General discussion about Chef

[chef] RE: Re: Re: Appending to an existing file, i.e nginx site


Chronological Thread 
  • From: Kevin Keane Subscription < >
  • To: < >
  • Subject: [chef] RE: Re: Re: Appending to an existing file, i.e nginx site
  • Date: Tue, 19 Mar 2013 08:26:35 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=sendgrid.info; h=subject :from:to:mime-version:content-type:in-reply-to:references :sender; q=dns; s=smtpapi; b=b3OtZaw9BCHMa4wb+fZS3VpgH1HAbY9fGqU s9E8+YALdkRC0E1VaquIxySmBmuggNIqMXyuaXdm+cAOejBC81NtCNMtT9+f7Z/E SCJSzZyLT+MrEXDeFia7NJuNHqk7TMjpJ2e4lWXtOxbuqkzVMQACzA31Udwjid7t ZZlW7Gr4=
Title: RE: [chef] Re: Re: Appending to an existing file, i.e nginx site
+1

No, it's not a practical edict, and in many cases it can be very counterproductive and even cause security problems.

The chef philosophy is that you don't edit partial files, but only generate a complete copy of a configuration file. I can understand where that's coming from. In many cases, it does make sense - but in my mind this approach is vastly overused in chef. In a few cases, chef itself actually breaks the philosophy - that's why there are resources to manage /etc/fstab and /etc/exports, for instance.

The main issue I have with it isn't even with global files such as /etc/sysctl.conf or /etc/hosts.

The far bigger elephant in the room is that distribution vendors usually provide well-tuned configuration files that shouldn't be clobbered, but rather surgically manipulated.

That said, the surgical approach can be very difficult to implement in a generalized way. Multiline context-sensitive edits are non-trivial; for instance, the nginx configuration file. You have to be able to detect not just whether the appropriate entry exists with all the multiple lines in place, but also that it actually is in the right place; you can't just append it to the end of a file and expect it to work.

To make matters even more complicated, nginx configuration file support including other files.

So to make this work, you have three options:

- Create a one-off solution that encodes a lot of assumptions about how your particular configuration file is structured.
- Implement a complete parser that understands nginix configuration files and translates it into something like json/XML/DOM, then allows you to manipulate it, and write out only the manipulated parts.
- Generate the complete configuration file.

So, in this specific scenario, and many similar ones, I can understand where AJ's statement came from. It's just vastly overused.

-----Original message-----
> From:Michael Della Bitta <
 
 ">
 >
> Sent: Tuesday 19th March 2013 7:29
> To: 
 
 ">
 
> Subject: [chef] Re: Re: Appending to an existing file, i.e nginx site
> 
> On Mon, Mar 18, 2013 at 4:24 PM, AJ Christensen <
 
 ">
 > wrote:
> > Please don't edit files that already exist. Please never do this.
> 
> Is that really a practical edict? What about files like
> /etc/sysctl.conf needing to be written to by multiple recipes?
> 
> FileEdit works, but it gets a bad rap on this list. Chef's going to
> need a canonical and supported way to do this...
> 
> 
> Michael Della Bitta
> 
> ------------------------------------------------
> Appinions
> 18 East 41st Street, 2nd Floor
> New York, NY 10017-6271
> 
> www.appinions.com
> 
> Where Influence Isn’t a Game
>

Archive powered by MHonArc 2.6.16.

§