Hi James, Peter, Zuhaib,
thanks for sharing your experience and sorry for the delayed response.
One thing I noticed is that we also have our chef repo managed in a git
repository, which makes it natural the version the whole chef repo instead
of individual cookbooks (which is what James is doing). However, cookbooks
have a version in their metadata.rb, which brings up the urge in me to
version them separately, ideally in their own git repo. Someone in #chef
irc pointed me to librarian , which solves this issue by .gitignoring
the cookbooks/ dir and pulling them in from another location, e.g. a
separate git repo.
I have also discussed with some other people, and my current gut feeling
tends to an approach like this:
treat X.Y.Z versions with an odd Z as SNAPSHOT versions that might be
overridden in the Chef server without notice
development and testing of SNAPSHOTs is done in a branch. Once it is
ready to release it gets an even Z, is merged back to master, uploaded to
the chef Server and frozen
allow SNAPSHOTs only in lower environments, e.g. in dev env and for the
CI build they may be common, but in prod env you never have odd Z versions
use librarian  so that cookbooks can be versioned independently in
their own git repos and can be pulled together as needed (e.g. branches for
CI build, tags for prod env)
consider having developer private chef servers running in a local VM
while developing / testing a SNAPSHOT (if interference becomes an issue)
some tooling would be required to automate the release process outlined
above (a la maven-release-plugin), and to check that cookbooks to be
released don’t have dependencies to SNAPSHOT cookbooks, etc…
One thing that is different in maven is that you have SNAPSHOTs as an
explicit concept in the version number. Having this, you can easily tell
whether that thing is released or in development just by looking at the git
repo. In chef you have this concept only in the chef server (frozen vs not
frozen), but you can’t tell from looking at the source. That’s why you then
need to come up with conventions like odd Z ,versions etc…
Would introducing explicit SNAPSHOTs to Chef be an option? Or is this just
a special requirement which most people don’t have in reality?
What do you think?
Your idea sounds similar to what we at Oxygen Cloud use, which is changes
made to Chef cookbooks and checked in to git and at the same time uploaded
to our chef server (we have a small bash script that helps you do both at
the same time, saves a lot of time). At which time using Jenkins we would
kick off an integration server to make sure it runs correctly and deploys
our code correctly. If that passes I manually bump the version and we call
it stable till I make some changes/hack. And then we have a script that
kills all old servers and clear their Node/Client.
The thing I would like to do is is stop deploying servers for quicker Chef
testing use Shef but from my short time testing the thing it seems only
good for unit testing blocks of code but it wont help you do a full test of
a cookbook or recipe. If someone has some tips or guides on doing that I
am very much open to it. Also it seems Shef is not sandbox which mean
changes it makes will apply to your system which is bad as you would need
to run it in a VM which from my point of view more of a PITA then spinning
up new servers and killing them.
On Jan 5, 2012, at 1:32 PM, Peter Norton wrote:
I’m interested in using chef+gerrit+jenkins to test new cookbooks in
our environment. I’m thinking of a workflow like this:
git checkin of a cookbook.
The cookbook will have an associated unit test suite that jenkins will
run by deploying to a VM (probably an amazon EC2 t1.micro unless a
particular architecture is needed). The cookbook will be run and if
it checks out, the version will be recorded as a candidate to become
elevated to the next environment. I’m thinking of:
sandbox (least reliable)
dev (someone’s at least looking at it, may get incorporated in
staging (will be used for pre-producting integration testing)
production (the real thing)
My only question is how to inject version numbers into the metadata in
a sane manner. I can create/manipulate metadata.rb, but I can’t see
an easy and clean way to put basic assurances with the X.Y.Z
The closest I’ve gotten is something like this:
checkin foo with metadata.rb’s version == 0.1.1. All X.Y.Z releases
where (X%2 == false) are submitted by the dev/user, so can never be
part of dev, staging, or production.
When it’s committed and pushed to the git/gerrit server a jenkins job
is kicked off which uploads the new cookbook and launches a server
with this cookbook version explicitly in the run list to verify that
the job passes. If it passes, then the jenkins server increments the
metadata so that version = 0.2.1 (matching Z values) and commits that
to a branch that doesn’t require review. That branch then gets
uploaded to the chef server again, but now with the new version
When moving from unit test to integration tests (e.g. with
cluster_chef/metachef, doing an entire environment or facet build)
then the Y value will get incremented to 3, 4, or 5 as testing have
created for veewee…
The thing I’m trying to solve is being able to use the same chef
account for the life of the cookbook so that version X.Y.Z will always
be the same if called in any environment. The issue I’m having is
that fencing off particular minor (Y) revision numbers seems to invite
mis-understandings and casual mistakes.
