Chef has announced some significant and innovative updates being released next month. Learn the highlights and how they can benefit your organization.
Progress Software recently announced enhancements to its Chef Enterprise Automation Stack and the new release of Chef Infra Client 17, as well as a new recognition program for Chef Community contributors that will debut during its April 28 Infra 17 launch event.
SEE: Linux commands for user management (TechRepublic Premium)
“Today’s release not only builds on our commitment to drive innovation and to the Chef community, but on our vision of delivering a unified and scalable platform that accelerates the rate in which enterprise DevSecOps can deliver changes in hybrid-cloud, regulated and edge computing environments,” said Sundar Subramanian, general manager of Chef Business at Progress.
Updates to Chef Enterprise Automation Stack
Chef Enterprise Automation Stack updates are “designed to bring together familiar elements of the Chef ecosystem into a more integrated automation solution. Chef EAS gives DevSecOps teams scalable patterns they can use to minimize the effort needed to implement complex solutions, enables full-stack visibility across heterogeneous infrastructure and applications, and unifies the experience for developers, operators and administrators. It makes infrastructure and application delivery more secure and less complicated so it’s easier to extend value across teams at scale.”
New features include automatic compliance audits, Infra State Management Dashboards and the Chef Habitat command line interface intended to give developers a broad range of tools.
Updates in Chef Infra Client 17
Chef Infra Client 17 includes “new positioning around the Chef language, enabling developers of varying skills to work with Chef, and the new release comes equipped with a significant number of new pre-built resources, helpers and cookbooks created by both Chef and the Chef Community.”
New features include cloud integrations, hypervisor support and improvements to system architectures, “expanded coverage and support for ARM in the cloud, macOS Big Sur, the Apple M1 architecture, Windows 8 and PowerShell Core” and improved cloud detection, security and data aggregation.
SEE: Top 5 programming languages for systems admins to learn (free PDF) (TechRepublic)
The Chef Community Recognition program is intended to recognize Chef Community contributors who help improve the product and benefit the user community.
ChefConf 2021 will be hosted online Sept. 7-9, 2021. Sign up on the ChefConf 2021 “Save the Date” page.
I spoke with Sudhir Reddy, VP of engineering at Progress, about the Chef improvements.
Scott Matteson: The press release said, “Chef EAS gives DevSecOps teams scalable patterns they can use to minimize the effort needed to implement complex solutions, enables full-stack visibility across heterogeneous infrastructure and applications, and unifies the experience for developers, operators and administrators. It makes infrastructure and application delivery more secure and less complicated so it’s easier to extend value across teams at scale.”
Can you provide a few subjective examples of this? For example, what folks might use it for and how the benefits are new to Chef?
Sudhir Reddy: With Chef EAS, we’re continuing to advance our portfolio along a few dimensions:
- Integrating compliance into infrastructure and application delivery—This is a key reason why clients choose Chef, they get the power of InSpec and certified Premium Content to ensure compliance at scale.
- Making it easier to use Chef products—With this release of EAS, we’ve added Chef Habitat to Chef Workstation, added more feature-rich dashboards in Chef Automate, and we’ve added new resources in Chef Infra Client 17 to make the Chef Language easier to use.
- Enhancing continuous delivery with an emphasis on test-driven-development, by making it easier to automate delivery of heterogenous environments with increased system coverage and cloud support.
Today, pretty much any IT system used to transact business or store customer data is subject to some level of compliance regulation and needs to be audited. The responsibility for conducting audits and ensuring systems are compliant has fallen on the shoulders of corporate security and compliance teams. The adoption of DevOps and automation practices like infrastructure as code have helped improve compliance by eliminating configuration issues caused by human error and being able to patch and remediate non-compliant systems faster. But still in most organizations DevOps and security teams work independently of each other collaborating via ticket systems and spreadsheets.
The new Chef Infra Compliance Phase speaks directly to these challenges enabling Chef InSpec users to automatically execute compliance as part of any Chef Infra Client Run and achieve continuous compliance. It extends our policy-based approach to configuration enabling a single agent than can handle the end-to-end workflow from state enforcement to data aggregation to validation. With the introduction of Chef Infra Compliance Phase, the Audit Cookbook will no longer be necessary, and Chef Client InSpec Users can automatically execute compliance audits and view the results in Chef Automate as part of any Chef Infra Client Run.
The new Infrastructure State Management Dashboards allow users to view and manage Chef Infra Server details in Chef Automate. Using these views users can:
- Add multiple Chef Infra organizations or servers to Chef Automate Review cookbooks, roles, environments, data bags and clients for each organization
- Search and find roles, environments, data bag items, and clients from Chef Automate
When combined with Chef Infra Client Run Reports, the new views provide detailed insights into the various policies and Chef Infra objects in use on a system, making managing infrastructure easier. In upcoming releases, we plan to add the ability to make changes to the desired state, further accelerating the ability of users to remediate infrastructure drift with configuration management.
SEE: Chef cofounder on CentOS: It’s time to open source everything (TechRepublic)
Both these features work to advance our ability to deliver integrated compliance automation for clients.
Chef Habitat is now included in Chef Workstation: This provides a unified installation and developer experience for the full Chef Enterprise Automation Stack.
