New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Idempotency #64

Merged
merged 2 commits into from Jan 5, 2015

Conversation

Projects
None yet
4 participants
@ehaselwanter
Contributor

ehaselwanter commented Jan 5, 2015

Various resources get executed even if there is no change needed. While this is fine it 'pollutes' chef's statistics about updated resources e.g. when someone is monitoring those data using a chef-handler will see changes/updates on each converge:

e.g. within
https://github.com/TelekomLabs/chef-os-hardening/blob/master/recipes/minimize_access.rb

I would probably split "group" and "other" into separate resources and guard them by "only_if" filters using "find #{folder} -perm -g+w " and "find #{folder} -perm -o+w "

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Dec 4, 2014

Member

hey @rmoriz sounds like great idea. Are you describing https://github.com/TelekomLabs/chef-os-hardening/blob/master/recipes/minimize_access.rb#L26 ? Anything else? You mentioned various resources?

Member

chris-rock commented Dec 4, 2014

hey @rmoriz sounds like great idea. Are you describing https://github.com/TelekomLabs/chef-os-hardening/blob/master/recipes/minimize_access.rb#L26 ? Anything else? You mentioned various resources?

@rmoriz

This comment has been minimized.

Show comment
Hide comment
@rmoriz

rmoriz Dec 4, 2014

Chef marks "changes" in green, so here's just a dump of an example converge.

(same thing with the ssh-hardning cockbook)

rmoriz commented Dec 4, 2014

Chef marks "changes" in green, so here's just a dump of an example converge.

(same thing with the ssh-hardning cockbook)

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Dec 8, 2014

Member

@rmoriz we schedule this improvement for our next release this year...

Member

chris-rock commented Dec 8, 2014

@rmoriz we schedule this improvement for our next release this year...

ehaselwanter added some commits Jan 5, 2015

ignore coverage folder
TelekomLabs-DCO-1.1-Signed-off-by: Edmund Haselwanter <me@ehaselwanter.com> (github: ehaselwanter)
add guard to execute
TelekomLabs-DCO-1.1-Signed-off-by: Edmund Haselwanter <me@ehaselwanter.com> (github: ehaselwanter)
@coveralls

This comment has been minimized.

Show comment
Hide comment
@coveralls

coveralls Jan 5, 2015

Coverage Status

Coverage remained the same when pulling f7fb196 on ehaselwanter:issues-64 into 74ac9ef on TelekomLabs:master.

coveralls commented Jan 5, 2015

Coverage Status

Coverage remained the same when pulling f7fb196 on ehaselwanter:issues-64 into 74ac9ef on TelekomLabs:master.

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock
Member

chris-rock commented Jan 5, 2015

@ehaselwanter amazing

chris-rock added a commit that referenced this pull request Jan 5, 2015

@chris-rock chris-rock merged commit ff0859d into dev-sec:master Jan 5, 2015

1 check passed

continuous-integration/travis-ci The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment