Chef wants to manage config files as templates. I get that. I’m wondering
how people are handling system configuration files that are large and
sometimes unwieldy? For example, in Red Hat, the /etc/sendmail.cf is 700
lines and we update just one. Should I really keep a template or cookbook
file for something like that? We are running primarily RH4 and RH5 and have
identified the following choices for system configuration files:
Appropriate them as templates or manage them with complex string
substitution in ruby/bash blocks and manual checks to enforce idempotence.
The first has pitfalls. We shouldn’t be managing system files at that
level. Patching should be an automated process, and trying to keep an eye
on system files during the patch process is not something I’m interested in.
Also it means that only one recipe can ever manage that file. In most
cases that’s fine, but in others, it won’t work. Example: I have two
different cookbooks that add keys to the root authorized_keys file in some
cases. Or what if two different things want to insert things in the
modprobe.conf? I have a system config recipe that inserts lines into the
modprobe.conf to disable IPv6 and a KVM recipe that inserts the kvm module
On the other hand, using regex string substitutions in files is complex, can
be messy looking and I’m getting the impression this method is discouraged.
I also regard the use of the bash block as the last resort in a recipe. But
it has the easiest way to do string substitution in files (using sed). I
have been using this to manage settings in sshd_config, sendmail.cf,
submit.cf, and a few other places.
So those are my thoughts. What are others doing to manage ssh configs,
sendmail, snmp, module configs, etc? I’m really curious.