I am excited to announce that Policyfiles are now covered in Learn Chef Rally.
Policyfiles have become mainstream and are a best practice for managing your estate with Chef. Policyfiles have a number of clear benefits:
They combine the very best parts of Roles, Environments, and Berkshelf into a single workflow. The power of Policyfiles means you can be completely confident about the cookbook versions being used.
The `Policyfile.rb` file, which resembles a Chef Role combined with a Berksfile, gets compiled into a `Policyfile.lock.json` file containing unique references to the cookbooks in the run-list. It also specifies where these cookbooks reside. This may be on the Chef Server, but it could be direct from source or from another artifact repository.
The Chef client still queries the Chef Server, but when the lock is returned it knows to pull these specific cookbook versions contained therein. These cookbooks are identified by a unique hash based on their contents. If as much as a space is added to a file in the cookbook source, then the hash won’t match the `Policyfile.lock.json` and the `chef-client` run will fail!
Furthermore, Policyfiles negate the need for roles. One of the main issues with roles is the fact they are not versioned, so there is no way to track changes. The runlist is an integral part of Policyfiles and cannot be changed without recreating the associated lock file, hence regenerating the hash.
Policy groups provide a mechanism for promotion through the deployment lifecycle, from dev to QA to production.
Want to get into the nitty-gritty and get some help getting started with Policyfiles? Here are links to the specific Learn Chef Rally content.
If you are new to Learn Chef Rally, I would encourage you to sign up for an account. Not only do you get rewarded with some cool badges, but all of your completion progress is tracked! Just click “Sign Up” from the Learn Chef Rally landing page.