Can Chef be used to alert manual changes?

Let say I install Java 6 on a node using chef,
if someone goes and install java 7 on it, can chef alert me and tell me?
or is there a tool on the top of Chef that can help me do that?

Haven’t done it yet, but the report handler can tell you what are the
resources that were updated in the chef run. The chef-run will bring back
to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya medya.gh@gmail.com wrote:

Let say I install Java 6 on a node using chef,
if someone goes and install java 7 on it, can chef alert me and tell me?
or is there a tool on the top of Chef that can help me do that?


Regards
nirish okram

I meant if someone goes and install a different java manualy (not through a
chef run) can that be detected ?

On Wed, Aug 12, 2015 at 12:12 PM, niristotle okram nirish.okram@gmail.com
wrote:

Haven’t done it yet, but the report handler can tell you what are the
resources that were updated in the chef run. The chef-run will bring back
to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya medya.gh@gmail.com wrote:

Let say I install Java 6 on a node using chef,
if someone goes and install java 7 on it, can chef alert me and tell me?
or is there a tool on the top of Chef that can help me do that?


Regards
nirish okram

If you re-run chef-client on a node that has had a previously-successful chef-client run, it will re-converge the necessary cookbook(s) to put the node into the desired state. In you example, the original cookbook that installed java will detect that a different java has been (manually) installed, and re-install its java version. You can write report handlers to send a notification (email?) if a cookbook converged.

Chris

From: Medya [mailto:medya.gh@gmail.com]
Sent: Wednesday, August 12, 2015 1:20 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: can Chef be used to alert manual changes?

I meant if someone goes and install a different java manualy (not through a chef run) can that be detected ?

On Wed, Aug 12, 2015 at 12:12 PM, niristotle okram <nirish.okram@gmail.commailto:nirish.okram@gmail.com> wrote:
Haven’t done it yet, but the report handler can tell you what are the resources that were updated in the chef run. The chef-run will bring back to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya <medya.gh@gmail.commailto:medya.gh@gmail.com> wrote:
Let say I install Java 6 on a node using chef,
if someone goes and install java 7 on it, can chef alert me and tell me?
or is there a tool on the top of Chef that can help me do that?


Regards
nirish okram

You could also use Chef Audit Mode and write a test that does something
like expect “java -version” to return 6.x and if it returns 7, it would
alert you.

  • Julian

On Wed, Aug 12, 2015 at 3:37 PM Fouts, Chris Chris.Fouts@sensus.com wrote:

If you re-run chef-client on a node that has had a previously-successful
chef-client run, it will re-converge the necessary cookbook(s) to put the
node into the desired state. In you example, the original cookbook that
installed java will detect that a different java has been (manually)
installed, and re-install its java version. You can write report handlers
to send a notification (email?) if a cookbook converged.

Chris

From: Medya [mailto:medya.gh@gmail.com]
Sent: Wednesday, August 12, 2015 1:20 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: can Chef be used to alert manual changes?

I meant if someone goes and install a different java manualy (not through
a chef run) can that be detected ?

On Wed, Aug 12, 2015 at 12:12 PM, niristotle okram nirish.okram@gmail.com
wrote:

Haven’t done it yet, but the report handler can tell you what are the
resources that were updated in the chef run. The chef-run will bring back
to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya medya.gh@gmail.com wrote:

Let say I install Java 6 on a node using chef,

if someone goes and install java 7 on it, can chef alert me and tell me?

or is there a tool on the top of Chef that can help me do that?

Regards
nirish okram

Julian, any example of Chef Audit mode?

On Wed, Aug 12, 2015 at 6:16 PM, Julian C. Dunn jdunn@aquezada.com wrote:

You could also use Chef Audit Mode and write a test that does something
like expect “java -version” to return 6.x and if it returns 7, it would
alert you.

  • Julian

On Wed, Aug 12, 2015 at 3:37 PM Fouts, Chris Chris.Fouts@sensus.com
wrote:

If you re-run chef-client on a node that has had a previously-successful
chef-client run, it will re-converge the necessary cookbook(s) to put the
node into the desired state. In you example, the original cookbook that
installed java will detect that a different java has been (manually)
installed, and re-install its java version. You can write report handlers
to send a notification (email?) if a cookbook converged.

Chris

From: Medya [mailto:medya.gh@gmail.com]
Sent: Wednesday, August 12, 2015 1:20 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: can Chef be used to alert manual changes?

I meant if someone goes and install a different java manualy (not through
a chef run) can that be detected ?

On Wed, Aug 12, 2015 at 12:12 PM, niristotle okram <
nirish.okram@gmail.com> wrote:

Haven’t done it yet, but the report handler can tell you what are the
resources that were updated in the chef run. The chef-run will bring back
to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya medya.gh@gmail.com wrote:

Let say I install Java 6 on a node using chef,

if someone goes and install java 7 on it, can chef alert me and tell me?

or is there a tool on the top of Chef that can help me do that?

Regards
nirish okram

Hi Medya, I haven’t had a chance to try it, but this blog has what looks
like a good example of getting started.
http://jtimberman.housepub.org/blog/2015/04/03/chef-audit-mode-introduction/

I also noticed that they are starting to release some pre packaged audits
for CIS benchmarks

I honestly wasn’t aware of this function till this thread.
On Thu, Aug 13, 2015 at 11:05 AM Medya medya.gh@gmail.com wrote:

Julian, any example of Chef Audit mode?

On Wed, Aug 12, 2015 at 6:16 PM, Julian C. Dunn jdunn@aquezada.com
wrote:

You could also use Chef Audit Mode and write a test that does something
like expect “java -version” to return 6.x and if it returns 7, it would
alert you.

  • Julian

On Wed, Aug 12, 2015 at 3:37 PM Fouts, Chris Chris.Fouts@sensus.com
wrote:

If you re-run chef-client on a node that has had a previously-successful
chef-client run, it will re-converge the necessary cookbook(s) to put the
node into the desired state. In you example, the original cookbook that
installed java will detect that a different java has been (manually)
installed, and re-install its java version. You can write report handlers
to send a notification (email?) if a cookbook converged.

Chris

From: Medya [mailto:medya.gh@gmail.com]
Sent: Wednesday, August 12, 2015 1:20 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: can Chef be used to alert manual changes?

I meant if someone goes and install a different java manualy (not
through a chef run) can that be detected ?

On Wed, Aug 12, 2015 at 12:12 PM, niristotle okram <
nirish.okram@gmail.com> wrote:

Haven’t done it yet, but the report handler can tell you what are the
resources that were updated in the chef run. The chef-run will bring back
to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya medya.gh@gmail.com wrote:

Let say I install Java 6 on a node using chef,

if someone goes and install java 7 on it, can chef alert me and tell me?

or is there a tool on the top of Chef that can help me do that?

Regards
nirish okram

dude, at least google search once,
http://jtimberman.housepub.org/blog/2015/04/03/chef-audit-mode-introduction/

On Thu, Aug 13, 2015 at 8:04 AM, Medya medya.gh@gmail.com wrote:

Julian, any example of Chef Audit mode?

On Wed, Aug 12, 2015 at 6:16 PM, Julian C. Dunn jdunn@aquezada.com
wrote:

You could also use Chef Audit Mode and write a test that does something
like expect “java -version” to return 6.x and if it returns 7, it would
alert you.

  • Julian

On Wed, Aug 12, 2015 at 3:37 PM Fouts, Chris Chris.Fouts@sensus.com
wrote:

If you re-run chef-client on a node that has had a previously-successful
chef-client run, it will re-converge the necessary cookbook(s) to put the
node into the desired state. In you example, the original cookbook that
installed java will detect that a different java has been (manually)
installed, and re-install its java version. You can write report handlers
to send a notification (email?) if a cookbook converged.

Chris

From: Medya [mailto:medya.gh@gmail.com]
Sent: Wednesday, August 12, 2015 1:20 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: can Chef be used to alert manual changes?

I meant if someone goes and install a different java manualy (not
through a chef run) can that be detected ?

On Wed, Aug 12, 2015 at 12:12 PM, niristotle okram <
nirish.okram@gmail.com> wrote:

Haven’t done it yet, but the report handler can tell you what are the
resources that were updated in the chef run. The chef-run will bring back
to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya medya.gh@gmail.com wrote:

Let say I install Java 6 on a node using chef,

if someone goes and install java 7 on it, can chef alert me and tell me?

or is there a tool on the top of Chef that can help me do that?

Regards
nirish okram

You mean like this? :wink:

On Thu, Aug 13, 2015 at 8:29 AM, Ranjib Dey dey.ranjib@gmail.com wrote:

dude, at least google search once,

http://jtimberman.housepub.org/blog/2015/04/03/chef-audit-mode-introduction/

On Thu, Aug 13, 2015 at 8:04 AM, Medya medya.gh@gmail.com wrote:

Julian, any example of Chef Audit mode?

On Wed, Aug 12, 2015 at 6:16 PM, Julian C. Dunn jdunn@aquezada.com
wrote:

You could also use Chef Audit Mode and write a test that does something
like expect “java -version” to return 6.x and if it returns 7, it would
alert you.

  • Julian

On Wed, Aug 12, 2015 at 3:37 PM Fouts, Chris Chris.Fouts@sensus.com
wrote:

If you re-run chef-client on a node that has had a
previously-successful chef-client run, it will re-converge the necessary
cookbook(s) to put the node into the desired state. In you example, the
original cookbook that installed java will detect that a different java has
been (manually) installed, and re-install its java version. You can write
report handlers to send a notification (email?) if a cookbook converged.

Chris

From: Medya [mailto:medya.gh@gmail.com]
Sent: Wednesday, August 12, 2015 1:20 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: can Chef be used to alert manual changes?

I meant if someone goes and install a different java manualy (not
through a chef run) can that be detected ?

On Wed, Aug 12, 2015 at 12:12 PM, niristotle okram <
nirish.okram@gmail.com> wrote:

Haven’t done it yet, but the report handler can tell you what are the
resources that were updated in the chef run. The chef-run will bring back
to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya medya.gh@gmail.com wrote:

Let say I install Java 6 on a node using chef,

if someone goes and install java 7 on it, can chef alert me and tell me?

or is there a tool on the top of Chef that can help me do that?

Regards
nirish okram


Yoshi Spendiff
Ops Engineer
Indochino
Mobile: +1 778 952 2025
Email: yoshi.spendiff@indochino.com

I’d suggest you start with the “Audit a node for compliance” tutorial on
LearnChef (https://learn.chef.io/).

  • Julian

On Thu, Aug 13, 2015 at 11:04 AM Medya medya.gh@gmail.com wrote:

Julian, any example of Chef Audit mode?

On Wed, Aug 12, 2015 at 6:16 PM, Julian C. Dunn jdunn@aquezada.com
wrote:

You could also use Chef Audit Mode and write a test that does something
like expect “java -version” to return 6.x and if it returns 7, it would
alert you.

  • Julian

On Wed, Aug 12, 2015 at 3:37 PM Fouts, Chris Chris.Fouts@sensus.com
wrote:

If you re-run chef-client on a node that has had a previously-successful
chef-client run, it will re-converge the necessary cookbook(s) to put the
node into the desired state. In you example, the original cookbook that
installed java will detect that a different java has been (manually)
installed, and re-install its java version. You can write report handlers
to send a notification (email?) if a cookbook converged.

Chris

From: Medya [mailto:medya.gh@gmail.com]
Sent: Wednesday, August 12, 2015 1:20 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: can Chef be used to alert manual changes?

I meant if someone goes and install a different java manualy (not
through a chef run) can that be detected ?

On Wed, Aug 12, 2015 at 12:12 PM, niristotle okram <
nirish.okram@gmail.com> wrote:

Haven’t done it yet, but the report handler can tell you what are the
resources that were updated in the chef run. The chef-run will bring back
to java6 in your case and will show up in the report.

On Wed, Aug 12, 2015 at 10:08 AM, Medya medya.gh@gmail.com wrote:

Let say I install Java 6 on a node using chef,

if someone goes and install java 7 on it, can chef alert me and tell me?

or is there a tool on the top of Chef that can help me do that?

Regards
nirish okram