Customizing Chef by Jon Cowie

The term configuration management has been in common usage since the 1950s, when the US Air Force developed an approach to managing the extremely complex manufacturing processes involved in producing military equipment. The USAF needed a way to make sure that its equipment performed as required, while also functioning as expected and complying with the relevant military equipment standards. The term was codified as an actual standard in the early 1960s, and the ideas underpinning CM have since been adopted by a number of other industries, such as civil and industrial engineering and, of course, computing.

What we think of as configuration management in the IT sense has been around in one form or another for as long as people have been running more than one computer, although it was not always recognized as such. Looking back through the mists of time to the era of mainframes and minicomputers, we find system administrators tending single, monolithic systems, every tunable setting and parameter committed to memory or to multivolume technical manuals. Computers of any description were far outside the reach of most companies—only the largest corporations and university labs could afford the asking price. Soon, however, as computing hardware became more common, prices dropped to within the reach of more and more companies, and commoditized “cloud” computing became commonplace. The exploding usage of computers and the corresponding increase in the number of sysadmins that were needed to look after them began to make this model of a single repository of knowledge unsustainable.

The industry quickly recognized this problem, and started to document everything. Thus was born the era of internal configuration guides, document stores, and wikis full of all the information a new hire might need to get up to speed on the employer’s infrastructure and systems. This approach, however, also had its limits. As the usage of computers expanded across the globe and more and more companies started developing software systems, manually updated documentation became more and more of a chore to keep relevant and up-to-date. So, people started automating configuration tasks using whatever scripting languages they had on hand. These custom scripts worked perfectly well for a while. They made configuring systems and software much easier because people didn’t have to copy and paste from the manual any more.

Eventually, though, progress overtook the industry again. Individuals within the same infrastructure started using different architectures, software versions, and configuration settings. All of a sudden, people found themselves having to maintain an increasing number of very complex scripts to manage all the different permutations they required, cater to all the possible ways these scripted processes could fail, and so on. It was this very problem that led to the development of what we now recognize as CM in the operations sense.

In 1993, a postdoc at Oslo University in Norway named Mark Burgess decided that he’d had quite enough of managing all of these scripts, thank you very much. Mark wrote the very first version of the configuration engine, CFEngine, to provide an architecture- and OS-independent way of managing the Unix workstations he was responsible for at the time. This was the first of what we now recognize as configuration management systems.

In the years since CFEngine was first developed, a number of other CM systems were developed to satisfy various requirements that existing tools did not provide for. In 2005 Luke Kanies released Puppet, which was the predominant alternative to CFEngine until Chef came along in 2009. Since then, a number of other CM systems (such as Ansible and SaltStack) have been released, but at the time of this writing, CFEngine, Puppet, and Chef are the dominant players in the space.

Why, then, did Chef get written when there were already two well-established and relatively mature CM systems to choose from?

The foundation of Chef can be traced back to a consulting company named HJK Solutions (now better known as Chef, Inc.) that specialized in automating the configuration of infrastructure for startup companies. Through this work, HJK Solutions came to realize that the utopia of fully automated infrastructures was becoming a real possibility, even for companies without a staff of highly experienced operations engineers. But things weren’t quite at that stage yet—HJK observed a number of problems with what could be achieved with existing CM systems that needed to be solved first. Here were a few of the main concerns:

The folks at HJK didn’t think that any other open source CM systems met the requirements they saw as necessary to achieve fully automated infrastructure, so they created Chef. But did they succeed? What makes Chef different from the other CM systems out there, and why might you want to use it? Because you’re reading this book, you likely already have an idea of the reasons Chef was chosen by your organization and the key differentiators between Chef and its contemporaries, but I’d like to highlight a few of them anyway:

Chef gives you nearly limitless flexibility to automate your infrastructure as you see fit. It has never been positioned as a panacea to cure all your ills, or magically automate all of the legacy cruft out of that eight-year-old server in the corner. What Chef is, however, is a framework designed to give you all of the tools you need to automate your infrastructure however you want.

Ultimately, as technology professionals, our primary function is to add value to our businesses, regardless of how much time we spend writing code or configuring servers. This is just as true for operations engineers and developers as it is for frontline sales and marketing staff. Developers might not be on the front lines shifting product or selling to customers, but we code and configure the infrastructure and platforms that allow our businesses to function in the Internet age. Every business is different, and only that business can make the decisions about what will add value and what won’t. As a technical expert in your company, you know better than me, or Chef, Inc., or anyone else for that matter about what adds value to your particular company.

This is worth remembering, as it is the principal reason that Chef, Inc. will not typically advocate particular workflows or tooling combinations as the “canonical” Chef way of doing things, and also the reason that I will not do so in this book. The instant a methodology or technique is declared canonical, anything else is considered to be wrong—even if it might be what makes the most sense for your particular use case. Chef is categorically not a system that requires you to do anything in a particular way; rather, it provides you with everything you need to make those decisions for yourself and for the good of your business. As with all systems, however, there are some best practices—we’ll look at some of those throughout the course of this book.

