[chef] Re: Re: Re: Re: Re: should I be using chef?

[Adam Greene < >]

We split Dev/testing/qa and staging/production into separate
organizations.  We lock down access to production quite tightly but
five open access to everything else. This also allows us to lock down
what is in production a bit more so we don't have accidental
migrations of code and recipes to prod.

Not sure if this is the optimal way, but it is what we are currently
doing (and always looking for ways to improve!)
Adam


----
Adam Greene
Diabetes Data Management, Simplified

SweetSpot Diabetes Care, Inc.
http:/www.SweetSpotDiabetes.com
ph: 503.922.2223 | cell: 503.784.2104


On Dec 27, 2011, at 10:45 AM, Brad Knowles 
<
 >
 wrote:

> On Dec 27, 2011, at 9:31 AM, Jake Vanderdray wrote:
>
>> How do you mange your validator PEM?  Do you end up doing the
>> initial install for the developers and put the PEM on manually, or do
>> you openly share the validator within your organization?
>
> That's shared openly by all systems and users in the company.  Of course, 
> we're a small shop -- seven people at the moment, although I understand 
> that they're looking to fill some positions.  And of those, not all are 
> developers.  Of the developers we have, most aren't doing much of anything 
> at all with Chef -- as the Ops guy, I'm the primary one doing most of the 
> work with Chef.
>
> Pretty much all of our systems are (or will be) VMs "in the cloud".  Our 
> developers do have local machines that they work from, but those are 
> primarily used as a place to jump off into the actual development work that 
> is done elsewhere.
>
> To be honest, if you're using a Chef-managed environment, I don't see how 
> you can avoid sharing the validator PEM amongst all systems.  For those 
> people who are developers but who don't need root access to their 
> development machines, I could see where they wouldn't have open access to 
> the validator PEM, but everyone doing anything with Chef would need to have 
> access.
>
>> We're testing out using Vagrant instances for developers that get
>> built with our normal chef cookbooks.  I'd love to just be able to
>> point people at a wiki page of instructions and let it be self-serve.
>
> We could use vagrant, but we really want to get away from having any 
> physical hardware that we have to manage, beyond the desktops that each 
> person sits in front of -- and they're mostly responsible for managing 
> those machines.
>
> We do have a server with a few VMs loaded on it, and that machine has been 
> used for some development to date, but going forward I think we're going to 
> get away from that.
>
>
> Of course, in a larger shop, I could see where our flat development 
> architecture wouldn't necessarily work so well.
>
> --
> Brad Knowles 
> <
 >
> SAGE Level IV, Chef Level 0.0.1
>