Chef users faced with a license change might find solace in a new open source distribution, Cinc.

Trap and Release

Cinc InSpec Works Well

The counterpart to Chef InSpec [3] is probably the most advanced component in the Cinc portfolio (Figure 5). This component was not part of Chef in the beginning and was acquired by Progress Software.

Figure 5: InSpec uses a declarative scripting language used to define conditions. If the conditions are not in place on the system, the tool raises an alert.

InSpec stands alongside Chef Infra. Whereas Infra is responsible for configuring the systems, InSpec mainly takes care of monitoring. With the use of InSpec's own declarative scripting language, you store compliance rules for each system. InSpec then automatically checks the systems for compliance. If, for example, the /etc/passwd file is not allowed to contain a specific entry, you need to specify this in the configuration and then call InSpec on the respective system. If InSpec finds the entry in passwd, the alarm bells are set off.

Because InSpec is also trademarked, Cinc named its counterpart component Auditor. A quick check with existing definitions for host compliance showed that Cinc Auditor is fully compatible with InSpec. In our lab, the input and output of Chef InSpec and Cinc Auditor were like two peas in a pod. If the Cinc people can bundle the other parts of Chef into their distribution with the same meticulous care, there is no reason for admins not to move to Cinc instead of Chef (Figure 6).

Figure 6: Cinc Auditor, the counterpart to InSpec (pictured here), is already working well and can be used in production.

Chef's Distribution Guidelines

By the way, the Chef makers themselves do not think they have gone too far with the license change. In its own FAQ [4], the company states that the Chef code currently does not contain any checks that automatically classify the workload onsite with a view to penalize license violations. The reason given is that the company is aware of its own responsibility for those setups in which Chef is used as a mission-critical component. These setups can themselves be relevant, say, for operating mission-critical infrastructure. Checks of this kind are not planned for the foreseeable future, the statement continues. Whether you actually believe promises like this from the vendor is, of course, a question of your personal stance.

In the same document, the manufacturer does anticipate the option of a fork or an external distribution. However, Chef would not be Chef if it did not also try to jump onto this bandwagon, too. As a precaution, Chef has therefore presented a Distribution Guideline, to which distributors are required to adhere. According to the manufacturer, the respective creators are responsible for the content of distributions and forks.

Also in that document, Progress Software explicitly refuses to provide build help to external distributors from the community. Progress Software states that it is not possible to determine whether a Chef distribution is compatible with the distributor guidelines and the trademark requirements because of a lack of resources for external projects. In plain language: Distributors such as Cinc will discover whether they are compliant at the latest when they receive mail from Chef's legal team.

Conclusions

Cinc could well be a safe haven for desperate admins who don't want to get into trouble because of license violations. Migrating from an older version of Chef to a current Cinc release does involve a few obstacles, especially in terms of the paths to files on the file system. However, a short, sharp shock is probably preferable to infinite pain, and making the move is far less time-consuming than maintaining your own packages – which ultimately makes it acceptable.

What is clearly less acceptable is Progress Software's audacity in forcing admins to resort to these emergency measures. Admittedly, every software vendor is free to determine its business model and change it over time, but if a change results in basically eradicating the technical basis of existing setups, it is tantamount to a severe breach of trust between the vendor and the user.

Cinc is bridging the gap right now, which could lead to a rude awakening for Chef. If the Cinc makers manage to keep the quality of their product high, the distribution could attract users away from Chef, who would only have itself to blame.

Infos

  1. Cinc: https://cinc.sh/start/
  2. Cooking with Cinc: https://cinc.sh/blog/cooking_with_cinc/
  3. "Automated Compliance Testing with InSpec" by Martin Gerhard Loschwitz, ADMIN , 2017, issue 42, pg. 64, https://www.admin-magazine.com/Archive/2017/42/Automated-compliance-testing-with-InSpec/
  4. Chef FAQ: https://www.chef.io/pricing/subscription-model-faq

The Author

Freelance journalist Martin Gerhard Loschwitz focuses primarily on topics such as OpenStack, Kubernetes, and Chef.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=