Chef behavior question

Let’s say…

Chef reads file /etc/somefile which contains a list of IP addresses
(The list of IP addresses in /etc/somefile will change on occasion)
Chef builds a config of MyService and uses the IP addresses in /etc/somefile in the config it builds
The file /etc/somefile changes. It now contains a new list of IP addresses
A local script catches the change and updates the config of MyService to reflect the new IP addresses
Moments later Chef runs again as normally scheduled.
What happens?
Does Chef read the file /etc/somefile, notice the new IP addresses and update the config thus “undoing” what the local script did?
Or will Chef say, “Hey, something changed the config for MyService. I better put it back to its original state by reverting the changes in the config file.”


Justin Franks
Lead Operations Engineer
SaaS, Cloud, Data Centers & Infrastructure
Lithium Technologies, Inc
225 Bush St., 15th Floor
San Francisco, CA 94104
tel: +1 415 757 3100 x3219

Well, "Chef" is going to do whatever the code in the recipe is telling it
to do, really :slight_smile: So if the recipe decides to update the config file then
Chef will do so.

On Sun, Jun 22, 2014 at 2:24 PM, Justin Franks justin.franks@lithium.com
wrote:

Let's say...

Chef reads file /etc/somefile which contains a list of IP addresses
(The list of IP addresses in /etc/somefile will change on occasion)
Chef builds a config of MyService and uses the IP addresses in
/etc/somefile in the config it builds
The file /etc/somefile changes. It now contains a new list of IP addresses
A local script catches the change and updates the config of MyService to
reflect the new IP addresses
Moments later Chef runs again as normally scheduled.
What happens?
Does Chef read the file /etc/somefile, notice the new IP addresses and
update the config thus "undoing" what the local script did?
Or will Chef say, "Hey, something changed the config for MyService. I
better put it back to its original state by reverting the changes in the
config file."


Justin Franks
Lead Operations Engineer
SaaS, Cloud, Data Centers & Infrastructure
Lithium Technologies, Inc
225 Bush St., 15th Floor
San Francisco, CA 94104
tel: +1 415 757 3100 x3219

--
Best regards, Dmitriy V.

What you're describing is a situation where Chef is dealing with
out-of-band changes. The idea with any configuration management framework
you implement is that it becomes the source of truth for configuration. If
an out-of-band change occurs and it tramples on configuration that Chef is
managing, Chef will put it back into the state your code expects it to be
in.

It's generally bad practice to either 1) have critical configuration you
care about happen out-of-band, or 2) have two automatic configuration
processes manage the same thing; one of them will beat up on the other (or
worse, they'll constantly revert one another).

So I think your choices here are to either:

  • Migrate the logic of that local script into Chef. Pull that logic into
    your configuration management policies so there's no ambiguous third-party
    process doing who knows what and anyone can turn to one source that
    describes the totality of your system configuration logic in one place.
    That becomes grokable and, therefore, maintainable and sustainable. It
    also removes the conflict.

  • Stop managing the content of the config file for MyService with Chef and
    let that local script always manage it. Break up the bits of logic that
    configure your entire application into separate places that may not be
    grokable to anyone without tribal knowledge about your stack. But that
    also removes the conflict.

You can probably guess which one I'd recommend. :slight_smile:

HTH

George Miranda — Partner Engineering

512.481.2876 – gmiranda@getchef.com – Linkedin
http://www.linkedin.com/in/gmiranda23/ Twitter
https://twitter.com/gmiranda23

CHEF

GETCHEF.COM http://www.getchef.com/

TM

getchef.com http://www.getchef.com/ Blog
http://www.opscode.com/blog/ Facebook
https://www.facebook.com/getchefdotcom Twitter
https://twitter.com/chef Youtube https://www.youtube.com/getchef

Watch #ChefConf 2014 Presentations http://www.youtube.com/user/getchef

On Sun, Jun 22, 2014 at 2:24 PM, Justin Franks justin.franks@lithium.com
wrote:

Let's say...

Chef reads file /etc/somefile which contains a list of IP addresses
(The list of IP addresses in /etc/somefile will change on occasion)
Chef builds a config of MyService and uses the IP addresses in
/etc/somefile in the config it builds
The file /etc/somefile changes. It now contains a new list of IP addresses
A local script catches the change and updates the config of MyService to
reflect the new IP addresses
Moments later Chef runs again as normally scheduled.
What happens?
Does Chef read the file /etc/somefile, notice the new IP addresses and
update the config thus "undoing" what the local script did?
Or will Chef say, "Hey, something changed the config for MyService. I
better put it back to its original state by reverting the changes in the
config file."


Justin Franks
Lead Operations Engineer
SaaS, Cloud, Data Centers & Infrastructure
Lithium Technologies, Inc
225 Bush St., 15th Floor
San Francisco, CA 94104
tel: +1 415 757 3100 x3219