chef - [chef] Re: on the general usage of chef

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: on the general usage of chef

From: Brad Knowles < >
To:
Cc: Brad Knowles < >
Subject: [chef] Re: on the general usage of chef
Date: Tue, 14 Jan 2014 09:32:25 -0600

On Jan 14, 2014, at 6:02 AM, Sam Darwin
< >
wrote:

> - the recipes would need to always be in a perfect and functional state.
> let's say that you were experimenting with something. and then every single
> server in your environment grabs that recipe and runs it.    this could
> affect
> the entire system, every single server.

Don't do this experimentation on your production environment.  That should be
locked down seven ways from Sunday.  Even if a new version of a cookbook were
to get pushed out, it wouldn't get used on any production servers until the
production environment was updated to allow that newer version.

Do this experimentation in your Development environment, and once it's rock
solid, then you push to Staging.  From there, once it's baked in for a while,
you can push to Prod.

And you can do all of this on a single Chef server.

> - even if you had two separate chef servers, one for production and one for
> testing...  so that the production server was designed to always be
> correct.
> even then, there is some small chance for human error, and it would
> propagate
> automatically and without necessarily being watched at that moment, to every
> single server in the environment.

Human error is always a possibility.  If you do your job right, with the
right unit and integration tests in your code, appropriate acceptance and
smoke testing in a suitable "Dev" or "Lab" environment, then the biggest risk
is the humans who are pushing the buttons.

> -  you might have recipes that are designed to handle 95% of the tasks, but
> there is still a bit of human intervention, or the developers are still
> logging
> into the servers and tweaking things .            an automated chef run
> might cause a
> conflict between the recipe and the manually added changes.

Don't let developers log into production servers.  In fact, don't let your
admin staff log into production servers.  Only automated systems should be
doing anything on them -- if a human being has to log in, then that machine
should be marked as down or broken and pulled out of production.

> - the recipes are in a state of flux, you might apply them carefully and
> methodically to only a few servers at a time.

Recipes as they are being developed should be in a state of frequent flux,
but recipes as they are pushed out to the Prod environment should be locked
down within an inch of their life.

--
Brad Knowles
< >
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

[chef] on the general usage of chef, Sam Darwin, 01/14/2014
- [chef] Re: on the general usage of chef, Sam Darwin, 01/14/2014
- [chef] Re: on the general usage of chef, Brad Knowles, 01/14/2014
  - [chef] Re: Re: on the general usage of chef, Anna Redding, 01/14/2014
- [chef] Re: on the general usage of chef, Dylan Northrup, 01/14/2014
  - [chef] Re: Re: on the general usage of chef, Lamont Granquist, 01/14/2014
    - [chef] Re: Re: Re: on the general usage of chef, Sam Pointer, 01/15/2014
      - [chef] Re: Re: Re: Re: on the general usage of chef, Ranjib Dey, 01/20/2014
        
        [chef] Versioning roles (was: on the general usage of chef), Daniel DeLeo, 01/21/2014
        
        [chef] Re: Versioning roles (was: on the general usage of chef), Elvin Abordo, 01/21/2014
        
        [chef] Re: Re: Versioning roles (was: on the general usage of chef), Daniel DeLeo, 01/21/2014
        
        [chef] Re: Re: Re: Re: Re: on the general usage of chef, Sean Escriva, 01/21/2014
        
        [chef] Re: Re: Re: Re: Re: Re: on the general usage of chef, Lamont Granquist, 01/23/2014