Policyfiles: A Chef Best Practice

Avatar

By

I am excited to announce that Policyfiles are now covered in Learn Chef Rally.

Policyfiles have become mainstream and are a best practice for managing your estate with Chef. Policyfiles have a number of clear benefits:

  • They ensure the cookbooks running in production are the same versions that were tested against; providing safer development workflows
  • They solve the Roles versioning issue
  • They streamline the Roles and Environments patterns and dependency management into a single workflow
  • This reduction of discreet concepts reduces the learning curve for getting started with Chef

They combine the very best parts of Roles, Environments, and Berkshelf into a single workflow. The power of Policyfiles means you can be completely confident about the cookbook versions being used.

The `Policyfile.rb` file, which resembles a Chef Role combined with a Berksfile, gets compiled into a `Policyfile.lock.json` file containing unique references to the cookbooks in the run-list. It also specifies where these cookbooks reside. This may be on the Chef Server, but it could be direct from source or from another artifact repository.

The Chef client still queries the Chef Server, but when the lock is returned it knows to pull these specific cookbook versions contained therein. These cookbooks are identified by a unique hash based on their contents. If as much as a space is added to a file in the cookbook source, then the hash won’t match the `Policyfile.lock.json` and the `chef-client` run will fail!

Furthermore, Policyfiles negate the need for roles. One of the main issues with roles is the fact they are not versioned, so there is no way to track changes. The runlist is an integral part of Policyfiles and cannot be changed without recreating the associated lock file, hence regenerating the hash.

Policy groups provide a mechanism for promotion through the deployment lifecycle, from dev to QA to production.  

Want to get into the nitty-gritty and get some help getting started with Policyfiles? Here are links to the specific Learn Chef Rally content.

If you are new to Learn Chef Rally, I would encourage you to sign up for an account. Not only do you get rewarded with some cool badges, but all of your completion progress is tracked! Just click “Sign Up” from the Learn Chef Rally landing page.

Posted in:

John Fitzpatrick

John is a Training Program Manager at Chef. He also delivers training classes on Chef, and is an organiser of both 'DevOps Belfast' and 'Chef Users London' meetup groups.

Categories

INTERNET US

Company
Using Chef
Legal
Connect with us
Contact Us

Chef is part of the Progress product portfolio. Progress is the leading provider of application development and digital experience technologies.

Copyright © 2024 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.

Progress, Telerik, Ipswitch, Chef, Kemp, Flowmon, MarkLogic, Semaphore and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

Do Not Sell or Share My Personal Information

Powered by Progress Sitefinity