- From: Brad Knowles <
>
- To:
- Cc: Brad Knowles <
>
- Subject: [chef] Re: using chef to provision/deprovision chef server users
- Date: Tue, 15 Oct 2013 14:21:19 -0500
On Oct 15, 2013, at 2:06 PM, Nick Silkey
<
>
wrote:
>
Im curious what others have done to tackle the provision/deprovision of
>
users within a given Chef Server.
>
>
My use case is having to own multiple company product's disparate
>
open-source chef servers. Im envisioning a workflow where a top-level
>
chef-server manages the foo product's chef server(s), satisfying dev+ops+qe
>
for the foo product are provisioned/deprovisioned. The same goes for the
>
bar product's chef server(s) + team, the baz product's chef server(s) +
>
team, etc. This would allow for onboarding already spun-up chef servers
>
and continuing to provide airspace segregation between products.
Just checking -- this is a large-scale multi-tenant environment, right? Not
just people from different teams in the same company, but actual different
paying customers, some of whom might be competitors for some of your other
customers. And we're potentially talking about many thousands of such
customers, right?
Maybe not Facebook or Netflix or Amazon scale, but still what would be
considered "large scale".
>
- Is anyone doing anything like this currently?
>
- How is it working out? Wonderfully? Terribly?
>
- Can alternatives like Private Chef solve this function?
What I have heard is that Private Chef 11.x was developed in part based on
Hosted Chef and the sorts of things that Opscode had to do to handle their
own multi-tenant environment. My understanding is that Hosted Chef is now
running on pretty much the same codebase as everyone else who is using
Enterprise Chef 11.x, and is the largest known installation of EC. Well, the
largest known installation that anyone can talk about, so far as we know.
So, if using the same chef server with RBAC that Opscode is using internally
for Hosted Chef would be a suitable solution for you, I think that's a pretty
easy answer. Of course, actually administering a large scale multi-tenant
Hosted Chef type of environment is not exactly a walk in the park, but I
suspect that you'll find some people on this list who can give you some
advice towards that end.
Now, if a Hosted Chef type of solution is not adequate for you, and you would
actually need separate chef servers for each environment in order to provide
that "air gap" level of security, then I'm not sure how you would scale that
-- we know what Opscode did (mostly), but I haven't heard of any other
solutions in that space on that scale.
--
Brad Knowles
<
>
LinkedIn Profile: <
http://tinyurl.com/y8kpxu>
Archive powered by MHonArc 2.6.16.