Chef, the company behind the Chef configuration management tool, has always been hesitant to create or advocate “standard” ways of doing things. This has often frustrated Chef’s users-especially new users-who just want to know which of the many different ways to do something in Chef is “right” for their organization.
One response to this challenge has been a proliferation of open source tools and approaches designed to help Chef users down a particular path. Probably the most well known of these approaches is The Berkshelf Way and the Berkshelf 3.0 cookbook dependency manager, which is now included as part of the Chef Development Kit (Chef-DK).
With ChefDK 0.3.0, Chef has responded to this issue with a new “preview release” of a game-changing feature: Policyfiles. According the the folks at Chef, “This is a significant milestone on our journey to improve the way you develop and distribute Chef code to manage your infrastructure.”
Chef is also quick to point out that Policyfiles aren’t yet fully implemented and are still experimental. They strongly discourage teams new to Chef to start using Policyfiles in production. At the same time, they are actively soliciting feedback from experienced users.
One of the biggest headache Policyfiles will address is the difficulty with versioning stuff in Chef. A key DevOps tenet is keeping all of your code under configuration management. So you want to be able to go into GitHub at any point in time to get a view on what your infrastructure code looks like, and/or track and reverse a change.
With Policyfiles, you’ll be able to more easily version things that aren’t inherently “versionable.” As such, Policyfiles replace the environment cookbook pattern in Berkshelf, and possibly some other Berkshelf use cases as well.
According to the Chef documentation: A policy file allows you to specify in a single document the cookbook revisions and recipes that should be applied by the chef-client. … A policy file may be versioned, and then promoted through deployment stages to safely and reliably deploy new configuration.
Whereas Chef’s current tooling (specifically knife) is geared towards letting you manipulate specific objects and uploading them to the Chef Server, the Policyfile feature helps focus the workflow on creating and configuring entire systems. The Policyfile feature can also produce a printout that makes it easier to see which cookbooks chef-client will run, and what the impact of updating a role or uploading a new cookbook will be.
If you’re comfortable with Chef, now is the time to check out Policyfiles and how they can help you streamline your configuration management workflows. This is the way of the future with Chef and sooner or later most Chef users will need to move in this direction.
To brainstorm about the potential and pitfalls of Policyfiles, contact Bitlancer.