[chef] RE: Re: Keeping DNS configuration eerrors from breaking working server with bind cookboks

["Kadel-Garcia, Nico" < >]

   From: Julian C. Dunn 
[mailto:
 
 
  Sent: Monday, June 23, 2014 11:20 AM
  To: 

 
  Subject: [chef] Re: Keeping DNS configuration eerrors from breaking working 
server with bind cookboks

  Can you just use "ignore_failure true" on the resources you don't care 
about?

  - Julian

Not as things stand, no. For example, the old bind9 cookbook doesn't even 
support DNS slaves, only forwarding. So it has no way to configure a failover 
server for when the upstream chef managed DNS server has an issue. And 
various classes of errors, such as various classes typos in the data bags or 
accidentally having two distinct data bags for the same DNS domain, will 
attempt to be loaded to the DNS server even when they pass any reasonable 
JSON verification tool.

That kills the BIND DNS server, and services that rely on it, quite dead. So 
getting a configuration verification as a separate step seems, to me at 
least, quite mandatory before trying to restart a core daemon. I do seem to 
have a handle on the problem: I'm defining a "bash" operation with "action 
:nothing", then summoning it with a rescue wrapped operation before the 
daemon is restarted.