Chef comes with a handy package resource that helps to manage packages on the target machine. In this post I’m going to focus on the two major actions which are :install and :upgrade. While the difference is obvious it is not always easy to consider which one is better when writing your first recipe.

So, let’s figure out when to use one or the other :)

Package resource

Here is quick reminder of what the syntax of package resource looks like:

1
2
3

package "name" do
  action :action # see actions section below
end

where :action:

identifies which steps the chef-client will take to bring the node into the desired state

So, whenever we need to install certain package we simply put the following into the recipe file:

1
2
3

package "wget" do
  action :install
end

which will be converted into the proper command on the target system, for example on a Debian based system it will result in something like:

apt-get install wget

While on the Red Hat based system we’ll get:

yum install wget

Upgrade action

Alternatively we could use :upgrade action:

install a package and/or to ensure that a package is the latest version

While we might tend to always use :upgrade action and let Chef do the all dirty work for us, it is not always good decision especially when our package does a restart of the services it manages. There is always a risk an unattended upgrade could lead to the system failing, so, it’s best to avoid using it!

So, when should we use :upgrade action?

• Use :upgrade when you have packages that always need to be kept up-to-date;
• Use :upgrade when you are confident in the package repository, i.e. you are the maintainer or managing your own repository.

And in other cases we better use :install action :)

The rule of thumb

Know your infrastructure! ;)

Conclusion

Thank you very much for reading those far I really appreciate it!

Please let me know if I’m missing any use case where :upgrade would be preferred over :install action.