-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remote_file cache attribute proposal #94
Conversation
I'm not sure I understand the goal here? So this is the client side of a Assuming this is bookshelf only, then on a standalone chef server we're Is there really not a cache invalidation strategy that could mitigate the KC On Wed, Feb 25, 2015 at 7:30 PM, Matt Ray notifications@github.com wrote:
|
@kcbraunschweig I think you might be confusing remote_file and cookbook_file here - the objective of this would be when you're downloading a remote_file from, say, http or FTP, you can have it cached on the Chef server to avoid the need to go out to the internet / other source every time. |
My concern is that the feature will never get turned on, because doing this at the level of an entire chef server is not granular enough. I absolutely agree that you'd probably never want to do this for a CI environment, but for a production environment you probably would; I think you'd want to do this at a per-environment level (which opens up a whole new can of worms). |
I think it might also be worth clarifying that the proxy mechanism on the server would ideally check for (and respect) cache headers, if-modified-since etc etc on the remote end. At the moment the RFC just specifies a configurable duration for cached content. |
Jon - my bad, I was confused. That is a terrifying use case for a On Thu, Feb 26, 2015 at 2:41 AM, Jon Cowie notifications@github.com wrote:
|
My goal with this proposed RFC was to see if others have similar issues with remote_file content and to see if the Chef server is an option for mirroring. Since the bandwidth in my lab is spotty and I've written cookbooks for apt-cacher, squid and bittorrent in the past, I naively thought other folks might want to leverage the Chef server this way. I hadn't considered leveraging Bookshelf or any of Chef's access controls, I just wanted a transparent proxying cache. Clearly @kcbraunschweig's use case is very different from mine and I didn't spend much time on the details, I can support myself if people don't think it's a useful suggestion for a wider userbase that warrants greater investigation. |
Security concerns seem to outweigh any benefit. With this enabled, any node could trivially DoS the Chef Server by requesting too many/too big caches. Having a high-quality (drop in?) resource for something like Herd or Murder seems like an even better solution to the problem without most of the downsides. |
Withdrawn. |
The remote_file Resource will add a new attribute
cache
requesting that the Chef Server mirror the file.