Chef is very intuitive, especially when using Opscode and community cookbooks. Typically, the cookbooks from Opscode and the community will be idempotent, one of the main tenants of Chef. Some cookbooks may not include all of the desired functionality and additions, through wrapper cookbooks, may need to be made.
Grep is a key tool for using Linux and can even benefit us when managing Linux machines with Chef. In order to maintain idempotence, we can use grep in our recipes. This allows recipes to only use blocks of ruby when they have not been run before or the state has changed.
In the code below, we want to install the SELinux module called "added_semodule" to the Amazon Linux node from our file /tmp/added_semodule.pp, a reconfigured SELinux module. We do not want to install the module if it has already been installed earlier.
--------------------
case node["platform"]
when "amazon"
execute 'added_semodule' do
command "semodule -i /tmp/added_semomdule.pp"
action :run
not_if 'semodule -l | grep added_semodule'
end
end
--------------------
This example shows how we can test if the module is installed already by listing the installed SELinux modules and using grep to reduce the results to our specific module "added_semodule".
No comments:
Post a Comment