A common theme my customers will ask is “How/when do I trust Community Cookbooks”?
- You learn to trust community cookbooks by testing the cookbooks meets your needs
- Using a community cookbook can save you from reinventing the wheel. Edited after input from Noah Kantrowitz
Before diving in to just using the cookbook and rolling it out to your production environment(s) we want to make sure you have a solid plan to do this.
- Cookbook License
- Maintaining changes
The first consideration when working in your company is if the community cookbook’s License is acceptable to be used in your company. IANAL - but I will say most all Chef community cookbooks have either the Apache 2 or MIT license and those are friendly to you and your company. But verify the cookbook’s license before making it part of your applications.
Next thing to consider - do you want to just use the community cookbook or potentially fork it (make your own copy) to use and improve on your own schedules. Does the cookbook do 95% of what you need and you’ll make a change to get that other 5%? Great - do it. Also, please consider submitting your change back to the source to improve it, but if that is not possible that is okay too.
Last consideration - Does the community cookbook support every platform under the sun and you only need RHEL support? Fork that cookbook and pull out all the Windows dependencies to streamline your dependency needs. One benefit I really like here - this will improve your converge times because less dependent cookbooks will need to be downloaded on to each node from the Chef Server.
Deploying your copy of the Community Cookbook
Now that we’ve thought about the main things that need to be thought about - let’s put the community cookbook to work for you. How do you know the cookbook is going to work for your app? How do you know that your cookbook is going to work for your app? BY TESTING!
Run the community cookbook through the same pipeline you are running your cookbooks through. Here is an example pipeline if you need one. That said, the community cookbook may not have proper working linting and unit or integration tests and fail in your standard pipeline. If this is the case either fix the issues (and submit the fix back as a Pull Request) or skip the failing steps. Skipping the failing validation steps should not entirely be a deal breaker. At the end of the day we’re more interested in the integration tests of your cookbook that uses the community cookbook passing than we are interested in just the tests community cookbook. So if the community cookbook has the functionality you want but not the tests, it may not be a blocker, just a variable to consider.
In summary, I say “Do use community cookbooks from the Supermarket”. But don’t blindly implement them without knowing what they do. Read the source code, follow the license and test the cookbook in your environments.