Simply put, Chef gives you the tools and flexibility to craft infrastructure code that is right for you, your team, and your business. It won’t get in the way and it won’t try and force you down a particular path. My aim for this book is to help you gain a deeper understanding of how you can make use of this flexibility and extensibility so you can take what you learn and add even more value to your business. To this end, I want you to question everything you read in this book and ask yourself if it’s right for you.

I can certainly guarantee that the content of this book will be technically accurate and as comprehensive as I can possibly make it, but just as Chef cannot automate your business needs automatically, I cannot tell you what is best for your company or what will solve your specific infrastructure automation problems. What I can do is give you the knowledge and techniques to make you better able to solve those problems for yourself.

In my day job, I work in operations for Etsy, an online marketplace where people around the world connect to buy and sell unique goods. Etsy is fairly well known for its engineering culture, which is rooted in the DevOps movement. We are not particularly driven by procedures or rigid workflows. I usually don’t have to deal with committees to get things done, and am given a high degree of autonomy to perform my job. I think it’s important to frame the employment background I come from because yours may be very different.

You may work for a small startup where you are the only operations engineer and have very little time for anything but the most crucial work. You may work for a large multinational corporation with a many-layered change control process and ITIL compliance to worry about. You may work for a company that stores credit card data and has to maintain PCI-DSS compliance, with all the procedural and auditing headaches that entails. Every single one of you reading this book comes from a different employment background, and you’re all using Chef to solve different problems.

So I propose a pact. I promise to do my best to write an interesting, relevant book that is full of helpful information, useful code snippets, and practical advice for how to approach customizing Chef. And in turn, after I’ve armed you with all of the knowledge and techniques that I can, you promise to carefully look at the problems you’re trying to solve and think critically about the best way to do that. What I’m asking you to consider when looking at customizing your Chef setup is not whether you can do something, but whether you should. And I have a couple of suggestions to help you do that…

To help with the process of critically examining the material covered in this book from the perspective of a business trying to solve real problems, I’d like to introduce AwesomeInc, a fictional company whose operations team and developers will be working through a project to customize various aspects of their Chef infrastructure.

AwesomeInc is a midsize company of around 200 staff based in California that produces and sells custom car parts. It was founded in 2005 by two siblings, Chad and Kate Awesome, who started a small business customizing their friends’ cars in their parents’ driveway. The business grew rapidly as word spread, and AwesomeInc now ships its own line of custom car parts all across the US and Canada. Business has been so good recently that the executive team decided that this is the year to go international!

AwesomeInc has 3 dedicated operations engineers and 15 full-time development staff, all led by Mike, the straight-shooting, hard-negotiating but secretly lovable Director of Engineering. They’ve already rolled out Chef across their suite of 150 servers, a mix of both physical hardware and virtualized servers in the cloud. They’re using the open source version of Chef server, hosted internally.

Their ops staff and developers are well versed in writing basic cookbooks, and have been through Chef, Inc.’s “Chef fundamentals” training. But now the word has come down from on high that with the push to go international, AwesomeInc’s infrastructure will be moving from a single system to separate geographically diverse systems, linking back to a central stock database in the US.

Spotting a chance to get ahead of the game, Mike instructs his team to do an audit of their servers and make sure that all of their cookbooks are up-to-date prior to commencing the work to support multiple locations. When the team completes its audit, however, it turns out that things aren’t quite as rosy as they’d hoped.

Although the majority of AwesomeInc’s cookbooks are working perfectly and are up-to-date, there are a few cookbooks that have been modified and not tested properly, and that have been causing Chef runs to fail silently on a number of AwesomeInc’s servers. Additionally, AwesomeInc developers are developing a customized stock management tool to distribute to each new location and are struggling with duplicated recipe code to handle the different permutations supported by the tool.

Mike decides to get a grip on the situation and calls a team meeting to ticket up the cleanup work that’s needed to bring the cookbooks back up to snuff, and look at ways to avoid the issues they’ve been seeing. During the meeting, a number of his operations team members express concern about how they’ll cope with the increased headcount that will follow AwesomeInc’s international expansion. It turns out that operations staff and developers are already beginning to find themselves treading on each other’s toes when they make Chef changes, and it’s becoming increasingly hard to keep track of what has been changed by whom. The team is worried that with the increased frequency of changes that will likely follow the hiring of more engineering staff, it will become harder and harder to maintain stable systems.

They mull over these issues for a few days, and quickly come to the consensus that things need to change. But then Mike asks the million-dollar question: how do we fix this? The team rapidly realize that out of the box, Chef won’t fix these problems for them. Their only option is to customize Chef to give them more visibility into how it’s running on their servers, who is making changes and when, and what those changes are doing.

