The first thing that came to my mind was to have a mix between attributes used as "configuration drivers" and straight commands. Afaict you will have a broad range of control but in can quickly become cumbersome so be wary of this.
Note that I'm pretty much new to Chef. I'm sure other more experienced members of the community will pop over with a better solution.
I'd rather have a bit more control, and that doesn't help for our RH family boxen.--~*~ StormeRider ~*~"Every world needs its heroes [...] They inspire us to be better than we are. And they protect from the darkness that's just around the corner."(from Smallville Season 6x1: "Zod")
On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSSOn Mon, Sep 29, 2014 at 3:39 PM, Brian Pitts < " target="_blank"> > wrote:Depending on your tolerance for automatic security upgrades, on ubuntu
and debian you could use
https://supermarket.getchef.com/cookbooks/unattended-upgrades
--
On Mon, Sep 29, 2014 at 5:32 PM, Morgan Blackthorne
< " target="_blank"> > wrote:
> We have our own mirror for ubuntu, but we don't force the latest version. I
> don't think we have RHEL or OL or Debian mirrors at the moment, though.
>
> Forcing the latest version might just be the simplest way to resolve it.
>
> --
> ~*~ StormeRider ~*~
>
> "Every world needs its heroes [...] They inspire us to be better than we
> are. And they protect from the darkness that's just around the corner."
>
> (from Smallville Season 6x1: "Zod")
>
> On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS
>
> On Mon, Sep 29, 2014 at 3:26 PM, AJ Christensen
> < > wrote:
>>
>> yo,
>>
>> On Tue, Sep 30, 2014 at 11:23 AM, Morgan Blackthorne
>> < " target="_blank"> > wrote:
>> > I'm looking to see if there's a good way to help manage patching of
>> > vulnerabilities with Chef. This Shellshock one seems to be a great
>> > example
>> > of why Chef would be a helpful tool for the job, since it's just a
>> > package
>> > in need of upgrading (bash).
>> >
>> > My question is, what's the best way in Chef to say "for this
>> > distribution
>> > and release, ensure that this package is at least at version X" without
>> > potentially downgrading the package down the road? I want to set a
>> > minimum
>> > bar, but I don't wan't to permanently pin the version.
>>
>> I like pushing sec packages into a signed internal repository. Always
>> roll to latest. Makes the chef code simple(r), especially for managing
>> multiple edges.
>>
>> Some providers support pessimistic version specifications (~>). They
>> may be of use.
>>
>> --aj
>>
>> >
>> > Thoughts? Thanks!
>> >
>> > --
>> > ~*~ StormeRider ~*~
>> >
>> > "Every world needs its heroes [...] They inspire us to be better than we
>> > are. And they protect from the darkness that's just around the corner."
>> >
>> > (from Smallville Season 6x1: "Zod")
>> >
>> > On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS
>
>
Brian Pitts
Web Operations Engineer
Archive powered by MHonArc 2.6.16.