Environments & Databags


#1

Hello! How do you folks deal with environment-specific data in databags?
And databag items?

For example, for the first case, let’s say a user should be in one group in
stage, and a different group in prod.

For the second, let’s say a nagios hostgroup needs to exist in prod, but
not stage . . .

Thanks a lot,
Guy


#2

Hi,

guymatz@gmail.com writes:

Hello! How do you folks deal with environment-specific data in databags?
And databag items?

For example, for the first case, let’s say a user should be in one group in
stage, and a different group in prod.

A pattern we use is:

data_bags/
users/
prod.json
preprod.json

So anything that needs environment specific settings gets an environment
specific data bag item.

Recipe code can then select the right data bag item via the node’s
chef_environment attribute.

  • seth


Seth Falcon | Development Lead | CHEF | http://www.getchef.com/ | @sfalcon


#3

We used to just have different data bags for different environments and use
the environment attribute to determine which data bag was hit with the
query dynamically.

I liked that better than having items mixed up in the same data bag, but
each partitioning comes with its own pros and cons.

On Fri, Jan 3, 2014 at 10:47 AM, Seth Falcon seth@getchef.com wrote:

Hi,

guymatz@gmail.com writes:

Hello! How do you folks deal with environment-specific data in databags?
And databag items?

For example, for the first case, let’s say a user should be in one group
in
stage, and a different group in prod.

A pattern we use is:

data_bags/
users/
prod.json
preprod.json

So anything that needs environment specific settings gets an environment
specific data bag item.

Recipe code can then select the right data bag item via the node’s
chef_environment attribute.

  • seth


Seth Falcon | Development Lead | CHEF | http://www.getchef.com/ | @sfalcon


#4

We have different data bags for different logical partitions (e.g. one for each application), and inside the data bags are items with names corresponding to our chef environments.

Tony

Tony Burns
Operations Engineer / Software Developer
Quad Learning, Inc.
1150 17th St Ste 310, Washington, DC 20036
c. 608.799.2000 p. 202.525.1078 f. 202.652.1075

On Jan 3, 2014, at 12:35, J Light j.gareth.light@gmail.com wrote:

We used to just have different data bags for different environments and use the environment attribute to determine which data bag was hit with the query dynamically.

I liked that better than having items mixed up in the same data bag, but each partitioning comes with its own pros and cons.

On Fri, Jan 3, 2014 at 10:47 AM, Seth Falcon seth@getchef.com wrote:
Hi,

guymatz@gmail.com writes:

Hello! How do you folks deal with environment-specific data in databags?
And databag items?

For example, for the first case, let’s say a user should be in one group in
stage, and a different group in prod.

A pattern we use is:

data_bags/
users/
prod.json
preprod.json

So anything that needs environment specific settings gets an environment
specific data bag item.

Recipe code can then select the right data bag item via the node’s
chef_environment attribute.

  • seth


Seth Falcon | Development Lead | CHEF | http://www.getchef.com/ | @sfalcon


#5

With Chef solo using roles and run lists.

Here for example is a base role (configure apt, email etc) and www role (
nginx etc)

% ls -1 roles
base.json
www.json
www_develop_branch.json
www_master_branch.json

If the node is in staging it’s on the develop (git) branch and adds the
www_develop_branch role to it’s run list.

If the node is in productution it’s on the masterp (git) branch and adds
the www_master_branch role to it’s run list.

nodes/dev.www.com.json run_list:

“run_list”: [
“role[base]”,
“role[www]”,
“role[www_develop_branch]”
]

nodes/www.com.json run_list:

“run_list”: [
“role[base]”,
“role[www]”,
“role[www_master_branch]”
]

The www_master_branch would have production server only recipes like
"datadog" and “mongodb mms” for monitoring.

Seems to work OK for us - this is for small apps using Chef solo.

On Sat, Jan 4, 2014 at 2:17 AM, Tony Burns tabolario@gmail.com wrote:

We have different data bags for different logical partitions (e.g. one for
each application), and inside the data bags are items with names
corresponding to our chef environments.

Tony

Tony Burns
Operations Engineer / Software Developer
Quad Learning, Inc.
1150 17th St Ste 310, Washington, DC 20036
c. 608.799.2000 p. 202.525.1078 f. 202.652.1075

On Jan 3, 2014, at 12:35, J Light j.gareth.light@gmail.com wrote:

We used to just have different data bags for different environments and
use the environment attribute to determine which data bag was hit with the
query dynamically.

I liked that better than having items mixed up in the same data bag, but
each partitioning comes with its own pros and cons.

On Fri, Jan 3, 2014 at 10:47 AM, Seth Falcon seth@getchef.com wrote:

Hi,

guymatz@gmail.com writes:

Hello! How do you folks deal with environment-specific data in
databags?
And databag items?

For example, for the first case, let’s say a user should be in one
group in
stage, and a different group in prod.

A pattern we use is:

data_bags/
users/
prod.json
preprod.json

So anything that needs environment specific settings gets an environment
specific data bag item.

Recipe code can then select the right data bag item via the node’s
chef_environment attribute.

  • seth


Seth Falcon | Development Lead | CHEF | http://www.getchef.com/ |
@sfalcon


#6

We plan to use policyfiles instead of roles and environments. How can I have environment specific secrets stored in the same Databag. For example, a database secret:
For Dev, we use a different database and credentials
For Prod, we use a different database and credentials
Can I still manage the above as part of same databag?