Some Questions


#1

Hi everrybody,

I’m currently digging into Chef and have some questions regarding the Idea to have
"Infrastructure as Code".

  1. As I understand Cookbooks should be maintained in VCS. But it is still possible
    to locally modify a cookbook on a developers machine and upload it
    to the chef server, thus applying changes not present in any version control. How do you handle this situation?
    I could think of two measurement to solve this: a) Change ‘knife cookbook upload’ to only accept cookbooks not changed against the git/svn.
    b) Do not ever upload changeds directly, but commit them and let a CI server apply them to a chef server (and maybe run some tests?). Is anybody doing like that? Am I getting things totaly wrong?

  2. How are changes to attributes tracked? As far as I understand there ist nothingh that keeps track of changes to attributes. So I can not my infrastructure as it was as at a certain time.

  3. I’ve played around with some recipes and often succeeded to upload recipe and/or attribute files to my chef server that were syntactically wrong, atlhough there seems to be some validation done during ‘knife cookbook upload’. Is there a way to get a stronger validation for my files before uploading them?

  4. Is there a way to download cookooks from a side including dependencies?

  5. Is there any standard way to run automated tests against your cookbooks?

Thanks and Best Regards,

Martin


#2

On Wed, Dec 1, 2010 at 11:51 AM, Martin Eigenbrodt
martineigenbrodt@googlemail.com wrote:

Hi everrybody,

I’m currently digging into Chef and have some questions regarding the Idea to have
"Infrastructure as Code".

  1. As I understand Cookbooks should be maintained in VCS. But it is still possible
    to locally modify a cookbook on a developers machine and upload it
    to the chef server, thus applying changes not present in any version control. How do you handle this situation?
    I could think of two measurement to solve this: a) Change ‘knife cookbook upload’ to only accept cookbooks not changed against the git/svn.
    b) Do not ever upload changeds directly, but commit them and let a CI server apply them to a chef server (and maybe run some tests?). Is anybody doing like that? Am I getting things totaly wrong?

Either are fine choices. A common tactic would be to use a
post-commit/post-push hook in Git.

  1. How are changes to attributes tracked? As far as I understand there ist nothingh that keeps track of changes to attributes. So I can not my infrastructure as it was as at a certain time.

You can back the data up easily. Something like this:

Stuck in a cron-job would allow you to back up the data (and perhaps
automatically check it in to source control.)

  1. I’ve played around with some recipes and often succeeded to upload recipe and/or attribute files to my chef server that were syntactically wrong, atlhough there seems to be some validation done during ‘knife cookbook upload’. Is there a way to get a stronger validation for my files before uploading them?

The syntax checks pre-upload are just that - pure syntax. Short of
running the code itself, there is no way to get a deeper validation.

  1. Is there a way to download cookooks from a side including dependencies?

knife cookbook site vendor with the ‘-d’ switch.

  1. Is there any standard way to run automated tests against your cookbooks?

Not at this time - there has been some thought around cookbook
testing, but nothing formalized.

Best,
Adam


Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E: adam@opscode.com


#3

Thanks for your reply,
more questions inline…

You can back the data up easily. Something like this:

https://gist.github.com/671369

Stuck in a cron-job would allow you to back up the data (and perhaps

automatically check it in to source control.)

Seems like a valid solution to have backups and be able to restore data.
I’ll try this (It’s a welcome opportunity to learn some ruby.) .
Nevertheless it is still a “after facts” approach and you can’t say who
changed the data.

  1. Is there a way to download cookooks from a side including
    dependencies?

knife cookbook site vendor with the ‘-d’ switch.

Hm. This seems to be git only. At the moment I’ve to go with svn. Are there
plans to add “-d” for knife cookbooks site download?

Best regards,

Martin


#4

On Wed, Dec 1, 2010 at 10:38 PM, Martin Eigenbrodt
martineigenbrodt@googlemail.com wrote:

Seems like a valid solution to have backups and be able to restore data.
I’ll try this (It’s a welcome opportunity to learn some ruby.) .
Nevertheless it is still a “after facts” approach and you can’t say who
changed the data.

Yep. Reporting and auditing for these kind of events is on the radar,
but it won’t be a priority till after we ship environments in Chef
0.10.

Hm. This seems to be git only. At the moment I’ve to go with svn. Are there
plans to add “-d” for knife cookbooks site download?

Yes.

Adam


Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E: adam@opscode.com