely understand where you are coming from. The development effort is staggering as it is, and we all appreciate what you do. Coming up with a universal Apache cookbook may well be an impossible chore. As you said, insanity. I understand that. Maybe ultimately the solution is to have two separate cookbooks, one for RedHat, one for Debian.


Archive powered by MHonArc 2.6.16.

§