Different kind of clients, cookbook dev workflow

Chef Infra (archive)
1

Hi there,

I’ve successfully setup a chef server and more than 100 clients.
I have two different kinds of clients: servers and workstations.

I read some of you would setup separate chef-server for this usage.

What’s opscode’s position about that kind of setup, and what would you
recommend ?
I can think of some reasons to use several environments:

  • might be faster, would that mean chef-server doesn’t scale properly ?

  • attributes, cookbooks and node separation. As far as i know, there’s
    no acl support in chef so I should not mix server and workstation up
    if I intend to have sensible informations in attributes, databags
    or cookbooks

  • webui status page doesn’t allow to sort, regroup or select nodes by
    roles

Another question for which the answer might be related:
What’s your developpement workflow with cookbooks ?
Do you run another chef-server environment to test cookbooks ?
Using shef ?

I’m using git to manage my cookbooks, i’d love to have 2 main
branches “production” and “testing” and have chef serving the correct
branch depending on a node’s environment attribute (for ex) :slight_smile:


Laurent

2

On Mon, Jun 7, 2010 at 5:24 AM, laurent+opscode@u-picardie.fr wrote:

I've successfully setup a chef server and more than 100 clients.
I have two different kinds of clients: servers and workstations.

Sweet!

I read some of you would setup separate chef-server for this usage.

What's opscode's position about that kind of setup, and what would you
recommend ?
I can think of some reasons to use several environments:

  • might be faster, would that mean chef-server doesn't scale properly ?

The chef-server scales pretty well - it's more about...

  • attributes, cookbooks and node separation. As far as i know, there's
    no acl support in chef so I should not mix server and workstation up
    if I intend to have sensible informations in attributes, databags
    or cookbooks

I totally do mix the server and workstation recipes in one repository.

  • webui status page doesn't allow to sort, regroup or select nodes by
    roles

But it should! :slight_smile:

There is a feature coming in the 0.10 era Chef (0.9 is about to drop,
and lays the foundation for this) that will let you set up multiple
environments on a single Chef server - you can have a workstation
environment, testing, production, etc. Each will have the ability to
have cookbooks pinned to particular versions, and their own roles and
data bags.

Another question for which the answer might be related:
What's your developpement workflow with cookbooks ?

The upcoming 0.9 release makes this easier, but mine goes like this:

If I'm adding an upstream cookbook

$ knife cookbook site vendor COOKBOOK -d

Make changes

$ edit stuff

Commit

$ git commit -a -m "Did some stuff"

Push

$ knife cookbook upload COOKBOOK

Run stuff

$ knife ssh 'role:has_cookbook' chef-client

Rinse and repeat. :slight_smile:

Do you run another chef-server environment to test cookbooks ?

I use a virtual machine that I can snapshot and roll-back on the disk.

Using shef ?

I do.

I'm using git to manage my cookbooks, i'd love to have 2 main
branches "production" and "testing" and have chef serving the correct
branch depending on a node's environment attribute (for ex) :slight_smile:

Works great. Another 0.9 feature here is per-directory knife
configurations - this will let you have a production and testing
directory, with knife pre-configured to function appropriately as soon
as you enter the directory.

Adam

--
Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E: adam@opscode.com

3

Adam Jacob adam@opscode.com writes:

Hi,

Thanks for your answers Adam !

There is a feature coming in the 0.10 era Chef (0.9 is about to drop,
and lays the foundation for this) that will let you set up multiple
environments on a single Chef server - you can have a workstation
environment, testing, production, etc. Each will have the ability to
have cookbooks pinned to particular versions, and their own roles and
data bags.

sounds promising !
What about acl ?

Another question for which the answer might be related:
What's your developpement workflow with cookbooks ?

The upcoming 0.9 release makes this easier, but mine goes like this:

If I'm adding an upstream cookbook

$ knife cookbook site vendor COOKBOOK -d

Make changes

$ edit stuff

Commit

$ git commit -a -m "Did some stuff"

Push

$ knife cookbook upload COOKBOOK

Run stuff

$ knife ssh 'role:has_cookbook' chef-client

Ok, now let's say its recipe is in the run_list of a lot of clients.
I want to change stuff and be able to test the changes without
risking to impact the clients.
How would that be achieved with chef 0.8 ?
Clone, then put this cloned cookbook/recipe to the run_list of the
test client, change stuff, correct stuff, merge back to the cookbook
in production ?
I'm looking for a simple workflow, are there other ways ?

Would it be solved/remedied by having a way to override cookbook_path
in clients' attributes ?

--
Laurent