I have downloaded the monit and firewall cookbooks, and I can see that
they use various strategies to allow other cookbooks to configure
monitoring or setup firewall rules.
That is the monit cookbooks, typically define a monitrc resource which
can be used in other cookbooks such as mysql; so
monitrc “mysql” do
or the fire wall offers a rule like so;
firewall_rule “mysql” do
But wouldn’t it make sense to offer that abstraction at a higher level,
and promote Process and Ports to the resource level, and rather than
couple your app to monit as above, just have your mysql::server recipe
declare the resources that monit might use.
port “mysql” do
process “mysql” do
And monit can come and enumerate any ports and pids that it should be
monitoring from the node in its monit::install recipe… The same
applies to the firewall cookbook. Its not like there are not some very
well used common abstractions in monitoring and fire-walling
Any suggestions on whether someone has done this already, and why it
might not make sense to do this would be appreciated…?