Comments (5)
bcg62
commented on August 11, 2024
@nkadel-skyhook the zap cookbook tries to address this issue at a higher level. You can probably use it to accomplish this. https://github.com/nvwls/zap
from sudo.
nkadel-skyhook
commented on August 11, 2024
Thanks for the pointer: there are similar issues for the nagios, bind, and nginx cookbooks.
Nico Kadel-Garcia
Email: [email protected]:[email protected]
Sent from iPhone
On Dec 4, 2015, at 11:51, "Brendan Germain" <[email protected]mailto:[email protected]> wrote:
@nkadel-skyhookhttps://github.com/nkadel-skyhook the zap cookbook tries to address this issue at a higher level. You can probably use it to address this issue. https://github.com/nvwls/zap
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/62#issuecomment-162018285.
from sudo.
tas50
commented on August 11, 2024
At the moment you have to use the delete action to cleanup old entries. We don't have a native accumulator concept in chef to properly cleanup non-chef managed data, but we could write something or use zap. It's probably worth doing.
from sudo.
tas50
commented on August 11, 2024
I'm closing this since this is more of a chef-client issue and less of an issue with this cookbook. We actively manage files and we don't deal with files we don't manage. That's a pretty core concept in Chef and deleting non-managed files in this directory would go against that concept. Nothing stops you from writing logic to look at the sudo resource that have executes and nuke anything else. That's up to you if you feel comfortable executing something like that in your environment.
from sudo.
nkadel-skyhook
commented on August 11, 2024
May I respectfully disagree with this approach?
If it was the "users" or "yum" recipe, I'd agree with your reasoning. Even "hostsfile" depends on not clearing away various OS published components.
But tandard package deployment tools do not seem to touch /etc/sudoers.d. And as soon as sudoers.d is activated by the sudo cookbook, then it becomes like /etc/nginx/sites-enabled, which is kept pruned by the "nginx" cookbook", or /etc/httpd/sites-enabled on RHEL, which is kept pruned by the apache2 cookbook. Non-chef-managed entries are automatically cleared, successfully, on every chef client run. This allows mere disabling of a chef managed recipe to also clear the old configuration file, without having to write local wrappers to delete them and without havingi to force the ongoing use of obsolete recipes in a "remove" mode.
But the persistent use of cookbooks which merely deploy add-on features and never clean up after themselves, and force the local admin having to write and maintain their local set of wrapper cookbooks to do cleanup as well as deployment, has been problematic. And extra entries in /etc/sudoers.d can break chef deployed configurations. So it seems worth some effort.
If I can find cycles to write in a "zap" cleanup, would you be amenable to a pull requiest to support this? Ideally as a "default enabled" option?
from sudo.
Related Issues (20)
- New version fails on Chef 11.10 HOT 2
- sudo resource question HOT 12
- [BUG] sudo resource sudo package installation HOT 2
- Resource Documentation is messed up HOT 2
- visudo missing from PATH during cron runs HOT 4
- sudo resource chokes on group strings HOT 1
- mode cannot be user-defined for /etc/sudoers.d
- sudo resource ignores group string if user string set HOT 2
- Chefspec matchers have disappeared between version 4.0.0 and 4.0.1 HOT 3
- Sudo package installation HOT 2
- Issue with sudoers being created. HOT 3
- Is this cookbook being deprecated HOT 2
- visudo not found in PATH after new sudoers is generated. HOT 2
- Syntax issue in metadata.rb HOT 1
- Error executing action `create` on resource 'template[/etc/sudoers.d/patchusr]' HOT 1
- sudo apt-get install git
- 5.4.7 release includes some mac dot underscore files HOT 3
- AttributeNotFound: could not find filename for attribute default._ORIGINAL in cookbook sudo
- Remove 'sysadmin' group default HOT 2
- default node['authorization']['sudo']['passwordless'] is ignored HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sudo.