What you’re describing is a situation where Chef is dealing with
out-of-band changes. The idea with any configuration management framework
you implement is that it becomes the source of truth for configuration. If
an out-of-band change occurs and it tramples on configuration that Chef is
managing, Chef will put it back into the state your code expects it to be
It’s generally bad practice to either 1) have critical configuration you
care about happen out-of-band, or 2) have two automatic configuration
processes manage the same thing; one of them will beat up on the other (or
worse, they’ll constantly revert one another).
So I think your choices here are to either:
Migrate the logic of that local script into Chef. Pull that logic into
your configuration management policies so there’s no ambiguous third-party
process doing who knows what and anyone can turn to one source that
describes the totality of your system configuration logic in one place.
That becomes grokable and, therefore, maintainable and sustainable. It
also removes the conflict.
Stop managing the content of the config file for MyService with Chef and
let that local script always manage it. Break up the bits of logic that
configure your entire application into separate places that may not be
grokable to anyone without tribal knowledge about your stack. But that
also removes the conflict.
You can probably guess which one I’d recommend.
George Miranda — Partner Engineering
512.481.2876 – email@example.com – Linkedin
getchef.com http://www.getchef.com/ Blog
https://twitter.com/chef Youtube https://www.youtube.com/getchef
Watch #ChefConf 2014 Presentations http://www.youtube.com/user/getchef
On Sun, Jun 22, 2014 at 2:24 PM, Justin Franks firstname.lastname@example.org
Chef reads file /etc/somefile which contains a list of IP addresses
(The list of IP addresses in /etc/somefile will change on occasion)
Chef builds a config of MyService and uses the IP addresses in
/etc/somefile in the config it builds
The file /etc/somefile changes. It now contains a new list of IP addresses
A local script catches the change and updates the config of MyService to
reflect the new IP addresses
Moments later Chef runs again as normally scheduled.
Does Chef read the file /etc/somefile, notice the new IP addresses and
update the config thus “undoing” what the local script did?
Or will Chef say, “Hey, something changed the config for MyService. I
better put it back to its original state by reverting the changes in the
Lead Operations Engineer
SaaS, Cloud, Data Centers & Infrastructure
Lithium Technologies, Inc
225 Bush St., 15th Floor
San Francisco, CA 94104
tel: +1 415 757 3100 x3219