As we work through the material in this book, we’ll follow the team at AwesomeInc as they learn about the possibilities for customizing Chef, and what they can do to solve the specific problems they’ve encountered in the past. We’ll focus on what solutions they can make use of as well as why each might be a good or bad idea. In addition, we’ll look at what members of the Chef community have done to solve the same problems in the real world—these techniques are no use, after all, if they don’t transfer to real life.

You could be forgiven for thinking that having written a book called Customizing Chef, my advice to you would always be to customize Chef. It isn’t. I’d much rather you carefully consider each customization you’re thinking about making, possibly deciding that maybe it’s not the best idea, than make a whole bunch of customizations that don’t really help you.

One of the recurring problems that our industry as a whole suffers from is a terminal case of the “new shinies.” We’re all of us somewhat prone to taking a new methodology or tool and trying to make it do everything, regardless of whether or not it is actually well-suited to those things.

With a system as flexible and customizable as Chef, you’re more limited by your imagination than by anything technical, and that carries with it the risk of new-shiny overtaking a rational decision-making process. So how do you make sure that when you customize Chef, you’re doing it for well-thought-out reasons that will ultimately add value to your business? We’ve met AwesomeInc and begun to explore the challenges they’re dealing with, but what happens when your specific challenges don’t mesh nicely with my carefully selected examples?

Let’s look at some more general criteria you can use to vet proposed customizations. When you’re thinking about developing or implementing customizations to your Chef setup, I want you to come back to this list and mentally check off how many criteria are satisfied. If the answer is none, it’s probably time to take a really careful look at why you’re considering the customization—you might be doing it because you can, rather than because you should. If you’re like me and enjoy symmetry and easy-to-remember acronyms, remember SMVMS:

Let’s look in a little more detail at some questions the folks at AwesomeInc asked themselves when looking at how to solve the problems they identified and how they map to the “Criteria for Customization” just discussed—all are excellent candidates for a sound decision to customize, but for different reasons.

Now that we’ve examined the example scenarios we’ll be working through in this book and looked at some general criteria to weigh your customization ideas against, let’s get those creative juices flowing and have a brief look at some of the customizations the Chef community have already produced and the problems they were trying to solve. This is by no means an exhaustive list, and my inclusion (or exclusion) of a tool by no means implies that I’m passing judgment on it or recommending it—my aim is simply to take you on a whistle-stop tour of some of the Chef customizations to be found in the wild today to get you thinking about what is possible. The discussion may also help you identify particular chapters of this book to read first.

Handlers

Handlers in Chef are extensions that can be triggered in response to specific situations to carry out a variety of tasks. Handlers are typically integrated with the chef-client run process and are called depending on whether or not errors occurred during the Chef run, as shown in Figure 1-1.

Figure 1-1. Chef handler flow

There are two main types of handler:

Report handlers

As shown in Figure 1-1, report handlers are used to carry out actions when the chef-client run has succeeded without error.

Exception handlers

As shown in Figure 1-1, exception handlers are used to carry out actions when an error has occurred during the chef-client run that cannot be recovered from.

Handlers allow you to capture all sorts of data about how Chef runs are behaving. We will look at these further in Chapter 5, but in the meantime let’s look at some of the ways that the members of the Chef community have made use of this information:

chef-graphite_handler

chef-graphite_handler is a report handler (provided as a cookbook) for sending Chef run results to the open source Graphite graphing system.

chef-handler-splunkstorm

chef-handler-splunkstorm is a combination report and exception handler that reports Chef run statuses to Splunk. It will also log full stack traces in the event of a run failure.

chef-irc-snitch

chef-irc-snitch is an exception handler that sends notifications of Chef run failures to an IRC channel, complete with a GitHub gist containing node information, the exception message itself, and the backtrace to assist in debugging.

Before we move on to the technical portion of the book, it’s worth noting that not all of the material covered will work on all types of Chef setup. Throughout the book, when I list examples of techniques I’ll note whether or not there are any compatibility issues with different types of Chef install; here, I list each type of install along with details on how they differ and which features are not supported.

The last thing I’d like to cover in this chapter is a quick note on the prerequisite tooling and knowledge I’m assuming in my readers. This book is aimed at people who are already comfortable using Chef and want to level up their skills; it assumes that if you’re not using hosted Enterprise Chef, you already have a Chef server installed and configured, or are using chef-solo.

Although advanced Chef knowledge is not a prerequisite for this material, you should ideally have read or be familiar with the concepts covered in Mischa Taylor and Seth Vargo’s book Learning Chef, and be familiar with most of the topics mentioned in this section.

As Chef is supported on a number of different platforms, throughout this book I’ve had to make several assumptions about the environment in which you’re running Chef in order to keep the examples as readable and simple as possible. I assume that:

If any of these assumptions do not apply to you (for example, if you’re running Windows or installed Chef from RubyGems), you may find that some of the directory paths and commands used throughout the book require a little tweaking to work in your environment. I’ve done my best to indicate when this is likely to be the case.