Part 1: Chef and its Component

What is Chef ?

Chef is a Ruby-based configuration management engine. It acts as a hub, ensuring that the right cookbooks are used, that the right policies are applied, that all of the node objects are up-to-date, and that all of the nodes that will be maintained are registered and known to the Chef Server. The Chef Server distributes configuration details (such as recipes, templates, and file distributions) to every node within the organization. Chef then does as much of the configuration work as possible on the nodes themselves (and not on the Chef Server). This scalable approach distributes the configuration effort throughout the organization.

What is a Chef Server ?

The server acts as a hub for configuration data. The server stores cookbooks, the policies that are applied to nodes, and metadata that describes each registered node that is being managed by the chef-client. Nodes use the chef-client to ask the server for configuration details, such as recipes, templates, and file distribution. The Chef Server comes in three forms:-

ChefSolo – Generally used for testing purpose with very limited features and there is no concept of central Chef server. It in itself is an executable that executes chef-client that does not require the Chef server in order to converge cookbooks. It supports two locations from which cookbooks can be run:

  • A local directory.
  • A URL at which a tar.gz archive is located.

Enterprise Chef – It is the paid version with support from Opscode and comes with high-availability deployment support and has additional features for reporting and security. It is very easy option to start with the chef and it is managed by Opscode. It comes in two forms:

  • Hosted Chef – where your cookbooks, databags, roles and node definitions are stored securely in a Chef server provisioned by Opscode. No need to worry about hardware management and maintenance or software upgrades.
  • Private Chef – where you host the Enterprise Chef infrastructure on your own and you have full control, Faster rollout, better integration and behind your own firewall.

Open Source Chef Server – Its a free version which is having most of the capabilities of the enterprise version but lacks analytics dashboard, reporting, bulk grouping tool, customizable views, and pushes functionality. Support is available via large and active Chef community forums like Github, StackOverflow, and Others. Installation, Configuration, Updation needs to be handled by the local system admin.

What is a Chef Workstations ?

A workstation is a computer that is configured to run Knife, to synchronize with the chef-repo, and interact with a single server. The workstation is the location from which most users will do most of their work, including:

  • Developing cookbooks and recipes (and authoring them using Ruby).
  • Keeping the chef-repo synchronized with version source control.
  • Using Knife to upload items from the chef-repo to the server.
  • Configuring organizational policy, including defining roles and environments and ensuring that critical data is stored in data bags.
  • Interacting with nodes, as (or when) required, such as performing a bootstrap operation.

What is a Chef Node ?

A node is any server or virtual server that is configured to be maintained by a chef-client. A node can be any physical, virtual, or cloud machine that can run the chef-client. A chef-client is an agent that runs locally on every node that is registered with the server. When a chef-client is run, it will perform all of the steps that are required to bring the node into the expected state, including:

  • Registering and authenticating the node with the server.
  • Building the node object.
  • Synchronizing cookbooks.
  • Compiling the resource collection by loading each of the required cookbooks, including recipes, attributes, and all other dependencies.
  • Taking the appropriate and required actions to configure the node.
  • Looking for exceptions and notifications, handling each as required.

RSA public key-pairs are used to authenticate the chef-client with the server every time a chef-client needs access to data that is stored on the server. This prevents any node from accessing data that it shouldn’t and it ensures that only nodes that are properly registered with the server can be managed.

What is a Chef Supermarket ?

It is the site to host cookbook developed by the community, nice friendly web UI, and an easily searchable cookbook repository. It comes in two form:-

Public SupermarketWebsite is publicly accessible and hosted by chef and anyone can upload cookbooks and share them with the wider community. To interact with the public Chef Supermarket, use “knife cookbook site” commands.

Private Supermarket – installed behind the firewall on the internal network and is much faster. It can help formalize internal cookbook release management processes (e.g. “a cookbook is not released until it’s published on the private Chef Supermarket”).