Is there a pattern I should be following for a maintenance window or scheduling major changes in Chef? Something like a cookbook has code to apply a SQL Server Service Pack, but I only want that applied after 8PM as an example. I know I could code that into an IF block in my recipe, but wanted to see if there’s a slick way of doing this that I’m not thinking of.
I currently have chef-client running as a scheduled task on 15min intervals, and I’d like to keep that going - it’s super useful for non-major changes.
-Ray
3 Likes
When I was a chef customer and had to upgrade nodes, I was not in a position to be able to declare maintenance windows for our public cloud product, but I did have a infra environments where I could automate the roll out. First we edited all of our test-kitchen yamls in CI to download the desired new client and ensure nothing blew up and fix what did. Next we updated a staging environment running our application in a non customer facing environment and made sure that all converged and behaved smoothly. Then we did a rolling upgrade through our customer facing data centers where we would typically start with one data center, move to another few serially and finally blast the rest at once.
That all said, other environments and businesses may vary and a simpler approach may suffice. However, I would always at least do a Test-Kitchen smoketest on test instances with the new client version against all cookbooks.
1 Like
I guess I meant more in terms of time scheduling vs pipeline workflow. I don’t think I explained that clearly. 
Maybe an example:
Let’s say I have a new cookbook version that will apply a Service Pack to a SQL Server. I can’t have this apply just at any time, it needs to be in a scheduled window of some kind timing-wise (maybe 8PM-10PM or so).
Is there a pattern i should be following to do this? I want to keep my chef-client runs happening continuously, but certain certain changes need a little more control timing-wise.
A couple of ways I can think to do this:
- An IF statement in my cookbook that looks at the current time, and only evaluates true when it’s during the maintenance window (this seems overly complicated to me)
- “Promoting” a change to a role or policy that tells chef-client to use the cookbook with the updated logic just before the maintenance window, either manually or with something like Jenkins.
Is there something I’m not thinking about?
Ahh I see. In my organization’s case we took the second route. We would bump cook books in our dev and qa environments very liberally controlled by commit hooks. However, we would “promote” those environments to staging and prod at a scheduled time and a human would “press the promote button”.
My concern with the first approach is that you would end up with cruft in the cookbooks around guards for schedules that could become unwieldy.
2 Likes
This is exactly what I was looking for. Thanks for the response, Matt. Very much appreciated.