PolicyFile and alternative sources

Ohai Chefs,

I am currently reviewing https://github.com/chef/chef-dk/blob/master/POLICYFILE_README.md as seems policyfile feature has been moving forward the last few months.

Under specifying alternative sources it says “ChefDK can fetch cookbooks from Supermarket, git, and local disk (other sources will be added in the future)”.

However the examples only show
cookbook ‘my_app’, path: 'cookbooks/my_app’
cookbook ‘mysql’, github: ‘opscode-cookbooks/mysql’, branch: ‘master’

I am wondering if you currently able to resolve from git location not on github. Can an internal gitlab location be used?

Also if you have an internal supermarket or minimart site can they be used as a policyfile source?

If this is possible any examples would be great.

-Phil

Philip Oliva
Senior Infrastructure Software Developer
BlackBerry Ltd.
"Fail quick, fail often, recover quickly"
http://ca.linkedin.com/pub/philip-oliva/67/74/10

On Wednesday, July 8, 2015 at 8:04 AM, Phil Oliva wrote:

Ohai Chefs,

I am currently reviewing https://github.com/chef/chef-dk/blob/master/POLICYFILE_README.md as seems policyfile feature has been moving forward the last few months.

Under specifying alternative sources it says “ChefDK can fetch cookbooks from Supermarket, git, and local disk (other sources will be added in the future)“.

However the examples only show
cookbook 'my_app', path: 'cookbooks/my_app'
cookbook 'mysql', github: 'opscode-cookbooks/mysql', branch: 'master'

This is good feedback. I will add examples for these. I also want to move the documentation to the main Chef Docs site soon, as the feature is mature enough to be documented there.

I am wondering if you currently able to resolve from git location not on github. Can an internal gitlab location be used?

The syntax for that is:

cookbook "foo", git: "git://example.com:me/foo-cookbook.git”

Also if you have an internal supermarket or minimart site can they be used as a policyfile source?
You should be able to use an internal supermarket as the default source, the syntax for that would be:

default_source :community, “https://your-supermarket.example

At the moment you may only have one default source, so every cookbook you want to use (that isn’t otherwise coming from a git repo or local path) would need to be mirrored there. I’m now working on allowing multiple default sources, though one caveat will be that cookbooks can only exist in one default source or the other, unless you explicitly say where you want the cookbook to be fetched from.

Also, at the time that code was written, supermarket was just getting going, but now everyone calls it supermarket, so I’m adding that as an alias, e.g.,

default_source :supermarket, “URL”

If you want to get just one or a few cookbooks from your private supermarket, but the rest from the public supermarket, I think this is possible with the code as written now, but I don’t have any testing around it and I think the syntax would be weird. If you need this specific feature, let me know and I’ll look into it.

If this is possible any examples would be great.

-Phil

Philip Oliva
Senior Infrastructure Software Developer
BlackBerry Ltd.
“Fail quick, fail often, recover quickly”
http://ca.linkedin.com/pub/philip-oliva/67/74/10

One final note, policyfiles are getting mature quite quickly now, but you might need to stick with the latest versions of Chef, Chef Server, and ChefDK for the next few months for everything to work well. For example, the upcoming ChefDK 0.7 has a command to show all your policy revisions and policy groups, but it requires Chef Server 12.1. We have some things planned (in particular, adding policyfile stuff to the node object) that you will only be able to use if you upgrade Chef Client and Chef Server together. That said, if you are happy with the way it works now, you should be able to upgrade the different components individually without problem.

--
Daniel DeLeo

Thanks Daniel for the examples.

@Daniel That good to hear multiple default_source for supermarket/minimart instances is being added. We probably end up having two source instances where one holds only internal cookbooks and another holds only mirrored community cookbooks.

-Phil

-----Original Message-----
From: Daniel DeLeo [mailto:ddeleo@kallistec.com] On Behalf Of Daniel DeLeo
Sent: Wednesday, July 08, 2015 11:30 AM
To: chef@lists.opscode.com
Subject: [chef] Re: PolicyFile and alternative sources

On Wednesday, July 8, 2015 at 8:04 AM, Phil Oliva wrote:

Ohai Chefs,

I am currently reviewing https://github.com/chef/chef-dk/blob/master/POLICYFILE_README.md as seems policyfile feature has been moving forward the last few months.

Under specifying alternative sources it says “ChefDK can fetch cookbooks from Supermarket, git, and local disk (other sources will be added in the future)“.

However the examples only show
cookbook 'my_app', path: 'cookbooks/my_app'
cookbook 'mysql', github: 'opscode-cookbooks/mysql', branch: 'master'

This is good feedback. I will add examples for these. I also want to move the documentation to the main Chef Docs site soon, as the feature is mature enough to be documented there.

I am wondering if you currently able to resolve from git location not on github. Can an internal gitlab location be used?

The syntax for that is:

cookbook "foo", git: "git://example.com:me/foo-cookbook.git”

Also if you have an internal supermarket or minimart site can they be used as a policyfile source?
You should be able to use an internal supermarket as the default source, the syntax for that would be:

default_source :community, “https://your-supermarket.example

At the moment you may only have one default source, so every cookbook you want to use (that isn’t otherwise coming from a git repo or local path) would need to be mirrored there. I’m now working on allowing multiple default sources, though one caveat will be that cookbooks can only exist in one default source or the other, unless you explicitly say where you want the cookbook to be fetched from.

Also, at the time that code was written, supermarket was just getting going, but now everyone calls it supermarket, so I’m adding that as an alias, e.g.,

default_source :supermarket, “URL”

If you want to get just one or a few cookbooks from your private supermarket, but the rest from the public supermarket, I think this is possible with the code as written now, but I don’t have any testing around it and I think the syntax would be weird. If you need this specific feature, let me know and I’ll look into it.

If this is possible any examples would be great.

-Phil

Philip Oliva
Senior Infrastructure Software Developer BlackBerry Ltd.
“Fail quick, fail often, recover quickly”
http://ca.linkedin.com/pub/philip-oliva/67/74/10

One final note, policyfiles are getting mature quite quickly now, but you might need to stick with the latest versions of Chef, Chef Server, and ChefDK for the next few months for everything to work well. For example, the upcoming ChefDK 0.7 has a command to show all your policy revisions and policy groups, but it requires Chef Server 12.1. We have some things planned (in particular, adding policyfile stuff to the node object) that you will only be able to use if you upgrade Chef Client and Chef Server together. That said, if you are happy with the way it works now, you should be able to upgrade the different components individually without problem.

--
Daniel DeLeo