|
As you work with Chef, it will be important to understand the path we take during execution of the Chef Client. ConvergenceWe call the process of running the Chef Client or Chef Solo and taking any needed actions on Resources "Convergence". In a nutshell, Convergence in systems automation speak means "bringing the system closer to correct with each action you take". Ideally, a single run of the Chef Client should always bring the system into the fully expected state - not just half-way. But if it doesn't work out, trying again should continue to bring the system closer to correct. |
Build, Register, and Authenticate the Node
Build the Node
The first thing Chef Client or Chef Solo do is build a new Node. The node is constructed from:
- Ohai - Ohai discovers the data about the Operating System first.
- The previous data for the node is fetched from the Chef Server (unless we are running under Chef Solo).
- Any JSON Attributes or Recipes are added.
- All the Ohai attributes are added.
Registering With The Chef Server
Once the initial node is constructed, the Chef Client checks for the existence of its private key file, usually located in /etc/chef/client.pem. If the private key does not exist, the client will attempt to register itself. To register itself, the client temporarily assumes the identity of the chef-validator client. chef-validator is a special purpose client used exclusively for registering new clients. By default, the private key for chef-validator is stored in /etc/chef/validation.pem. Using the identity of the chef-validator chef-client (the application) will register a new client identity with the server and store its private key in /etc/chef/client.pem. From this point forward, chef-client will authenticate with the server using its own identity.
Synchronize Cookbooks
Synchronize Libraries, Attributes, Definitions and Recipes
The Chef Client then queries the Chef Server for a list of all the Libraries, Attributes, Definitions and Recipes in all Cookbooks, and transfers them to the local file cache.
Compile Resource Collection
Now that we have all information from the Cookbooks, it's time to assemble the specific collection of resources needed to converge this node.
Load Libraries
We first load all the Libraries from every cookbook, making any language extensions or ruby classes available.
Load Attributes
Then we load all the Attribute files, which update the Node attributes and Recipes.
Load Definitions
Definitions must be loaded before Recipes, since they create new pseudo-Resources.
Load Recipes
At this point, the Recipes themselves are evaluated. We are not taking any action on the resources in the recipes at this stage - we are taking each evaluated resource and putting it in the Resource Collection. This is essentially an Array of each evaluated resource, along with some helpful functions. Plain Ruby code outside of resources is evaluated, however. If you would like Ruby code executed with other resources, use a Ruby Block Resource.
Configure Node
Now Chef is ready to configure the system.
Converge
This is the actual convergence step. Each Resource in the Resource Collection is mapped to a [Provider], which then takes Action on it. The system is configured.
Save Node
After converging, Chef saves the state of the node to persist its node data and make it available for search.
Run Notifications
Finally, any [notification handlers] you've configured will be run.
If Something Went Wrong...
When chef-client fails, it finishes the run by executing any [exception handlers] you've configured