Sorry, I’ll try to provide a clear example:
I’ve got a 3rd party monitoring application that requires me to deploy the agents and plugins to all of the systems on my network. Here’s the cfengine syntax to do that:
This tells each system on the network to copy the monitoring agent and plugins from “monitoring_server”. There are multiple levels of directories under /opt/agent-software. It is “self healing”, because any missing or changed files on the destination servers are fixed next time cfengine runs. Only the files that need to change are updated. Cfengine guarantees that the source and destination directories are an exact match. I can make a quick change to an agent-plugin and next time cfengine runs, that change is installed on each server.
I think these are my choices if I want to do this in Chef:
remote_directory resource - It doesn’t preserve file permissions. If I set files_mode=755 on the files in /opt/agent-software, I’d have execute permissions on configuration files that should be read-only.
tar the directories and use the cookbook_file resource - If I want to be 100% sure that the destination isn’t corrupt, I’d have to untar the tar file on every chef run and restart the agent. With the cfengine configuration above, the agent would only be restarted if an individual file gets updated.
Create an rpm for agent-software and another for agent-plugins - To make this “self healing”, chef would need a “verify” action in the package resource. I’d use the “verify” action to verify that the target system’s install matches the contents of the rpm. If it doesn’t match, I’d install the rpm with a --force option. I also think creating and maintaining an rpm is a lot more complex that the cfengine setup above.
Are there any other Chef options for doing this?
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Michael Hale
Sent: Saturday, February 05, 2011 2:12 PM
Subject: [chef] Re: RE: Re: Need cfengine like copy to achieve Self Healing
I’m confused about how recursively copying a directory and preserving
permissions provides “self healing”. Can you elaborate on how that
feature of cfengine provides self healing in your environment? It is
possible there is a more idiomatic way to accomplish what you are
after in chef.
On Sat, Feb 5, 2011 at 2:06 PM, Steve Caissie firstname.lastname@example.org wrote:
I can apply the same mode to all of the files in a directory with remote_directory, but I don’t see any way to preserve the source directory’s permissions.
Ideally, I’d like to be able to copy from a local or remote source and preserve permissions. Cfengine offers this with the copy action.
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of Daniel DeLeo
Sent: Saturday, February 05, 2011 1:24 PM
Subject: [chef] Re: Need cfengine like copy to achieve Self Healing
On Sat, Feb 5, 2011 at 9:59 AM, Steve Caissie email@example.com wrote:
I’m trying to make my systems self healing with chef. I’ve been doing this
for many years with cfengine. I think chef needs a cfengine like copy
resource to make it easier to maintain a self healing environment.
In cfengine 2, the copy action has a recursive option that lets you preserve
permissions and create classes if files were changed. There doesn’t appear
to be any resource to do this in chef. You could use a tar file to preserve
permissions, but then the copy isn’t idempotent. There would be no easy way
to tell if files on the destination system have changed. You could put the
files into a package like an rpm, but those packages are more difficult to
maintain. I have a lot of directories that I need to copy and maintain. I
don’t want to create an rpm for every directory.
It would also be nice if chef didn’t have to import all of the files you
want to copy. I’d like to be able to change a directory tree without having
to tell Chef about the change.
To get around this limitation, I’m going to try to create an “rsync” LWRP in
Can you explain a bit more about how what you’re looking for differs
from the existing remote directory resource? Do you just want a
remote directory that uses a local (i.e., already exists elsewhere on
the filesystem) source? Do you need permissions that are more varied
than remote directory provides?
Director of Operations