A good example of where having all the Chef tools available makes it easier to do more with Chef is managing complex applications on Windows. Operating system level configuration concerns such as domains, firewalls and others can be managed with Chef Infra, while Chef Habitat handles the build and deployment of the applications themselves. Together with Chef InSpec, users can guarantee that their applications have been delivered safely and securely with all the policy they’ve defined for them enforced.
Scott Matteson: The press release also said: “Chef Infra Client 17 includes new positioning around the Chef Language, enabling developers of varying skills to work with Chef, and the new release comes equipped with a significant number of new pre-built resources, helpers and cookbooks created by both Chef and the Chef Community.”
Can you provide a few subjective examples this, such as what folks might use it for and how the benefits are new to Chef?
Sudhir Reddy: The launch of Chef Infra Client 17 focuses on making it easier to use Chef Infra for a wider range of audiences and use cases. Improvements to Chef Infra Client 17 along with Chef Workstation improve the ability of organizations to adopt TDD practices in their infrastructure management.
SEE: How to install the Chef Server and Chef Client on Ubuntu 20.04 (TechRepublic)
More details will be given on new features and benefits in Chef Infra Client 17 during the live virtual launch event on April 28.
Scott Matteson: What sort of benefits will the new Chef Community Recognition program offer its participants?
Sudhir Reddy: The Chef Community Recognition program is designed to acknowledge, thank and engage Chef’s Community contributors. As part of this program, contributors will be recognized on an annual basis. The level of recognition will be determined based on the level and kind of contributions, and range from a personalized thank you, to free digital access to Chef’s user annual conference, to participation in roundtables with Progress product leadership.
- Streamlined developer experiences: The Chef Infra language is a collection of built-in resources and helpers that make codifying your infrastructure easy by doing the heavy lifting for users. This includes resources for defining security policies, configuring firewalls and other important system configurations, as well as helpers for detecting cloud providers, system architectures, and OS releases. Additionally, enhancements to Test Kitchen allow users to better test infrastructure changes on the wide range of clouds such as AWS, Azure of VMware vCenter. Along with improved InSpec integrations, organizations can have confidence before deploying changes to production environments.
- Cookstyle enhancements: Cookstyle is a code analysis tool built upon RuboCop that replaced Foodcritic in September 2019 and ships as part of Chef Workstation. Cookstyle helps users fix deprecations, upgrade Chef Infra Client releases and modernize their codebases. This release includes 100+ new rules (called cops). Running Cookstyle on a client’s infrastructure code not only ensures that everyone on their team is following a common coding style and avoids potential bugs, it also ensures that they’re utilizing the latest functionality the Chef Infra Client offers.
- Increased platform coverage and support: Expanded coverage and support for ARM in the cloud, macOS Big Sur, the Apple M1 architecture, Windows 8 and PowerShell Core.
Chef continues to engage deeply and expand our community (both individuals and within companies that want to strengthen their investment in Chef). To this end, a robust recognition program encourages our community to contribute to Chef’s open source.
Scott Matteson: What sort of events are planned for ChefConf this year?
Sudhir Reddy: Slated for Sept. 7-9, ChefConf 2021 once again will be digital and offer dozens of sessions on the DevOps topics that mean the most to our community:
- DevSecOps, security and compliance
- Continuous delivery, managing your infrastructure and delivering applications
- Managing and automating distributed resources
Scott Matteson: Can you provide a quick compare and contrast on Chef vs. Puppet? Why should companies use Chef or switch to using it?
Sudhir Reddy: As far as Chef vs. Puppet, both are great solutions. It really comes down to security concerns and the type of environment clients are trying to manage. Typically, the higher security and concerns are and the more diverse or complex the environment is, the more likely Chef will be a better fit.
- Runs everywhere: Chef delivers automation and compliance across a wide range of infrastructure environments, whether on-premises, at the edge, or in the cloud.
- Compliance, configuration validation and premium content: Chef provides closed-loop detect-and-correct capabilities and unparalleled content for security validation. Chef provides access to 400+ out-of-the-box profiles based on CIS and DISA STIG with more content being created every month. Chef Premium Content (launched in October 2020) delivers Chef-curated content for compliance audits, remediation and desktop configuration. The new Chef Infra Compliance phase included in this launch further advances our competitive advantage by eliminating the need to create and maintain audit cookbooks and replace with an automated run process executed by a single agent.
- Chef’s application delivery capabilities found in Chef App Delivery, which include application definition, packaging and delivery for custom built and COTS apps. While traditional code-based configuration solutions, like Chef Infra and Puppet are good for managing infrastructure-as-code, they are not well-suited for managing service architected applications with many dependencies that are updated frequently and require quick actions like stop/start/restart. Chef App Delivery takes a modular approach to configuration, working down the stack as far as needed to package all of the components needed to run an application into a single immutable artifact. Once a package is defined it is published as a signed, compressed, versioned artifact that includes everything defined in the manifest. Published artifacts are stored in a single-origin that can’t be accessed by humans giving them immutability and the ability to be deployed in multiple run-times. Advanced deployment functionality, like automated rollback, can be performed by the Chef Habitat Supervisor, which is patented technology.