Anatomy of a Chef Run

As you work with Chef, it will be important to understand the path we take during execution of the Chef Client.

Convergence

We call the process of running the Chef Client or Chef Solo and taking any needed actions on Resources "Convergence". In a nutshell, Convergence in systems automation speak means "bringing the system closer to correct with each action you take". Ideally, a single run of the Chef Client should always bring the system into the fully expected state - not just half-way. But if it doesn't work out, trying again should continue to bring the system closer to correct.

Build the Node

The first thing Chef Client or Chef Solo do is build a new Node. The node is constructed from:

1. 1. Ohai - Ohai discovers the data about the Operating System first.
   2. The previous data for the node is fetched from the Chef Server (unless we are running under Chef Solo).
   3. Any JSON Attributes or Recipes are added.
   4. All the Ohai attributes are added.

Registering With The Chef Server

Once the initial node is constructed, the Chef Client checks for the existence of its private key file, usually located in /etc/chef/client.pem. If the private key does not exist, the client will attempt to register itself. To register itself, the client temporarily assumes the identity of the chef-validator client. chef-validator is a special purpose client used exclusively for registering new clients. By default, the private key for chef-validator is stored in /etc/chef/validation.pem. Using the identity of the chef-validator chef-client (the application) will register a new client identity with the server and store its private key in /etc/chef/client.pem. From this point forward, chef-client will authenticate with the server using its own identity.

Synchronize Libraries, Attributes, Definitions and Recipes

The Chef Client then queries the Chef Server for a list of all the Libraries, Attributes, Definitions and Recipes in all Cookbooks, and transfers them to the local file cache.

Compile - Resource Collection

Now that we have all information from the Cookbooks, it's time to assemble the specific collection of resources needed to converge this node.

Load Libraries

We first load all the Libraries from every cookbook, making any language extensions or ruby classes available.

Load Attributes

Then we load all the Attribute files, which update the Node attributes and Recipes.

Load Definitions

Definitions must be loaded before Recipes, since they create new pseudo-Resources.

Load Recipes

At this point, the Recipes themselves are evaluated. We are not taking any action on the resources in the recipes at this stage - we are taking each evaluated resource and putting it in the Resource Collection.

• This is essentially an Array of each evaluated resource, along with some helpful functions.
• Plain Ruby code outside of resources is evaluated, however.
• If you would like Ruby code executed with other resources, use a Ruby Block Resource.
• You can have Chef Evaluate and Run Resources at Compile Time, too.

Execute - Configure Node

Now Chef is ready to configure the system.

Converge

This is the actual convergence step. Each Resource in the Resource Collection is mapped to a Provider, which then takes Action on it. The system is configured.

Save Node

After converging, Chef saves the state of the node to persist its node data and make it available for search.

Run Notifications

Finally, any notification handlers you've configured will be run.

If Something Went Wrong...

When chef-client fails, it finishes the run by executing any exception handlers you've configured.

API Clients

Evaluate and Run Resources at Compile Time