From aeb4fef7c4ffd0cd6f016fc8173d979e051bac72 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 17 Feb 2026 19:45:46 +0000
Subject: [PATCH] Add support for replacing chef-client with cinc-client

---
 .kitchen.yml                                  |   7 +
 cookbooks/chef/attributes/default.rb          |   3 +
 cookbooks/chef/metadata.rb                    |   1 -
 cookbooks/chef/recipes/default.rb             | 124 +++++++++++++-----
 .../chef/templates/default/client.rb.erb      |   4 +-
 .../chef/templates/default/logrotate.erb      |   4 +-
 cookbooks/ohai/attributes/default.rb          |   2 -
 cookbooks/ohai/resources/plugin.rb            |  18 ++-
 .../integration/chef-cinc/inspec/cinc_spec.rb |  17 +++
 9 files changed, 139 insertions(+), 41 deletions(-)
 delete mode 100644 cookbooks/ohai/attributes/default.rb
 create mode 100644 test/integration/chef-cinc/inspec/cinc_spec.rb

diff --git a/.kitchen.yml b/.kitchen.yml
index 326033b0c..cbd774208 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -133,6 +133,13 @@ suites:
   - name: chef
     run_list:
       - recipe[chef::default]
+  - name: chef-cinc
+    run_list:
+      - recipe[chef::default]
+    attributes:
+      chef:
+        client:
+          cinc: true
   - name: civicrm
     run_list:
       - recipe[civicrm::default]
diff --git a/cookbooks/chef/attributes/default.rb b/cookbooks/chef/attributes/default.rb
index 9b1ed6787..e20cf9db9 100644
--- a/cookbooks/chef/attributes/default.rb
+++ b/cookbooks/chef/attributes/default.rb
@@ -3,3 +3,6 @@ default[:chef][:server][:version] = "15.9.38"
 
 # Set the default client version
 default[:chef][:client][:version] = "18.8.54"
+
+# Default to using the chef client
+default[:chef][:client][:cinc] = false
diff --git a/cookbooks/chef/metadata.rb b/cookbooks/chef/metadata.rb
index b2572c50d..bddbcbeea 100644
--- a/cookbooks/chef/metadata.rb
+++ b/cookbooks/chef/metadata.rb
@@ -9,6 +9,5 @@ supports          "ubuntu"
 depends           "apache"
 depends           "apt"
 depends           "git"
-depends           "ohai"
 depends           "systemd"
 gem               "mail", "= 2.7.1"
diff --git a/cookbooks/chef/recipes/default.rb b/cookbooks/chef/recipes/default.rb
index 129888c95..7ef641935 100644
--- a/cookbooks/chef/recipes/default.rb
+++ b/cookbooks/chef/recipes/default.rb
@@ -19,6 +19,12 @@
 
 cache_dir = Chef::Config[:file_cache_path]
 
+chef_name = if node[:chef][:client][:cinc]
+              "cinc"
+            else
+              "chef"
+            end
+
 chef_version = node[:chef][:client][:version]
 
 chef_platform = if platform?("debian")
@@ -33,19 +39,29 @@ chef_arch = if arm?
               "amd64"
             end
 
-os_release = if platform?("debian") && node[:lsb][:release].to_f > 11
-               11
-             else
-               node[:lsb][:release]
-             end
-
-# Chef is currently not available for Debian 11 on arm64.
-if chef_platform == "debian" && os_release == 11 && chef_arch == "arm64"
-  chef_platform = "ubuntu"
-  os_release = "22.04"
+if node[:chef][:client][:cinc]
+  os_release = node[:lsb][:release]
+else
+  os_release = if platform?("debian") && node[:lsb][:release].to_f > 11
+                 11
+               else
+                 node[:lsb][:release]
+               end
+
+  # Chef is currently not available for Debian 11 on arm64.
+  if chef_platform == "debian" && os_release == 11 && chef_arch == "arm64"
+    chef_platform = "ubuntu"
+    os_release = "22.04"
+  end
 end
 
