Policyfiles dead?


#1

Hello all,

We still haven’t started using Policyfiles, but we’re about to start. However, when you look at the Policyfiles documentation it says:

Warning
Policyfile is not integrated with Chef Automate and is not supported as part of a Chef Automate workflow.

Does this mean Policyfiles will no longer be invested in? Are they going to be deprecated? I’d love to know before we decide to invest in them, thanks!

All the best,
Arthur Maltson


#2

The answer I’ve gotten from Chef is that it’s “Feature Complete” and is no longer being actively developed by Chef. We’re also looking into using them, but I am helping work on updating Policyfiles to support a chef server source via https://github.com/chef/chef-dk/pull/947 with some help from Chef so I hope to get that going in time for the summits this month. If not then I definitely have a hack-day project! :smiley:

Now once it’s there, getting it into Automate will be another story though Dan DeLeo says he’s spiked on the work to get it into Delivery (now Workflow) at the Chef Summit at ChefConf. I’d like to see that actually make it in since it’s a very viable option for us too.


#3

Thanks for the prompt response @martinisoft. We don’t actually use Automate at the moment, so I was more concerned about the future of Policyfiles. “Feature complete” scares me less that “deprecated”, so maybe we’ll start digging into it. Thanks!


#4

They’re not going anywhere in the near future. The way they would disappear I think is by the Chef RFC process to officially deprecate them.


#5

They are definitely not going anywhere, and I would hesitate to call them even “feature complete” but they are good enough to use for the vast majority of people. Getting them into Automate is a bigger process given how the Delivery workflow operates (it expects to have more fine grained control over moving cookbooks to a pipeline, as opposed to the whole-policy snapshot).


#6

I had a great conversation with Dan at this past year’s ChefConf - we really would love to use the Automate workflow, but we can’t because we are invested in Policyfiles. At one point we built a UI tool to manage the linear progression of new policy revisions through groups.

Aside from a few quirks they have worked extremely well for us over the past year. We have definitely some quality of life improvements that we will end up implementing ourselves.

@coderanger wrote up a great deck with example workflow that we have been using with success. For those of you familiar with the old style chef-repo it will be right up your wheelhouse.


#7

Also a word of warning - you should be using Chef Server 12.9.0 or higher due to https://github.com/chef/chef-server/pull/643. We have many teams using Policyfiles across several orgs and it took us about 9 months to scratch our head on that beauty.


#8

Thanks for the tips @jbellone. Looking more into Policyfiles it looks like it’s missing the one feature I was still waiting for, having Policyfiles depend on other Policyfiles.

Our use case was to have a Policyfile in the root of our source code that are deployed with Chef, then have a “server” Policyfile that depends on the Policyfile of n services. It also looks like there’s a one Policyfile to server mapping, so the other approach of having multiple Policyfiles per server won’t work either.

Anyway, we can use it for other use cases, but for our application deployments it doesn’t look like it’s doable. Thanks!


#9

@coderanger has been working on http://chef.github.io/chef-rfc/rfc075-multi-policy.html which sounds like it’d solve the second case. Dan and I have chatted about having some DSL to be able to include other Policyfiles when you compile a policy, and that might well happen after the community summits.
-Thom