厨师 - 重复菜谱执行
首先,厨师是否可以(并且这是良好的做法)在特定角色上以指定的时间间隔运行菜谱吗?
我有一个 ruby 脚本来管理用户帐户和 ssh 身份,它目前每小时在 cron 上运行一次,出于显而易见的原因,我想将它变成 Chef 菜谱(我希望它出现在所有机器上)。
我可以看到两种方法:
要么将脚本转换为模板,配方将简单地将模板渲染到给定路径,然后注册一个 cronjob
,要么
将脚本分解为资源、提供程序等,然后让 Chef 运行它每小时。
有想法吗?
First off, can (and is it good practice) chef run a recipe at a specified interval on a specific role?
I've got a ruby script which manages user accounts and ssh identities, it currently runs on a cron every hour and I'd like to turn it into a Chef recipe for obvious reasons (I want it to be there on all machines).
I can see two ways of doing this:
Either turn the script into a template, the recipe would simply render the template to a given path and then register a cronjob
OR
Break the script into resources, providers, etc., and have Chef run it every hour.
Ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以将 Chef-client 作为守护进程运行(-d 选项,如 init 脚本中使用),或者在服务管理工具(如 下)运行新贵,runit/daemontools 或 bluepill。您当然也可以从 cron 启动它 - 只需确保不在那里运行守护程序模式:)。
Chef 的资源提供程序采取幂等操作将资源配置为所需状态。这意味着,如果 Chef 已在系统上运行,则仅当资源与配方所述不匹配时才会修改资源。例如,如果您有一个菜谱,其中写着:
该软件包将在 Chef 第一次运行时安装,并且不会再次修改,除非该软件包从系统中删除,或者您修改了资源。同样,haproxy 服务将被启用(通过平台的服务管理工具,通常是 /etc/rc*.d 中的符号链接),然后启动(例如,通过 /etc/init.d/haproxy start)。最后,只有当模板的内容发生变化时,Chef 才会渲染模板的新版本。对于模板,它根据 SHA256 校验和来确定这一点。
有一些例外 - 如果您不提供某种限定符条件,execute、script 和 ruby_block 资源就不是幂等的。
此外,Chef 在使用服务器时没有“一次性”或“一次性”菜谱运行列表。最近,Chef 邮件列表上有一个帖子,内容涉及主题。
You can run chef-client as a daemon (-d option, as used in init scripts), or under a service management tool like upstart, runit/daemontools or bluepill. You can certainly also launch it from cron - just make sure to not run daemon mode there :).
Chef's resource providers take idempotent actions to configure the resources to be in the desired state. This means that if Chef has already run on the system, it only modifies resources if they do not match what the recipe says. For example, if you have a recipe that says:
The package will be installed the first time chef runs and won't be modified again unless the package were removed from the system, or you modify the resource. Likewise, the haproxy service will be enabled (through your platform's service management tools, usually symlinks in /etc/rc*.d) and then started (e.g., via /etc/init.d/haproxy start). Finally only if the content of the template changes will Chef render a new version of the template. For templates it determines this based on a SHA256 checksum.
There are a few exceptions - execute, script and ruby_block resources are not idempotent without you providing some kind of qualifier conditional.
Also, Chef doesn't have "one time" or "one off" recipes run lists when using the server. There was a thread on the Chef mailing list recently about the topic.
两者都是可行的。
您提到的选项是:
1)
这很容易开始(对你的脚本没有真正的改变,它只是确保它在那里)
记住厨师每次都会运行每个食谱......正如 jtimberman 所说:“它只会修改资源,如果他们这样做与食谱不符”。所以你的食谱应该在新模板发生变化时覆盖它。
或 2)
此选项更像厨师,并且可能更可靠和可扩展 - 特别是当您将更多基础设施置于厨师管理之下时。
如果你的 Chef 客户端是守护进程,或者 Chef-solo 在 cron 上运行,那么它会非常有用。
在这种情况下,您可以使用“用户”、“组”和“文件”等资源(用于复制 ssh 密钥)来设置配方。有关详细信息,请参阅此处: http://wiki.opscode.com/display/chef/ Resources#Resources-File
然后,您最好的选择是使用“数据包”(json 数据)来存储用户详细信息,并根据该信息安装您的用户。这正是 opscode 在本配方中所做的(查看 ./recipe/sysadmins.rb 以获得灵感):
https://github.com/opscode/cookbooks/tree/master/users
请注意他们正在使用厨师服务器(或操作码平台)。如果您使用的是 Chef-solo,则需要将 'search(:users, 'groups:sysadmin')' 替换为您自己的数据包文件,该文件可以在 Chef-solo 可以获取的位置找到(可下载,或在您的 Chef 中找到) -回购)。
Both are feasible.
Your options you mentioned were:
1)
This is easy to get started (no real change to your script, it just ensures it's there)
Remember that chef runs every recipe, every time.... As jtimberman said: "it only modifies resources if they do not match the recipe". So your recipe should just overwrite new template when it changes.
OR 2)
This option is more chef-like, and probably more reliable and scalable -- especially as you put more infrastructure under chef management.
It'll work great if your chef client is daemonized, or chef-solo is run on cron.
In this case you could setup a recipe using resources like the 'user', 'group' and 'file' (to copy ssh keys). See here for details: http://wiki.opscode.com/display/chef/Resources#Resources-File
Then, you're best bet is to use a 'data-bag' (json data) to store user details, and install your users based on that. It's exactly what opscode have done in this recipe (look in ./recipe/sysadmins.rb for inspiration):
https://github.com/opscode/cookbooks/tree/master/users
Just be aware they are using chef-server (or opscode platform). If you're using chef-solo you'll need to replace 'search(:users, 'groups:sysadmin')' with your own data-bag file found somewhere chef-solo can get at it (downloadable, or within your chef-repo).