Chef Idempotence using Grep

Chef is very intuitive, especially when using Opscode and community cookbooks. Typically, the cookbooks from Opscode and the community will be idempotent, one of the main tenants of Chef. Some cookbooks may not include all of the desired functionality and additions, through wrapper cookbooks, may need to be made.

Grep is a key tool for using Linux and can even benefit us when managing Linux machines with Chef. In order to maintain idempotence, we can use grep in our recipes. This allows recipes to only use blocks of ruby when they have not been run before or the state has changed.

In the code below, we want to install the SELinux module called "added_semodule" to the Amazon Linux node from our file /tmp/added_semodule.pp, a reconfigured SELinux module. We do not want to install the module if it has already been installed earlier.

--------------------
case node["platform"]
when "amazon"
execute 'added_semodule' do
  command "semodule -i /tmp/added_semomdule.pp"
  action :run
  not_if 'semodule -l | grep added_semodule'
end
end
--------------------

This example shows how we can test if the module is installed already by listing the installed SELinux modules and using grep to reduce the results to our specific module "added_semodule".

Chef Client Debug

The errors returned by Chef are not always the most useful when the error occurs in the operating system rather than in the Chef client. Sometimes we just need more info on what the Chef Client is doing. Give "chef-client -l debug" a try. This should give you all the info you will ever need about your chef client run.

There are additional log levels when running the Chef client besides debug. Those levels include info, warn, error, and fatal. You can try the different levels to get different information back from the Chef Client run.

tl;dr
Try
chef-client -l debug

More info at: (search for log_level)
https://docs.chef.io/ctl_chef_client.html