-chef_package = "chef_#{chef_version}-1_#{chef_arch}.deb"
+chef_package = "#{chef_name}_#{chef_version}-1_#{chef_arch}.deb"
+
+chef_url = if node[:chef][:client][:cinc]
+             "https://downloads.cinc.sh/files/stable/cinc"
+           else
+             "https://packages.chef.io/files/stable/chef"
+           end
 
 directory "/var/cache/chef" do
   action :delete
@@ -61,8 +77,26 @@ Dir.glob("#{cache_dir}/chef_*.deb").each do |deb|
   end
 end
 
+if node[:chef][:client][:cinc]
+  service "chef-client.timer" do
+    action [:disable, :stop]
+  end
+
+  systemd_timer "chef-client" do
+    action :delete
+  end
+
+  systemd_service "chef-client" do
+    action :delete
+  end
+
+  file "/etc/logrotate.d/chef" do
+    action :delete
+  end
+end
+
 remote_file "#{cache_dir}/#{chef_package}" do
-  source "https://packages.chef.io/files/stable/chef/#{chef_version}/#{chef_platform}/#{os_release}/#{chef_package}"
+  source "#{chef_url}/#{chef_version}/#{chef_platform}/#{os_release}/#{chef_package}"
   owner "root"
   group "root"
   mode "644"
@@ -70,31 +104,41 @@ remote_file "#{cache_dir}/#{chef_package}" do
   ignore_failure true
 end
 
-dpkg_package "chef" do
+dpkg_package chef_name do
   source "#{cache_dir}/#{chef_package}"
   version "#{chef_version}-1"
 end
 
-directory "/etc/chef" do
+directory "/etc/#{chef_name}" do
   owner "root"
   group "root"
   mode "755"
 end
 
-template "/etc/chef/client.rb" do
+template "/etc/#{chef_name}/client.rb" do
   source "client.rb.erb"
   owner "root"
   group "root"
   mode "640"
+  variables :chef_name => chef_name
 end
 
-file "/etc/chef/client.pem" do
-  owner "root"
-  group "root"
-  mode "400"
+if node[:chef][:client][:cinc] && ::File.exist?("/etc/chef/client.pem")
+  link "/etc/#{chef_name}/client.pem" do
+    to "/etc/chef/client.pem"
+    owner "root"
+    group "root"
+    mode "0400"
+  end
+else
+  file "/etc/#{chef_name}/client.pem" do
+    owner "root"
+    group "root"
+    mode "400"
+  end
 end
 
-template "/etc/chef/report.rb" do
+template "/etc/#{chef_name}/report.rb" do
   source "report.rb.erb"
   owner "root"
   group "root"
@@ -103,32 +147,27 @@ end
 
 package "logrotate"
 
-template "/etc/logrotate.d/chef" do
+template "/etc/logrotate.d/#{chef_name}" do
   source "logrotate.erb"
   owner "root"
   group "root"
   mode "644"
+  variables :chef_name => chef_name
 end
 
-directory node[:ohai][:plugin_dir] do
-  owner "root"
-  group "root"
-  mode "755"
-end
-
-directory "/var/log/chef" do
+directory "/var/log/#{chef_name}" do
   owner "root"
   group "root"
   mode "755"
 end
 
-systemd_service "chef-client" do
+systemd_service "#{chef_name}-client" do
   description "Chef client"
-  exec_start "/usr/bin/chef-client"
+  exec_start "/usr/bin/#{chef_name}-client"
   nice 10
 end
 
-systemd_timer "chef-client" do
+systemd_timer "#{chef_name}-client" do
   description "Chef client"
   after "network.target"
   on_active_sec 60
@@ -136,6 +175,27 @@ systemd_timer "chef-client" do
   randomized_delay_sec 10 * 60
 end
 
-service "chef-client.timer" do
+service "#{chef_name}-client.timer" do
   action [:enable, :start]
 end
+
+if node[:chef][:client][:cinc]
+  package "chef" do
+    action :purge
+  end
+
+  directory "/etc/chef" do
+    action :delete
+    recursive true
+  end
+
+  directory "/var/chef" do
+    action :delete
+    recursive true
+  end
+
+  directory "/var/log/chef" do
+    action :delete
+    recursive true
+  end
+end
diff --git a/cookbooks/chef/templates/default/client.rb.erb b/cookbooks/chef/templates/default/client.rb.erb
index 6faa7384b..90e9f20d9 100644
--- a/cookbooks/chef/templates/default/client.rb.erb
+++ b/cookbooks/chef/templates/default/client.rb.erb
@@ -19,7 +19,7 @@ log_level :info
 
