1. 技术文章
  2. chef versioning - is there an order of precedence?

chef versioning - is there an order of precedence?

隐身守侯 提交于 2019-12-11 23:23:12

问题


As i understand it, you can set the version for a cookbook in its metadata.rb file.

You can subsequently reference that version in three places. Other cookbook metadata, environments or run_lists.

What happens if you specify a version constraint for the same cookbook in more than one of those locations with different version numbers. Which version is enforced?

The reason for asking is if a Role isn't versioned like a cookbook... and maybe the production environment is configured to lock versions to known good cookbooks but an admin comes along and updates a recipe in the Roles run_list like apache@1.2.2 so it's different to that of the environments constraints.. which wins.

Hope that makes sense.

fLo


回答1:


The dependency solver in Chef will (unfortunately silently) use the best version of a dependent cookbook it can to solve the graph. That means if you have:

  • cookbook runit exists on the Chef server at version 0.13.2 and 1.2.0
  • cookbook myface depends on runit with no version constraint operator
  • cookbook yourface depends on runit with ~> 0.13.0

When the node's expanded run list contains recipe[myface] and recipe[yourface], it will use runit version 0.13.2.

If Chef cannot solve the graph, it will return an HTTP 412, precondition failed. For example if you lock the version of runit in the environment to = 1.2.0, and both recipe[myface] and recipe[yourface] are in the run list, it will be unable to solve the graph because yourface wants v0.13.2.

Another scenario:

  • cookbook couchdb exists with versions 1.1.0 and 1.0.0
  • cookbook couchdb version 1.1.0 depends on runit ~> 1.1
  • cookbook couchdb version 2.0.0 depends on runit >= 1.0.0 (the major version bump was fixing a dependency so the earlier version could be used)
  • cookbook myface depends on couchdb >= 1.1.0 (and transitively runit 1.2.0)
  • cookbook yourface depends on couchdb ~> 2.0.0 (and transitively runit 1.0.0)

When the node's run list again contains both recipe[myface] and recipe[yourface], then you'll probably end up with:

  • couchdb 2.0.0 (due to yourface pessimistic constraint, and this satisfies myface's 1.1.0 requirement)
  • runit 1.1 (due to couchdb 2.0.0's requirement)

This may or may not be what you actually want, however, because perhaps the behavior in the different couchdb cookbooks is different for the application in some way unrelated to its use of runit. It's probably fine though.

It's generally fine to set dependencies in your cookbooks' metadata on community cookbooks depending on your needs. For some cookbooks, liberal constraints (or none at all) are fine. For other cookbooks, pessimistic constrinats (with the ~> operator) are probably good. This is on a case-by-case basis, so I don't have general advice. Keep an eye on the changelogs or commit logs of the cookbooks you're interested in and see if the author has a habit of breaking things between minor releases, for example.

It is recommended for environments, especially production/stable type environments, to pin cookbook versions with the = operator. This is what we (Chef, the company) do with the cookbooks that run Hosted Chef (the Chef Server SaaS).




回答2:


Remember there are the cookbook entries that appear on the run-list and additional cookbooks that are listed as dependencies in the various metadata files. At run-time chef must construct a tree of cookbook versions to determine the actual version of each cookbook that will be used.

For example cookbook B could depend on >v3.0 of cookbook X, whereas cookbook B could depend on >version 1.0. So it's not really a matter of which cookbook "wins", it's more about whether chef satisfy the constraints on versions that it discovers and meet those constraints from the available cookbook versions loaded.

When it comes to constraints you are best advised to place these in two only two places:

  • Cookbook dependencies in the environment file.
  • Runlist of the Environment

Why?

  1. Less confusing
  2. Constraints on the environment is supported by knife when uploading cookbooks
  3. As you point out roles are not versioned, and setting versions on the role run-list would apply to all chef server environments...
  4. Using the cookbook to control the run-list is a new pattern and the metadata version and dependencies automatically control the versions to be chosen.


来源:https://stackoverflow.com/questions/20717804/chef-versioning-is-there-an-order-of-precedence

标签
chef
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!