Tollef Fog Heen firstname.lastname@example.org writes:
We’re not crazy about adding resource method solely for this. The
simplest solution is to just run “invoke-rc.d --disclose-deny” all the
time. The big question here, is there a use case where you would have
the service disabled by policy but still want Chef to keep running if
you ask it to start it? Laurent? Thom? Tollef? (CHEF-597 )
Well, invoke-rc.d is not what is used by init, invoke-rc.d is used by
maintainer scripts to decide what, if anything, should be done on
The symlinks in /etc/rc$runlevel.d/ are usually what controls if a
service should start.
I think we shouldn’t use invoke-rc.d, but rather use the service
A use case for having policy-rc.d decline anything invoke-rc.d asks it
would be to not restart services on upgrade, but rather handle that
through chef or similar mechanisms.
To solve Laurent’s use case, I’d say just diverting the service command
at the start and undiverting it afterwards would be just as sane as
That’s correct, I could also do that instead of using policy-rc.d.
Using policy-rc.d seems so much cleaner and simpler though.
instead of using the test_policy method, what about running
invoke-rc.d with --disclose-deny all the time, catch the 101 error
code, warn and ignore by default, raise when the resource is called
with the error_on_policy_violation option ?