Chef seemed like a big hack when I first started with it. Chef “cookbooks” have “recipes” and there’s something called “kitchens” and “data bags” and servers are called “nodes.” Recipes seem like the important things - they define what setup will happen on your servers.
Recipes are ruby scripts written at the Kernel
level, not reasonably contained in classes or modules like one would expect. You can include other recipes that define “lightweight resource providers” - neatly acronymed to the unpronouncable LWRP. These define helper methods also at the top level, and make them available to your recipe. What’s to keep one recipe’s methods from clobbering another’s? Nothing, as far as I can tell.
Recipes run with “attributes,” which can be specified in a number of different ways:
- on the node itself: scoped for a specific box
- inside a “role:” for every server of an arbitrary type
- inside an “environment:” for overriding attributes on dev/stg/prd
- from the recipe’s defaults
Last time I used Chef, attributes had to be defined in a JSON file - an unusual choice for Ruby, which usually goes with YAML. Now apparently there’s a Ruby DSL, which uses Hashies, which also appear to run at the Kernel
level. I couldn’t get it to work in my setup. Chef munges these different levels together with something like inheritence - defaults get overridden in a seemingly sensible order. Unless you told them to override each other somewhere. Then whatever happens, happens.
“Data bags” are an arbitrary set of JSON objects. Or is the Ruby DSL supposed to work there, too? I dunno. Anyway, they store arbitrary data you can access from anywhere in any recipe, and who doesn’t love global state? They seem necessary for things like usernames and keys, so I can forgive some globalization.
This seems like a good enough structure / convention, until you start relying on external recipes. Chef has apparently adopted Berkshelf, a kind of Bundler for chef. You can browse available cookbooks at “the supermarket:” are you tired of the metaphors yet?
The problem here is that recipe names are not unique or consistent! I was using an rbenv recipe. But then I cloned my Chef repo on a new machine, ran berks install
, and ended up with a totally different cookbook! I mean, what the hell guys? You can’t just pull the rug out like that. It’s rude.
Sure, I could vendor said recipes and store them with my repo. Like an animal. But we don’t do that with Bundler, because it seems like the absolute bloody least a package manager can do. Even Bower can handle that much, and basically all it does is clone repos from Github.
These cookbooks often operate in totally different ways. Many cookbooks include a recipe you can run with all the setup included; i’s dotted and t’s crossed. They install something like Postgres 9.3 from a package manager or source with a configuration specified in the munged-together attributes for your box. Others rely on stuff in data bags, and you have to specify a node name in the data bag attributes or something awful. Some cookbooks barely have any recipes and you have to write your own recipe using their LWRPs, even if attributes would be totally sensible.
Coming back to Chef a few months after doing my last server setup, it seems like they are trying to make progress: using a consistent Ruby DSL rather than JSON, making a package manager official, etc. But in the process it’s become even more of a nightmarish hack. The best practices keep shifting, and the cookbook maintainers aren’t keeping up. You can’t use any tutorials or guides more than a few months old - they’ll recommend outdated practices that will leave you more confused about the “right” way to do things. Examples include installing Berkshelf as a gem when it now requires the ChefDK, using Librarian-Chef despite adoption of Berkshelf, storing everything in data bags instead of attributes, etc, etc, etc.
Honestly, I’m just not feeling Chef any more. Alternatives like Ansible, Puppet, and even Fucking Shell Scripts are not exactly inspiring. Docker is not for system configuration, even though it kinda looks like it is. It’s for isolating an app environment, and configuring a sub-system for that. Maybe otto is the way to go? But damn, their config syntax is weirder than anything else I’ve seen so far.
I’m feeling pretty lost, overall.