I have a cluster of several hundred nodes managed by Chef 0.10(.4) and a
private chef server. The cookbooks for this cluster are a jumbled, crufty
mess. I would like to take a stab at a clean slate with Chef 12.
My plan is to bring up a set of test nodes that represent all of the roles
we need to support using a new private chef (test) server to minimize the
impact of this experiment. But, assuming that impulse is not just
programmer hubris, we are going to need to eventually upgrade our current
server and clients.
I do not want to re-key hundreds of clients if I can help it, and the data
in the Chef 10 server is valuable, so I would like to upgrade in place if
possible. This means we will likely need to support both 10 & 12
simultaneously (though hopefully briefly as we roll through the fleet and
upgrade all of them). We are already using organizations to separate
testing environments and production on our cookbooks, so that cookbook
changes do not impact production until they have been vetted. But creating
a new organization for the upgraded clients still means we need to move
their node & client records to the new organization.
So, my questions are:
- First and foremost, is this upgrade path feasible?
- What are the perils of serving a Chef 12 client data from a Chef 10
server?
- What are the perils of upgrading a Chef 10 server to Chef 12?
- Should I upgrade the server through Chef 11?
- What is the least painful way to upgrade the various clients while
keeping their keys & data?
- Am I going down a path that will lead to madness?
Any thoughts or guidance you might have on how to approach this would be
greatly appreciated!
-e
–
Erik Ogan
erik@change.org
415.BE.MESSY
I can't speak to a lot of this, but I can relate when we moved from Chef
0.10.something to Chef 11 last year.
We used chefdk and basically rewrote our cookbooks (they were a mess and
needed to be abandoned anyway) for Chef 11.
Our migration was to, on the nodes, uninstall chef 10, rm -rf /etc/chef,
then bootstrap the node with chef 11 with the environments and roles
applicable.
We did not see any reason to keep the chef 10 server/data and we have not
had a need to access it since we migrated.
Kent
On Tue, Jul 14, 2015 at 9:50 AM, Erik Ogan erik@change.org wrote:
I have a cluster of several hundred nodes managed by Chef 0.10(.4) and a
private chef server. The cookbooks for this cluster are a jumbled, crufty
mess. I would like to take a stab at a clean slate with Chef 12.
My plan is to bring up a set of test nodes that represent all of the roles
we need to support using a new private chef (test) server to minimize the
impact of this experiment. But, assuming that impulse is not just
programmer hubris, we are going to need to eventually upgrade our current
server and clients.
I do not want to re-key hundreds of clients if I can help it, and the data
in the Chef 10 server is valuable, so I would like to upgrade in place if
possible. This means we will likely need to support both 10 & 12
simultaneously (though hopefully briefly as we roll through the fleet and
upgrade all of them). We are already using organizations to separate
testing environments and production on our cookbooks, so that cookbook
changes do not impact production until they have been vetted. But creating
a new organization for the upgraded clients still means we need to move
their node & client records to the new organization.
So, my questions are:
- First and foremost, is this upgrade path feasible?
- What are the perils of serving a Chef 12 client data from a Chef 10
server?
- What are the perils of upgrading a Chef 10 server to Chef 12?
- Should I upgrade the server through Chef 11?
- What is the least painful way to upgrade the various clients while
keeping their keys & data?
- Am I going down a path that will lead to madness?
Any thoughts or guidance you might have on how to approach this would be
greatly appreciated!
-e
--
Erik Ogan
erik@change.org
415.BE.MESSY
On 07/14/2015 07:50 AM, Erik Ogan wrote:
- What are the perils of serving a Chef 12 client data from a Chef
10 server?
So you probably want to do this the other way around. Hosted Chef still
serves Chef 10 clients from a Chef-12 codebase fine so that is currently
in production use and will work.
There are going to be gotchas in upgrading from old private chef through
EC10/EC11, and you will not be able to do that in one upgrade, but I'm
not an expert on which versions you should target. You should reach out
to Chef support for help with that one, they can dig up the right
resources to directly help you with that.
Once your server is on 12, then the process will become a somewhat more
straightforwards process of fixing your cookbooks and upgrading clients.
On Tue, Jul 14, 2015 at 10:18 AM, Lamont Granquist lamont@chef.io wrote:
On 07/14/2015 07:50 AM, Erik Ogan wrote:
- What are the perils of serving a Chef 12 client data from a Chef 10
server?
So you probably want to do this the other way around. Hosted Chef still
serves Chef 10 clients from a Chef-12 codebase fine so that is currently in
production use and will work.
Thanks! That was my original assumption, I probably should have led with
it. Instead I ordered the list by how disruptive they would end up being.
There are going to be gotchas in upgrading from old private chef through
EC10/EC11, and you will not be able to do that in one upgrade, but I'm not
an expert on which versions you should target. You should reach out to Chef
support for help with that one, they can dig up the right resources to
directly help you with that.
Oh, yes, that’s also an excellent suggestion. Now that I’ve completed my
greenfield spike of trying to port some cookbooks over to 12, we should
probably do that process before we go any further down this path.
I’ll post a wrap-up if we find anything interesting that might help anyone
else in the future.
-e
--
Erik Ogan
erik@change.org
415.BE.MESSY
On 7/20/15 3:00 PM, Erik Ogan wrote:
On Tue, Jul 14, 2015 at 10:18 AM, Lamont Granquist <lamont@chef.io
mailto:lamont@chef.io> wrote:
On 07/14/2015 07:50 AM, Erik Ogan wrote:
* What are the perils of serving a Chef 12 client data from
a Chef 10 server?
So you probably want to do this the other way around. Hosted Chef
still serves Chef 10 clients from a Chef-12 codebase fine so that
is currently in production use and will work.
Thanks! That was my original assumption, I probably should have led
with it. Instead I ordered the list by how disruptive they would end
up being.
There are going to be gotchas in upgrading from old private chef
through EC10/EC11, and you will not be able to do that in one
upgrade, but I'm not an expert on which versions you should
target. You should reach out to Chef support for help with that
one, they can dig up the right resources to directly help you with
that.
Oh, yes, that’s also an excellent suggestion. Now that I’ve completed
my greenfield spike of trying to port some cookbooks over to 12, we
should probably do that process before we go any further down this path.
I’ll post a wrap-up if we find anything interesting that might help
anyone else in the future.
That would be a very useful write up. Particularly if you can document
the server 10->12 steps. There are known, fairly disruptive attribute
changes in Chef 10->11 and the Chef 11 announcements on the blog from a
few years ago cover that if you can dig it up. We/I would be very
interested in whatever hitches you wind up finding in Chef 11->12
because it should be pretty backwards compatible and closer to a minor
version bump -- if there's any outstanding bugs in 12 that are 11
upgrade blockers, we're not aware of it at this point either.