Has anyone else dealt with this issue, or does anyone have a more
enlightened way of looking at the problem?
On Thu, Jan 5, 2012 at 2:15 PM, James Litton firstname.lastname@example.org
The git repo clone on the host is not necessary. It could certainly be
done from a dev box or build server. Doing that from a build server
would make a lot of sense, actually. The reason has just been a matter
of convenience. We don’t have to run multi-knife or a similar system
because dev boxes always push to dev, test to test and so on. This
also prevents an accidental push to prod in the case that someone
forgets to branch after push, etc.
versioning of cookbooks has been entirely haphazard(at best) with no
ill effects so far, but this approach has only been in place a month
or so. none of our cookbook depends specify version numbers. The
biggest problem with this approach has been that it makes it more
difficult to commit back to public cookbooks.
No, that situation has not come up. If it were to come up, we would
roll back to that point in the git repository not just the cookbook.
On Thu, Jan 5, 2012 at 1:12 AM, Torben Knerr email@example.com wrote:
thanks for sharing! Interesting to see the different approaches you
Few questions about your approach:
- as you describe you have a git repo clone of your chef repository
of your chef servers, then check out locally on the chef server and
knife upload to localhost if i understood correctly. Why do you need a
repo clone of your chef repository on the chef server? Wouldn’t it be
to knife upload from an external box (e.g. developer’s box, build
either of your chef servers?
- as far as i understand your cookbook dependencies are versionless
delevopment/upload/test/fix cycles and you always release the whole
repo instead of single cookbooks. As soon as you do a release, does the
script you mention update the Version number of all your cookbooks?
at this point in time also add this version number to the cookbook
statements (and remove it afterwards for the next dev/upload/test/fix
- do you ever have the situation that you need to set up a node with
older cookbook version (e.g. for regression testing)?
On Thu, Jan 5, 2012 at 4:24 AM, James Litton firstname.lastname@example.org
Thank you for bringing this up. I have also been puzzling about this
Right now the process that I am using involves 3 chef servers.
- Branch git
- Test/Deploy on Chef Solo (dedicated dev box with separate role in
prod chef server)
- Checkout branch on test chef server
- Push entire configuration (via shell script that I wrote)
- Force a chef-client run on a hosts in test by environment (Load
Test, staging, preview)
- Complete testing
- Review the changes in the branch as well as the test cases
Prod (hosts developer environment and production hosts):
- Merge branch to master
- git pull on prod
- Push config via script
- Force chef-client run here only if required due to external
The only issue really is the Test Chef server sharing, but testing can
generally be done quickly by maintaining smaller updates.
cookbook versions number changes aren’t as important due to re-upload
of the cookbook with each push and splitting environments across chef
The release process is not currently automated other than the script
that updates all roles, environments, data bags and cookbooks with
Generally the entire chef repository is treated as a version/release
in order to avoid version dependencies within each cycle.
I’d also love to hear what other people are doing.
On Wed, Jan 4, 2012 at 11:58 AM, Torben Knerr email@example.com wrote:
Happy New Year!
This is my first post to this mailing list. I’m trying to implement a
workflow for developing cookbooks within a small team. Coming from a
slightly different background (Java, Maven and the like) I’m looking
some experience on how to implement a typical develop/test/release
a Chef environment.
So, assuming you are developing cookbooks in a team, how would you go
adding a new feature to a cookbook:
(a) develop -> test (using Vagrant/Chef Solo) -> repeat
cycle until done -> upload to team’s chef server
(b) develop -> test (upload to a private chef server) -> repeat
develop/fix/test cycle until done -> upload to team’s chef server
© develop -> test (upload directly to team’s chef server) ->
develop/fix/test cycle until done
I’m especially interested in:
- at which point in time do you share your sources (git push)?
- are you working on feature branches, then merge + push when
- when do you increase the cookbook version? in the commit where
merge back to master?
- when do you create the tag? everytime you commit something on
- at which point in time do you upload the cookbook to the team’s
server (knife upload)?
- whenever you want to test something?
- strictly only after creating a tag (i.e. releases only)?
- do you always freeze uploaded cookbooks?
- do you allow to overwrite cookbooks at all?
- how do you handle releases?
- is every upload to the chef repository automatically a
release for you?
- do you have the release process (roughly: "run tests -> create
upload cookbook") automated?
- how do you handle cookbook dependencies when you release? do
for versionless cookbook depends?
Eager to hear your experiences. Any help is appreciated!