What Is Idempotence?

Configuration management programs such as CFEngineChefPuppetAnsible, and Salt talk about idempotency. What exactly does that mean? Lets look at the Merriam-Webster definition:

idempotent (adjective | idem·po·tent | \ˈī-dəm-ˌpō-tənt) relating to or being a mathematical quantity which when applied to itself under a given binary operation (as multiplication) equals itself; also relating to or being an operation under which a mathematical quantity is idempotent.

I'm not sure that helps us. Lets look at Wikipedia's definition:

Idempotence (/ˌaɪdᵻmˈpoʊtəns/ eye-dəm-poh-təns) is the property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application.

This definition is much closer. In terms of Configuration Management, idempotency is the desired state. Running a configuration management utility like Ansible will bring the system to this state. With a brand new server, this will be every change necessary to have a properly configured server. In the case of an existing running machine, idempotency is about detecting any changes and correcting only these changes. Lets give some examples using simple BASH commands.

Suppose you have a dev server with certain directories owned by the developer. Some of the developers have sudo capability, and every once in awhile some of their files end up being owned as root. Lets say this is a web project with the files located under /var/www/html. You could easily runsudo chown -R $(OWNER) /var/www/html/$ (SITE) but this will cause a few problems. Looking at these files with stat, we see every single file has it's change timestamp updated. I attribute all these writes from doing exactly this to the death of a server's SSD after only two months. This shotgun approach will fix the problem, but it's not idempotent as all files in the directory are being changed, not just the files with incorrect ownership. Not only do we have excessive unneeded writes to the drive but more importantly we have no logging or understanding of what went wrong and what we fixed.... continue reading