How scrub client info out of recipes and cookbooks but also preserve commit history?


#1

perhaps this is a dumb question, but is there is a straightforward way to
scrub my recipes and cookbooks of references to a particular customer and at
the same time maintain commit history? For example, say I have 1 recipe
popular_framework that has references to a customer’s internal
infrastructure. Over time I will make changes to that recipe. How can I
preserve the commit history as I merge those changes into my public github
recipe but filter out anything specific to the customer?


#2

So I have been working with my team to make sure cookbooks are generalized as much as possible for apps. Define as much as we can using attributes and use roles. For some things that does not work then we try to create a company cookbook that has recipes like apache site definitions and such. I know this does not answer your got question but it’s how I address the general problem.

Joshua

On Oct 2, 2011, at 7:31 AM, Bryan Berry bryan.berry@gmail.com wrote:

perhaps this is a dumb question, but is there is a straightforward way to scrub my recipes and cookbooks of references to a particular customer and at the same time maintain commit history? For example, say I have 1 recipe popular_framework that has references to a customer’s internal infrastructure. Over time I will make changes to that recipe. How can I preserve the commit history as I merge those changes into my public github recipe but filter out anything specific to the customer?


#3

Centrally then, the only things you change for a customer are the node
attributes?
On Oct 2, 2011 6:50 PM, “Joshua Miller” jassinpain@gmail.com wrote:

So I have been working with my team to make sure cookbooks are generalized
as much as possible for apps. Define as much as we can using attributes and
use roles. For some things that does not work then we try to create a
company cookbook that has recipes like apache site definitions and such. I
know this does not answer your got question but it’s how I address the
general problem.

Joshua

On Oct 2, 2011, at 7:31 AM, Bryan Berry bryan.berry@gmail.com wrote:

perhaps this is a dumb question, but is there is a straightforward way to
scrub my recipes and cookbooks of references to a particular customer and at
the same time maintain commit history? For example, say I have 1 recipe
popular_framework that has references to a customer’s internal
infrastructure. Over time I will make changes to that recipe. How can I
preserve the commit history as I merge those changes into my public github
recipe but filter out anything specific to the customer?


#4

Also, do you use data bags for corporate defaults? I could see using data
bags for admin user accounts and server names
On Oct 2, 2011 6:52 PM, “Bryan Berry” bryan.berry@gmail.com wrote:

Centrally then, the only things you change for a customer are the node
attributes?
On Oct 2, 2011 6:50 PM, “Joshua Miller” jassinpain@gmail.com wrote:

So I have been working with my team to make sure cookbooks are
generalized
as much as possible for apps. Define as much as we can using attributes
and
use roles. For some things that does not work then we try to create a
company cookbook that has recipes like apache site definitions and such. I
know this does not answer your got question but it’s how I address the
general problem.

Joshua

On Oct 2, 2011, at 7:31 AM, Bryan Berry bryan.berry@gmail.com wrote:

perhaps this is a dumb question, but is there is a straightforward way
to
scrub my recipes and cookbooks of references to a particular customer and
at
the same time maintain commit history? For example, say I have 1 recipe
popular_framework that has references to a customer’s internal
infrastructure. Over time I will make changes to that recipe. How can I
preserve the commit history as I merge those changes into my public github
recipe but filter out anything specific to the customer?


#5

Hi Bryan,

On Sun, Oct 2, 2011 at 7:31 AM, Bryan Berry bryan.berry@gmail.com wrote:

perhaps this is a dumb question, but is there is a straightforward way to
scrub my recipes and cookbooks of references to a particular customer and at
the same time maintain commit history? For example, say I have 1 recipe
popular_framework that has references to a customer’s internal
infrastructure. Over time I will make changes to that recipe. How can I
preserve the commit history as I merge those changes into my public github
recipe but filter out anything specific to the customer?

You might find this page that describes how to remove history from a
git repo to be of use:
http://help.github.com/remove-sensitive-data/

The short answer is that, while possible with a few commands,
scrubbing git history is not something you want to make a regular
practice of. So once you’ve cleaned your repos, it would make sense
to segregate sensitive or customer specific data in files not stored
in git. And I think some of the other responses have suggested some
strategies along those lines in terms of data bags, for example

  • seth


Seth Falcon | Development Lead | Opscode | @sfalcon


#6

that was what I was thinking, tks

On Sat, Oct 8, 2011 at 5:56 PM, Seth Falcon seth@opscode.com wrote:

Hi Bryan,

On Sun, Oct 2, 2011 at 7:31 AM, Bryan Berry bryan.berry@gmail.com wrote:

perhaps this is a dumb question, but is there is a straightforward way to
scrub my recipes and cookbooks of references to a particular customer and
at
the same time maintain commit history? For example, say I have 1 recipe
popular_framework that has references to a customer’s internal
infrastructure. Over time I will make changes to that recipe. How can I
preserve the commit history as I merge those changes into my public
github
recipe but filter out anything specific to the customer?

You might find this page that describes how to remove history from a
git repo to be of use:
http://help.github.com/remove-sensitive-data/

The short answer is that, while possible with a few commands,
scrubbing git history is not something you want to make a regular
practice of. So once you’ve cleaned your repos, it would make sense
to segregate sensitive or customer specific data in files not stored
in git. And I think some of the other responses have suggested some
strategies along those lines in terms of data bags, for example

  • seth


Seth Falcon | Development Lead | Opscode | @sfalcon