General discussion about Chef

[chef] Re: using chef to provision/deprovision chef server users


Chronological Thread 
  • From: Ranjib Dey < >
  • To:
  • Subject: [chef] Re: using chef to provision/deprovision chef server users
  • Date: Tue, 15 Oct 2013 16:37:02 -0700
we use three tools
1) knife-server ,  to spawn new chef servers
2) a bash script, called restore_chef.sh, which deletes all cookbooks, databags, roles, environments and upload them from local git repo. (you can pass -c knife.rb to this script)
3) A custom knife plugin to backup/restore (only nodes, clients, databags) chef artifact, gzip it, and store it in s3.

we use a combination of these three tools to
1) spawn fresh chef server, and sync them with existing ones.
2) to keep two distant chef servers in sync
3) to run our integratin tests ( we spawn chef-zero locally, use the restore_chef.sh and knife chefserver restore to populate data ), and then converge lxc against it. this allows us testing chef cookbooks/knife plugins locally, yest inside the production environment (logically, as all search calls return same values as they would do in production environment)
 
we have three chef servers in total (Production, Staging, Ops), and all of them are controlled by themselves, except Staging invokes the 2 & 3rd tool against Ops (for continuous deployment).

my advice would put more effort in testing the mechanism (on daily basis, as part of your CI/test harness), and let that requirement drive the actual choice of tools. There are ample options in the opensource world, also writing new ones, or customizing existing ones is not a lot of effort. 


On Tue, Oct 15, 2013 at 12:06 PM, Nick Silkey < " target="_blank"> > wrote:
Ohai Chefs --

Im curious what others have done to tackle the provision/deprovision of users within a given Chef Server.  

My use case is having to own multiple company product's disparate open-source chef servers.  Im envisioning a workflow where a top-level chef-server manages the foo product's chef server(s), satisfying dev+ops+qe for the foo product are provisioned/deprovisioned.  The same goes for the bar product's chef server(s) + team, the baz product's chef server(s) + team, etc.  This would allow for onboarding already spun-up chef servers and continuing to provide airspace segregation between products.

- Is anyone doing anything like this currently? 
- How is it working out?  Wonderfully?  Terribly?  
- Can alternatives like Private Chef solve this function?

Curious what the community is doing.  Thanks.

-nick


Archive powered by MHonArc 2.6.16.

§