[chef] Re: Re: Re: Re: Re: Re: Role Versioning?

[Michael Glenney < >]

We don't use any community cookbooks so it hasn't been an issue for us yet. Maybe I should be careful about throwing that out there.  Though I'm surprised to hear there isn't a way to see all cookbooks that are applied to a node unless they're in the run list.  That would mean you can't see any if the dependency cookbooks unless they're explicitly listed as well.  Sounds like a gap or opscode trying to force a "best practice".

And to be clear, in our TLC's we use explicit dependencies ("java" "= 1.0.0").  To ensure we lock down the version. In the std cookbooks we use pessimistic versioning ("~> 1.0.0").  We may switch to optimistic in the future to further ease development as we open it to more teams. 

Michael Glenney

Sent from my iPhone

On Feb 14, 2013, at 3:20 PM, Torben Knerr < "> > wrote:

@Michael: what you describe is exactly what I'm doing now, but naming it "application cookbook" or "role cookbook" rather than "top level cookbook" (which is a quite precise name though). 

Fully agree that the top level cookbook (or whatever you call it) is the place for pessimistically locking dependency versions, and the other cookbooks being included (most of us would call them "library cookbooks" I guess) should use optimistic dependency versioning. Actually, what I see in most of the community cookbooks is no version constraint at all, which is fairly optimistic but ok imho (see also Ruby Libraries vs Ruby Applications, it's the same thing on the gem level and the cookbook level).

The only but very very big limitation of the "application cookbook" / "role cookbook" / "top level cookbook" pattern is that due to the `include_recipe`s the included recipes don't show up in the run_list anymore and thus you can't search for them (which breaks many of the community cookbooks, e.g. apt).

That's why the discussion in IRC came up I guess, and where @threescoops posted the above mentioned link which proposes versioning of roles. If roles could be versioned already from the beginning, the idea of "application cookbook" / "role cookbook" / "top level cookbook" probably never came up as we could just use roles instead.

But if role versioning would be added in the next Chef version, I would argue that:

* roles are the place to lock down cookbook dependency versions

* environments are the place to lock down role versions

This would allow pessimistic versioning on a role level and keep the environments free from cookbook version clutter. 

I think that the environment is ok for locking "top level cookbook versions" (or role versions if that would be possible someday), but it's the *totally* the wrong place for locking "library cookbook" versions (why? because you might have two different nodes in the same environment requiring different versions of the postgresql cookbook for example). 

 

On Thu, Feb 14, 2013 at 8:48 PM, Lamont Granquist < " target="_blank"> > wrote:

Chef 11.x has ordered evaluation of attributes files which does make this easier, otherwise you need to be careful about using include_attribute correctly

( http://www.opscode.com/blog/2013/02/05/chef-11-in-depth-attributes-changes/ )

On 2/14/13 10:28 AM, Michael Glenney wrote:

"Can we do that in chef 10.x or is it only possible in chef 11.x."


if you're asking me then yes, we do it with 10.x currently

On Thu, Feb 14, 2013 at 9:54 AM, Senthilvel Rangaswamy < " target="_blank"> > wrote:

Can we do that in chef 10.x or is it only possible in chef 11.x.

On Thu, Feb 14, 2013 at 5:40 AM, Michael Glenney < " target="_blank"> > wrote:

We accomplish this with what we call "top level" cookbooks (TLC) (I know, lame name).  I was against them at first but it's working out.  We lock down cookbook dependencies with "depends" in metadata.rb.  The cookbooks themselves use the "pessimistic" approach to versioning so it's not so restrictive when developing.

So our tlc_tomcat cookbook would have the following in metadata.rb:

name "tlc_tomcat"
version "1.1.0"
depends "base", "= 1.0.6"
depends "os_patch, "= 1.1.2"
depends "auditing", "= 0.3.3"
depends "security", "= 0.1.1"
depends "backups", "= 0.2.5"
depends "splunkagent", "= 0.4.5"
depends "java", "= 1.0.4"
depends "newrelic", "= 1.0.5"
depends "tomcat", "= 1.0.3"

and then the default recipe of the TLC installs them in the order we want with "include_recipe" statements.  This way, " target="_blank"> will always install the exact same versions of cookbooks.  I mentioned the pessimistic versioning above because we made the mistake of being rigid with versioning within the lower level cookbooks as well and it made development a PITA.  As an example, here's the metadata.rb of the " target="_blank"> cookbook in the TLC above:

name "tomcat"
version "1.0.3"
depends  "java", "~> 1.0.3"
depends  "os_patch", "~> 1.1.2"
depends  "newrelic", "~> 1.0.2"

We haven't used roles since we started with this approach and we haven't missed them.

MG

On Thu, Feb 14, 2013 at 5:09 AM, Torben Knerr < " target="_blank"> > wrote:

Hey guys,

there was a recent discussion about "role cookbooks" in IRC where @threescoops posted a link to the wiki where versioning for roles is mentioned as a proposal:

http://wiki.opscode.com/display/chef/Infrastructure+Proposal#InfrastructureProposal-Roles

Just wanted to throw in my 5 cents and continue discussion here:

[12:56] <tknerr> zts, threescoops: i would be happy as well if:

[12:56] <tknerr> zts, threescoops: roles could be versioned

[12:56] <tknerr> zts, threescoops: and i could define cookbook version constraints in the roles (want to lock down transitive cookbook dependencies as well)

[12:56] <tknerr> zts, threescoops: and in the environments i would specify the role versions rather than cookbook versions

Does that make any sense, or am I on the wrong path here?

Cheers, Torben

--
..Senthil

"If there's anything more important than my ego around, I want it
 caught and shot now."
                                                    - Douglas Adams.