[chef] Re: RE: Re: RE: Re: RE: Re: Keeping DNS configuration eerrors from breaking working server with bind cookboks


Chronological Thread 
  • From: Ameir Abdeldayem < >
  • To:
  • Subject: [chef] Re: RE: Re: RE: Re: RE: Re: Keeping DNS configuration eerrors from breaking working server with bind cookboks
  • Date: Wed, 25 Jun 2014 16:21:17 -0400

I do something that sounds similar enough in one of my cookbooks, but with nginx.

I have the following resource:

execute 'test nginx config' do

  command 'nginx -t'

  notifies :reload, 'service[nginx]', :delayed

end

When a template is modified, you can tell it to notify the execute resource immediately to test the config (you can do this with action :nothing; I use this as-is at the end of a recipe so a reload happens at the end of each good run).  At the end, nginx is then reloaded if all tests pass.  Otherwise, the Chef run will fail when the test fails.  If you pair this with "ignore_failure true" like Julian suggested, you could probably achieve what you're looking for.  I don't believe that the execute resource will trigger the notification on a failure with "ignore_failure true", but I have not tried myself.

I hope that helps, even if just a little.

Thanks,

Ameir



On Wed, Jun 25, 2014 at 3:54 PM, Kadel-Garcia, Nico < " target="_blank"> > wrote:
The "execute" part is easy, I've done some tests with that. I can even wrap the service commands in an "if" statement to use different start_command and restart_command when the verification tools is available, and when it's not.

The difficulty I'm having is getting it to run immediately before the delayed notification based service restarts, reloads, or starts, without also running before all of any modified configuration files have been deployed.  I'd originally just stuck it into the start_command, reload_command, etc. as part of the execution string, but that seems  less than graceful.

Once it's working, then yes, an LWRP or enhancement to the basic "service" toolkit might be in order. I'd love to see it for other daemons, such as HTTPD, that have configuration testers.


--
Nico Kadel-Garcia
Senior Systems Consultant
Email: ">
Cell Phone: +1.339.368.2428




-----Original Message-----
From: Daniel DeLeo [mailto: "> ] On Behalf Of Daniel DeLeo
Sent: Wednesday, June 25, 2014 3:13 PM
To: ">
Subject: [chef] Re: RE: Re: RE: Re: Keeping DNS configuration eerrors from breaking working server with bind cookboks



On Wednesday, June 25, 2014 at 11:21 AM, Kadel-Garcia, Nico wrote:

> The extent to which I do *not* want to re-invent RFC compliant BIND verification, in ruby, from scratch, cannot be overstated. "named-checkconf" and "named-checkzone" do a pretty good job.

No one was suggesting you do that.

Maybe you could set up your file/template resources to notify an execute resource which will run the config checker, which in turn will fail if the config is invalid. That could be wrapped up in a LWRP to make it easy to reuse.

--
Daniel DeLeo





Archive powered by MHonArc 2.6.16.

§