A training lab on how to use Chef Policyfiles
Policies are built by defining a Policyfile, which looks similar to a Chef Role combined with a Berksfile.
When a Policy is ready for upload, a workstation command included with the ChefDK compiles the Policyfile into a Policyfile.lock.json file. This locked Policy, along with all of the cookbooks it references, are treated as a single unit by the Chef tooling. The bundle of Policyfile.lock.json and cookbooks are uploaded to the server simultaneously.
Policyfiles have a number of clear benefits:
- They ensure the cookbooks running in production are the same versions that were tested against; providing safer development workflows
- They solve the Roles and Environments versioning issues
- They streamline the Roles and Environments patterns and dependency management into a single workflow
- This reduction of discreet concepts reduces the learning curve for getting started with Chef
Policyfiles provide cookbook dependency management and replaces Roles and Environments. This allows you to get exact, repeatable results!
Policies make your chef-client runs completely repeatable, because cookbooks referenced in a Policy are identified by a unique hash based on their contents. This means that once the lock file + cookbook bundle has been generated, the code underlying it will never change.
Policyfiles ensure all dependent cookbooks are pinned, all attributes are saved and it is all versioned, testable, and ready for your pipeline.
If you are familuar with Chef Server Roles, run lists and Environments, then:
policy_name= role/runlistpolicy_group= environment
The best way to use policyfiles is within a pipeline. Here is a Jenkins example to give you some ideas, but you can see much more detail in this repo - https://github.com/anthonygrees/chef_pipelines
This training lab is a hands on set of code examples to show you how policyfiles work. It covers how to create and modify, plus using policy_groups and exporting them as tarballs.
Let's write some code.
- Module 1 - Create a Policyfile
- Module 2 - Modify a Policyfile
- Module 3 - How Policyfiles can inherit other policyfiles
- Module 4 - Apply Policy Groups to a Node
- Module 5 - Using attributes with Policy Group
- Module 6 - Exporting Policyfiles and using Archives
- Module 7 - How are Policyfiles shown in Chef Automate 2
- Module 8 - Tips and Tricks
- Blog Post - Policyfiles a Chef Best Practice
- Learn Chef Rally Part 1 - Getting started with Policyfiles
- Learn Chef Rally Part 2 - Managing Nodes with Policyfiles
- Video Demo
- Author:: Anthony Rees [email protected]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.