I wrote a little recipe to upgrade glibc for CVE-2015-0235 http://www.openwall.com/lists/oss-security/2015/01/27/9 and it was easy
enough to patch all my nodes. But now I’m wondering, how should I run this
recipe on my Chef Server?
I had originally provisioned my Chef Server using a little fabric script http://www.fabfile.org/ that installs chef, git clones my chef repo, and
runs chef-solo. I haven’t had to run a converge on it since but now it’s
got me thinking, how do you guys handle config management of the Chef
Server? How do you provision your initial Chef Server?
chef client registered itself, running the chef-server cookbook + any other
firewall/management related cfg mgmt you need to run on your c.server boxen.
I wrote a little recipe to upgrade glibc for CVE-2015-0235 http://www.openwall.com/lists/oss-security/2015/01/27/9 and it was easy
enough to patch all my nodes. But now I'm wondering, how should I run this
recipe on my Chef Server?
I had originally provisioned my Chef Server using a little fabric script http://www.fabfile.org/ that installs chef, git clones my chef repo,
and runs chef-solo. I haven't had to run a converge on it since but now
it's got me thinking, how do you guys handle config management of the Chef
Server? How do you provision your initial Chef Server?
Same here, we manage the configs using chef itself. Generally it includes
some sysctl perf tuning, some chef-server.rb config (like db pool size,
depsolver worker count, ssl certs etc). For bootstrapping i use blender,
you can see an example of this here[1]. We use a custom knife plugin to
sync/restore backup data (clients & nodes).
On Wed, Jan 28, 2015 at 6:39 PM, AJ Christensen <aj@junglistheavy.industries
wrote:
chef client registered itself, running the chef-server cookbook + any
other firewall/management related cfg mgmt you need to run on your c.server
boxen.
I wrote a little recipe to upgrade glibc for CVE-2015-0235 http://www.openwall.com/lists/oss-security/2015/01/27/9 and it was
easy enough to patch all my nodes. But now I'm wondering, how should I run
this recipe on my Chef Server?
I had originally provisioned my Chef Server using a little fabric script http://www.fabfile.org/ that installs chef, git clones my chef repo,
and runs chef-solo. I haven't had to run a converge on it since but now
it's got me thinking, how do you guys handle config management of the Chef
Server? How do you provision your initial Chef Server?
Same here, we manage the configs using chef itself. Generally it includes
some sysctl perf tuning, some chef-server.rb config (like db pool size,
depsolver worker count, ssl certs etc). For bootstrapping i use blender,
you can see an example of this here[1]. We use a custom knife plugin to
sync/restore backup data (clients & nodes).
On Wed, Jan 28, 2015 at 6:39 PM, AJ Christensen <
aj@junglistheavy.industries> wrote:
chef client registered itself, running the chef-server cookbook + any
other firewall/management related cfg mgmt you need to run on your c.server
boxen.
I wrote a little recipe to upgrade glibc for CVE-2015-0235 http://www.openwall.com/lists/oss-security/2015/01/27/9 and it was
easy enough to patch all my nodes. But now I'm wondering, how should I run
this recipe on my Chef Server?
I had originally provisioned my Chef Server using a little fabric script http://www.fabfile.org/ that installs chef, git clones my chef repo,
and runs chef-solo. I haven't had to run a converge on it since but now
it's got me thinking, how do you guys handle config management of the Chef
Server? How do you provision your initial Chef Server?
its not automatically manage, you have to do it as part of your
provisioning. which will also include populating the cookbooks etc.
chef-server cookbook kicks in after that.
Same here, we manage the configs using chef itself. Generally it includes
some sysctl perf tuning, some chef-server.rb config (like db pool size,
depsolver worker count, ssl certs etc). For bootstrapping i use blender,
you can see an example of this here[1]. We use a custom knife plugin to
sync/restore backup data (clients & nodes).
On Wed, Jan 28, 2015 at 6:39 PM, AJ Christensen <
aj@junglistheavy.industries> wrote:
chef client registered itself, running the chef-server cookbook + any
other firewall/management related cfg mgmt you need to run on your c.server
boxen.
I wrote a little recipe to upgrade glibc for CVE-2015-0235 http://www.openwall.com/lists/oss-security/2015/01/27/9 and it was
easy enough to patch all my nodes. But now I'm wondering, how should I run
this recipe on my Chef Server?
I had originally provisioned my Chef Server using a little fabric
script http://www.fabfile.org/ that installs chef, git clones my
chef repo, and runs chef-solo. I haven't had to run a converge on it since
but now it's got me thinking, how do you guys handle config management of
the Chef Server? How do you provision your initial Chef Server?