You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 14, 2021. It is now read-only.
The basic Linux Group provider in Chef is, IMHO, a bit broken which given the base nature of provider I would classify this as a bug. From my experience there is only two ways to get the Group provider to act in a Idempotent fashion from a Chef perspective
group "foo" do
gid 1234
members [ "user1", "user2", "user ]
action :create
end
group "foo" do
append true
excluded_members [ "user1"]
action :modify
end
The following is one example of using the Group provider which triggers on every convergence
group "ssl-cert" do
append "true
members [ "www-data" ]
action :modify
end
There are numerous issues with this resource triggering when no action should be taken - the biggest being that I can not notifications reliably.
At the end of the day what I really want the group provider to be able to do is add a user or set of users to an existing group and not add them if they are already part of the group. This is something that I think is a reasonable expectation for base level of an action
The text was updated successfully, but these errors were encountered:
To add more color I think the problem simply lies in the fact that group creation does "more than it should"
For me what is happening is that on recipe one I say
group "foo" do
gid 12345
action :create
end
to simply make sure the group exists so I can lay down files with that owner ship.
The problem is that definition in reality is saying not only make sure that the group exists but that there are no members.
If I have a later recipe that adds a user to that group then on the next run the original group resource will zero out the member list and all other resources on the group retrigger.
It makes sense to me that a group resource that does not specify any members should not take action on the members of a group which the bare group create does.
I know that you may not want to break backwards compat so maybe adding an attribute to the resource which prevents the zero out of the groups is the way to go.
I personally think the current behavior is wrong but my opinion and $2.75 gets you on the NYC subway system.
For now I am getting around this with not_if guards BTW
The basic Linux Group provider in Chef is, IMHO, a bit broken which given the base nature of provider I would classify this as a bug. From my experience there is only two ways to get the Group provider to act in a Idempotent fashion from a Chef perspective
group "foo" do
gid 1234
members [ "user1", "user2", "user ]
action :create
end
group "foo" do
append true
excluded_members [ "user1"]
action :modify
end
The following is one example of using the Group provider which triggers on every convergence
group "ssl-cert" do
append "true
members [ "www-data" ]
action :modify
end
There are numerous issues with this resource triggering when no action should be taken - the biggest being that I can not notifications reliably.
At the end of the day what I really want the group provider to be able to do is add a user or set of users to an existing group and not add them if they are already part of the group. This is something that I think is a reasonable expectation for base level of an action
The text was updated successfully, but these errors were encountered: