Chef client on VIOs? How do you manage your VIO configs?

I know the VIOs are generally to be treated as an appliance and one should never drop down to oem_setup_env. In reality however, oem is a very useful tool to get the job done. So that leads me into the question of using the Chef client on a VIO.

Currently a big push to manage all our *nix infrastructure with a compliance as code type of tool. Make sure there's odm alerts, ntp is set, whole list of other things. And force a box back into compliance if its out of spec. In past this was managed by each lpar holding a directory with scripts and items added to the appropriate places.

Has anyone tried to run the Chef client on the VIO? I see that the AIX cookbook has a nimviosupdate to help build resources. However, I am not finding a lot of information about actual customers running the client on the VIO in a production setting. So, has anyone ran the Chef client on the VIO? Did you have any issues with IBM support if they noticed the client running? Looking at the supported software solutions I see that the puppet client is supported, but no mention of Chef. In a document by Paul Finley from 2016, there is mention of VIOS Patch management with Chef but unable to find anything beyond that.

So part two of my question:
If you are not running any sort of configuration management on the VIOs, then how are you controlling the configs for your VIOs?

In the past, each VIO was built as needed but DNS servers retire and new ones get put into place. Search domains same thing. We've even had to change our NTP server. Doing this all by hand is tedious.

Thanks everyone!

we are doing it on the root level without issues on vios 3.1.21 which essentially is AIX 7.2.3.3 including managing passwords. IBM does not care.

zxmaus,
Thanks for the reply. I know in the past IBM was very wash their hands if anything outside of their guidelines was installed. Was there any issues you encountered with running the client under the VIO? I really don't have a non-prod box with VIO's running so I need to be careful with mine. Oh, and they are old. Very old. 2000 days uptime old. Customer won't take downtime for any reason so I handle them very carefully.

Thanks again!

no issues but as I said we just reinstalled them a couple of weeks ago to 3.1.0.21 so they are latest and greatest. But so far chef is doing a great job updating the root password, /etc/resolv.conf and other files to our standards - and it has not yet killed a box I am not sure how a 2000 day old VIOS would behave (not to mention that I am pretty sure that version is no longer supported by IBM since a while anyways - what do you have, 2.5.x?. Do you have any physical box with similar old OS you could try if it would generally work for that OS version? I am more of a chef user, so all I do is install the client software and run it and check afterwards that the initial run did what it was supposed to do

Oh, its worse than 2.2.5. I'd actually be happy if it was .5. Let us say 2.2.2 something!

And yes well aware version not supported. Also paying out the teeth for 'extended' support for AIX since it still has 6.1 lpar's underneath the VIOS. Yes, yes I know all about the issues. Just I'm beholden to the customer and they have signed off on the risks. So if anything happens they are fully aware. Every quarter they are notified that they've signed x document stating that they accept all risk for running out of support, etc, etc.

I have a few boxes I can stand up that version of VIOS on, or find a close match with pure AIX.

As to chef, I'm learning it. As you can see from my post history, my scripting skills aren't that great. So its been fun. Few of my goals are to manage resolv.conf, services, edit/verify ODM entries (think hardware and core dump notifications). Right now starting off small with just ODM error notifications. Finally got that cookbook wrapped up. Likely not the best and if posted publicly people would rip it to shreds but seems to work for the various edge cases I threw at it.