Having a heterogeneous network is becoming more common as time goes by. Certain pieces of software either don't exist or are not as well supported on one platform as they are on another. As a result, administrators encounter situations where they are required to deploy and manage hosts running multiple operating systems side-by-side. Integrating Windows and Linux-based systems comes with its own set of challenges, and Chef helps to address these issues by providing a consistent way to interact with both Linux and Windows-based systems.
For anyone who manages such infrastructure (specifically a collection of systems running some combination of Windows and Linux), Chef has some amazing features. Because it is capable of modeling both Windows and Linux systems with the same declarative language and configuration data, you can easily configure both your Linux and Windows systems using the same tool.
For example, you could have a cookbook with a recipe that configures the firewalls of your network hosts. That recipe can search Chef's configuration data for all other hosts in your network, gather up a list of their IP addresses, and open up traffic to all those IP addresses. If you provision a new host, all of the hosts being managed will automatically know about the new host and add a new firewall rule. Additionally, because Chef provides you with its own declarative language that hides the implementation details, you can focus on what you want to achieve and not on how to achieve it. Chef knows what platform it is running on and how to load the system-specific implementation of your resource such as a network interface, firewall, user, file, and more. It is also entirely possible to write recipes to install Apache or MySQL that are capable of working on both Linux and Windows platforms.
This makes it much easier to integrate any number of Windows and Linux systems without having to maintain multiple sets of scripts to achieve the same end goal. For example, assuming you had a firewall cookbook for both Windows and Linux, it would be possible to write a recipe similar to the following:
search(:node, 'role:web_server).each do |node| ip = node[:external_ip] firewall_rule "#{ip}" do source "#{ip}" action :allow end end
In the preceding code, we are searching for all nodes that have the role of web_server
and which call the firewall_rule
resource to allow traffic to originate from that source. Notice that the recipe does not refer to the Windows Firewall software or Linux's firewall tool, iptables. Rather, Chef's custom language allows us to describe what we were doing, not how to achieve our goal. The "how" is implemented in a provider and the "what" is described by a resource, which are both provided in our firewall cookbook.