I’m currently investigating possibility to use chef-provisioning + chef to bootstrap complicated environments. There are many competitors like ansible, terraform, etc. So in 2018 I’m asking myself, am I right that I’m trying to use such tools, like chef-provisioning? Currently they are looking young and not maintained well, aren’t they?
There is still not clear about feature plans, but I want to believe that chef-provisioning will become a standard for chef stack.
I like Chef used pure language like ruby for automation instead of a DSL, which limits us.
Now, when I started my investigations on chef provisioning I see number of issues. Annoying one: most common use-cases aren’t documented well, so I have to ready sources, blogs and watch videos. We need a tutorial here: how to start from scratch:
- How to create repo
- Which settings to specify in
.chef/config.rb. Put all stuff under version control or ignore something
- When/How to run
chef-client -z- local mode deprecated. What will be next?
- Run against existing chef-server
Another and most important for me - lack of flexibility of bootstrapping process with chef-provisioning.
convergence_strategyis hardcoded by a driver and can not be manipulated and overwritten
convergeis mixed and responsible for several tasks, like choose transport (winrm, ssh, whatever), install chef-client via mixlib, prepare chef objects and actual converge. All hardcoded. Need different actions?
- Chef-client installation is fully depends on mixlib-install, but mixlib-install doesn’t allow customization from my side. I must provide only url to custom install script.
To be clear, here is my use-case: I’m trying to bootstrap environment offline using the following plan:
- Create temporary bootstrap-repo and cookbook for provisioning
- Create number of artifacts locally (like chef-client, chef-server, etc). Here is mixlib-install helps.
- Go offline
- Use bootstrap-repo to provision chef-server with local chef-zero: here are the dragons:
a. Chef always tries to install chef-client and I can’t control this
b. Specifying custom
install_sh_urlis not possible because I haven’t infrastructure yet to specify any url. chef-install.sh scripts forces me to do that and checks that I have http/https in the url.
c. There is a trick: if
/opt/cheffolder exists chef-install.sh tries to validate installed version and skips further installation. But it is hack and I can’t relay on it.
d. I must maintain locally set of artifacts for Debian/Ubuntu/CentOs in case hybrid infrastructure
e. I though to use habitat exported chef.tar.gz to bootstrap any sever which works nice, but chef-install.sh knows nothing about that. What are you plans on habitat?
f. machine_file is not idempotent, not sure how to properly deal with this.
not_if/only_ifsection? But I have to execute commands remotely? use
g. machine_exec - same issue.
h. I see, that chef-provisioning uses native ruby net/ssh. This cool but huge amount of work already done in https://github.com/capistrano/sshkit. I successfully used this library to produce a “farbirc”/“ansible” like tool based on ruby: remote execs, tests, upload, downloads, batches, etc. It also has different backends, like
ssh- execute remotely,
local- execute locally,
printer- just prints command locally, useful for dryrun, you can implement custom backends, like
I really think that Chef is the best one tool for configuration and I want to help, contribute, and, of course, solve my particular case. But it is not clear for me what to do?