Automation with Chef

Tasty Recipes

Outlook

Like any software ecosystem, Chef's ecosystem is continually evolving. In recent years, the codebase has been freed from ballast and extended with useful functions from community projects, including, in addition to dozens of handy helper features like vmware? or windows_server_2019?, greatly improved support for Windows and ARM architectures (IoT devices, Apple M1, etc.).

Additionally, new functions were added, some of which are still in the beta phase. An example of this is the option to write recipes in YAML. At the moment, however, attributes and more complex logic are reserved for Chef DSL. YAML is by no means intended to replace the DSL, but merely to make it easier to get started or swap over (Listing 4).

Listing 4

Chef DSL vs. YAML

# Chef DSL
package 'apache2' do
  action :install
  version '2.4.43'
end
# YAML
resources:
- type: package
  name: apache2
  version: 2.4.43

One exciting topic that the developers have been working on for quite some time is Chef Infra target mode, which allows Chef Infra to run without a client installation. Because the transport layer is modular, it can be used to address remote nodes not only over SSH and with WinRM, but also with AWS Systems Manager, VMware Tools, or even USB. This feature, together with the general extensibility of Chef Infra and the already implemented remote inventory through Ohai, provides the ability to write platform support packs to configure network devices or even REST APIs (e.g., Redfish server management modules). However, official resources are not planned yet; it is an option for advanced users and Chef partners.

Chef adheres to the open source principle; any user can contribute suggestions for bug fixes or new features on GitHub. The developers then discuss these submissions publicly in weekly triage meetings. Also on a weekly basis, they report on progress, releases, and new features in Chef Community Slack.

Even though open source is now the driving force behind Chef products, the solution doesn't come free. To coincide with the change in strategy, Chef changed its licensing model effective April 2019. For nonprofit organizations, private persons, educational purposes, and experiments, the solution has remained free of charge [4]. Commercial use is subject to a commercial license, which then includes support. The current minimum setup for a commercial license supports 100 nodes, although Chef-authorized managed service providers can also offer smaller quotas, including cloud hosting.

For all other purposes, users will have to be patient: The community is currently working on its own distribution called Cinc ("Cinc is not Chef" [5]), which will be available later without vendor support, but free of charge to all. However, the packages have not yet been released for production.

Some features (compliance benchmarks, CIS-certified cookbooks for hardening, desktop endpoint management, and Chef Automate's ServiceNow Connector) are reserved for the commercial version [6].

Conclusions

Chef's client-server architecture enables decentralized execution of tasks. The use of HTTPS as a protocol makes firewall configuration simple and very secure thanks to client certificates. The combination of configuration management, monitoring of deployments with Chef Automate, and integrated compliance checks provides an excellent overview.

Getting started with Chef is easy thanks to thousands of cookbooks and numerous examples on the Internet, and the documentation is always up to date and includes code snippets. Chef DSL makes recipes easy to understand; Ruby knowledge is rarely needed. Nevertheless, the software scales from single systems to complex cloud environments. Especially when implementing projects, the close involvement of the community proves to be a big plus: New features and bug fixes are often integrated into official releases within a week.

One of the main criticisms of Chef is certainly the need for an agent on the target systems, which are often already populated with many other background processes. However, the numerous advantages easily make up for this shortcoming.

The Author

Thomas Heinen and Patrick Schaumburg work as consultants at the tecRacer Group (Hanover, Germany). They have been using Chef in customer projects since 2016 and are actively involved in the further development of the ecosystem.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=