Chef 12.1 + audit mode + chef-solo?

Roland_Moriz1 · 2015-03-05 16:59:39 UTC

Hi,

does chef-solo intentionally not support audit mode? Why?

thanks
Roland

Lamont_Granquist · 2015-03-05 19:34:03 UTC

No, but this is another example of why chef-client -z is better than
chef-solo. There’s a few dozen other priorities when doing code review
that have higher mental priority than chef solo users and the
double-patching to support chef-solo often slips through the cracks.
Peer review is done by humans and is never perfect. Its not deliberate,
but its predictable that issues like this will continue to happen to
chef-solo and it will lag behind.

On 3/5/15 8:59 AM, Roland Moriz wrote:

Hi,

does chef-solo intentionally not support audit mode? Why?

thanks
Roland

jdunn · 2015-03-10 04:56:21 UTC

Just to be clear, our intended roadmap relevant to audit mode is:

Implement RFC031 to replace Solo entirely with Zero.
https://github.com/chef/chef-rfc/blob/master/rfc031-replace-solo-with-local-mode.md
Implement some mechanism for Chef Client talking in audit mode to a
Zero “server” to feed its audit data somewhere (Chef Analytics)

HTH,
Julian

On Thu, Mar 5, 2015 at 2:34 PM, Lamont Granquist lamont@chef.io wrote:

No, but this is another example of why chef-client -z is better than
chef-solo. There’s a few dozen other priorities when doing code review that
have higher mental priority than chef solo users and the double-patching to
support chef-solo often slips through the cracks. Peer review is done by
humans and is never perfect. Its not deliberate, but its predictable that
issues like this will continue to happen to chef-solo and it will lag
behind.

On 3/5/15 8:59 AM, Roland Moriz wrote:

Hi,

does chef-solo intentionally not support audit mode? Why?

thanks
Roland

–
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I’m ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

holoway · 2015-03-10 05:23:37 UTC

And because this has come up in the past, and I want to be absolutely clear:

Only when local mode is a safe, complete super-set of Solo will we
switch - that (likely) means a mode that doesn’t include binding to a port.
chef-solo, the binary, will always exist.

Adam

On Mon, Mar 9, 2015 at 9:56 PM, Julian C. Dunn jdunn@aquezada.com wrote:

Just to be clear, our intended roadmap relevant to audit mode is:

Implement RFC031 to replace Solo entirely with Zero.

https://github.com/chef/chef-rfc/blob/master/rfc031-replace-solo-with-local-mode.md
2. Implement some mechanism for Chef Client talking in audit mode to a
Zero “server” to feed its audit data somewhere (Chef Analytics)

HTH,
Julian

On Thu, Mar 5, 2015 at 2:34 PM, Lamont Granquist lamont@chef.io wrote:

No, but this is another example of why chef-client -z is better than
chef-solo. There’s a few dozen other priorities when doing code review
that
have higher mental priority than chef solo users and the double-patching
to
support chef-solo often slips through the cracks. Peer review is done by
humans and is never perfect. Its not deliberate, but its predictable that
issues like this will continue to happen to chef-solo and it will lag
behind.

On 3/5/15 8:59 AM, Roland Moriz wrote:

Hi,

does chef-solo intentionally not support audit mode? Why?

thanks
Roland

–
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I’m ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

Roland_Moriz1 · 2015-03-12 11:36:40 UTC

Hi,

Am 10.03.2015 um 06:23 schrieb Adam Jacob adam@chef.io:

And because this has come up in the past, and I want to be absolutely clear:

Only when local mode is a safe, complete super-set of Solo will we switch - that (likely) means a mode that doesn’t include binding to a port.

chef-solo, the binary, will always exist.

Adam

On Mon, Mar 9, 2015 at 9:56 PM, Julian C. Dunn jdunn@aquezada.com wrote:
Just to be clear, our intended roadmap relevant to audit mode is:

Implement RFC031 to replace Solo entirely with Zero.
https://github.com/chef/chef-rfc/blob/master/rfc031-replace-solo-with-local-mode.md

Implement some mechanism for Chef Client talking in audit mode to a
Zero “server” to feed its audit data somewhere (Chef Analytics)

HTH,
Julian

On Thu, Mar 5, 2015 at 2:34 PM, Lamont Granquist lamont@chef.io wrote:

No, but this is another example of why chef-client -z is better than
chef-solo. There’s a few dozen other priorities when doing code review that
have higher mental priority than chef solo users and the double-patching to
support chef-solo often slips through the cracks. Peer review is done by
humans and is never perfect. Its not deliberate, but its predictable that
issues like this will continue to happen to chef-solo and it will lag
behind.

Okay, I really understand that chef-solo is deprecated, however knife-solo was a nice way to roll out chef in small setups where neither an in-house chef-server nor hosted-chef was an option.
I personally like knife-zero very much (see https://github.com/higanworks/knife-zero) which combines the benefits of “chef-client -z” with a “server-less” setup like knife-solo did in the past.
However migration from knife-solo to knife-zero isn’t done easily, because chef-zero crashes with the “chef-solo-search” cookbook somewhere in the dependency list [1].

Anyhow, would really appreciate, if Chef, Inc. would support such an entry-level solution because it’s significant for the community usage of chef and the low entry-barrier for non-enterprise users.

regards
Roland

[1] https://github.com/chef/chef-zero/issues/118 https://github.com/test-kitchen/test-kitchen/issues/591

jdunn · 2015-03-12 14:45:08 UTC

On Thu, Mar 12, 2015 at 7:36 AM, Roland Moriz rmoriz@gmail.com wrote:

Okay, I really understand that chef-solo is deprecated, however knife-solo was a nice way to roll out chef in small setups where neither an in-house chef-server nor hosted-chef was an option.
I personally like knife-zero very much (see https://github.com/higanworks/knife-zero) which combines the benefits of “chef-client -z” with a “server-less” setup like knife-solo did in the past.
However migration from knife-solo to knife-zero isn’t done easily, because chef-zero crashes with the “chef-solo-search” cookbook somewhere in the dependency list [1].

Anyhow, would really appreciate, if Chef, Inc. would support such an entry-level solution because it’s significant for the community usage of chef and the low entry-barrier for non-enterprise users.

Yeah… we’ve contemplated this in ChefDK (some wag has called it
"Ansible mode"). Thanks for the feedback. I’m not certain we’d ingest
the existing tools directly, but the workflow idea is a nice one.

Julian

–
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I’m ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]