Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Always use a resolver for Chef Infra Server nginx locations

We have had several occurrences of failure leading to high sev tickets in Native aws chef servers and other usage of nginx in ephemeral environments. One customer in particular is experiencing regular failure as a result of nginx' startup cached data being stale during resolutions for services.

 

Instead of this in the template /opt/opscode/embedded/cookbooks/private-chef/templates/default/nginx/nginx_chef_api_lb.conf.erb now

 

location ~ "^/organizations/([^/]+)/validate" {
  allow 127.0.0.1;
  allow ::1;
  deny all;
  proxy_pass http://opscode_erchef;
}

 

Could we instead always do something like this, forcing proper resolution each time?

 

resolver WORKING_RESOLVER_IP from the system

 

set $block_specific_proxy_pass_url http://CHEF_SERVER_SERVICE_NAME;

 

location ~ "^/organizations/([^/]+)/validate" {
  allow 127.0.0.1;
  allow ::1;
  deny all;
  proxy_pass $block_specific_proxy_pass_url;
}

 

Detail: https://www.nadeau.tv/post/nginx-proxy_pass-dns-cache/

  • Sean Horn
  • Nov 14 2019
  • Currently Declined
  • Attach files
  • Admin
    Tim Smith commented
    12 Feb, 2021 04:23am

    @Sean HornSean at the moment this doesn't fit in the team backlog so I'm going to mark it currently declined. We'll reevaluate that in the near future and see if it's something that we could potentially take on. Until then I'm trying to understand the impact of this on customers and the type of server setup where it's potentially a problem. Any additional information you can provide would be great.