 # Set the location of the log file
 
-log_location "/var/log/chef/client.log"
+log_location "/var/log/<%= @chef_name %>/client.log"
 
 # Set the node name
 
@@ -39,7 +39,7 @@ ohai.optional_plugins = %w[Passwd]
 
 # Load supporting code for report handlers
 
-require "/etc/chef/report"
+require "/etc/<%= @chef_name %>/report"
 
 # Create report handler
 
diff --git a/cookbooks/chef/templates/default/logrotate.erb b/cookbooks/chef/templates/default/logrotate.erb
index 3cfef03d9..04ef1a0fd 100644
--- a/cookbooks/chef/templates/default/logrotate.erb
+++ b/cookbooks/chef/templates/default/logrotate.erb
@@ -1,6 +1,6 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-/var/log/chef/client.log {
+/var/log/<%= @chef_name %>/client.log {
   rotate 12
   weekly
   compress
@@ -9,6 +9,6 @@
   compressoptions -T0 -11 --quiet --long
   uncompresscmd /usr/bin/unzstd
   postrotate
-	systemctl try-restart chef-client.service
+	systemctl try-restart <%= @chef_name %>-client.service
   endscript
 }
diff --git a/cookbooks/ohai/attributes/default.rb b/cookbooks/ohai/attributes/default.rb
deleted file mode 100644
index 851221282..000000000
--- a/cookbooks/ohai/attributes/default.rb
+++ /dev/null
@@ -1,2 +0,0 @@
-# Plugin directory
-default[:ohai][:plugin_dir] = "/etc/chef/ohai"
diff --git a/cookbooks/ohai/resources/plugin.rb b/cookbooks/ohai/resources/plugin.rb
index 72719e2ec..4fd350e50 100644
--- a/cookbooks/ohai/resources/plugin.rb
+++ b/cookbooks/ohai/resources/plugin.rb
@@ -29,11 +29,12 @@ action :create do
     action :nothing
   end
 
-  directory "/etc/chef/ohai/plugins" do
+  directory plugin_dir do
     owner "root"
     group "root"
     mode "755"
     recursive true
+    only_if { ::Dir.exist?(chef_dir) }
   end
 
   declare_resource :template, plugin_path do
@@ -42,6 +43,7 @@ action :create do
     group "root"
     mode "644"
     notifies :reload, "ohai[#{new_resource.plugin}]"
+    only_if { ::Dir.exist?(chef_dir) }
   end
 end
 
@@ -52,7 +54,19 @@ action :delete do
 end
 
 action_class do
+  def chef_dir
+    if ::Dir.exist?("/etc/cinc")
+      "/etc/cinc"
+    elsif ::Dir.exist?("/etc/chef")
+      "/etc/chef"
+    end
+  end
+
+  def plugin_dir
+    "#{chef_dir}/ohai/plugins"
+  end
+
   def plugin_path
-    "/etc/chef/ohai/plugins/#{new_resource.plugin}.rb"
+    "#{plugin_dir}/#{new_resource.plugin}.rb"
   end
 end
diff --git a/test/integration/chef-cinc/inspec/cinc_spec.rb b/test/integration/chef-cinc/inspec/cinc_spec.rb
new file mode 100644
index 000000000..6314eb536
--- /dev/null
+++ b/test/integration/chef-cinc/inspec/cinc_spec.rb
@@ -0,0 +1,17 @@
+describe package("cinc") do
+  it { should be_installed }
+end
+
+describe systemd_service("cinc-client") do
+  it { should be_installed }
+end
+
+describe systemd_service("cinc-client.timer") do
+  it { should be_installed }
+  it { should be_enabled }
+end
+
+describe command("cinc-client --version") do
+  its("exit_status") { should eq 0 }
+  its("stdout") { should match /Cinc Client/ }
+end
-- 
2.39.5