Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Authoritative Resource Sets

Building Authoritative Resource Sets

chef is additive by nature. Removing resource definitions from recipes will not remove the resources from the system. This can be confusing for beginner chefs. An authoritative resource set is a term used to describe a resource set containing only the resources defined in the chef recipes.

The "zap" pattern emerged as a way to build authoritative resource sets. The LWRPs from the zap cookbook, https://github.com/nvwls/zap, will be presented as well as various use cases.

This talk was presented at ChefConf 2014.

Joe Nuspl

April 17, 2014

More Decks by Joe Nuspl

Other Decks in Programming


  1. “Authoritative Resource Sets” • A set of resources that only

    contains resources defined by chef. • Chef is action based. action is a keyword. • action :create • action :delete
  2. Example package ‘foo’ cron ‘email 503 report’ do minute ‘59’

    hour ‘23’ command ‘grep ,503, /var/log/httpd/access.log | mail noc -s “503 Report”’ end package ‘bar’
  3. Day 10 • Still zero 503 errors. Problem solved. •

    “We don’t need the 503 report anymore.”
  4. Solution #2 package ‘foo’ # Remove after 05/01 cron ‘email

    503 report’ do action :delete end package ‘bar’
  5. Solution #3 package ‘foo’ # Remove after 05/01 cron ‘email

    503 report’ do action :delete only_if { ::Crontab.exists?(‘email 503 report’) } end package ‘bar’
  6. “Authoritative resource sets” • Chef should automagically delete resources that

    are not defined as part of the resource set of the current run
  7. Behind the scenes INFO: Processing cron[ossec] action create (zap::test line

    19) INFO: Processing cron[tmpwatcher] action create (zap::test line 23) … INFO: Processing zap_crontab[root] action delete (zap::test line 27) INFO: zap_crontab[root] keeping cron[ossec] INFO: zap_crontab[root] keeping cron[tmpwatcher] INFO: zap_crontab[root] zapping cron[503 report] … INFO: Processing cron[503 report] action delete (dynamically defined) INFO: cron[503 report] deleted crontab entry