We went a similar route, though we aren’t using Jenkins, but instead, have “chefhooks” bit running on a worker server. It will apply any change that’s pushed to our git repo, so it’s very trusting, but since it’s so easy to update environments, data bags, etc., nobody does it using knife (with the exception of encrypted data bags, which must be edited via knife).
We don’t, however, handle cookbooks that way; those are all driven by a Berkshelf workflow that relies on Travis to test things using Test Kitchen & the EC2 driver.
On May 23, 2014 at 8:08:04 AM, Mike Splain (firstname.lastname@example.org) wrote:
We tried to tackle that problem and had similar issues. Instead, we’re going the automated route, only Jenkins can make changes to chef: automated pushes of cookbooks, environments, roles, etc. that tracking and history are built into Jenkins and only occur after a proper merge has been done in GitHub.
I know that’s not exactly what you’re asking but just something to think about.
On Friday, May 23, 2014, Gregory Patmore email@example.com wrote:
As our chef repos grow and becomes more collaborative, a need to track activity on the chef server is rising in priority for me.
We’ve wrapped the knife util to track activity, but can’t enforce that people will use the wrapped util. Is there any way anyone is doing this? I’d like to implement tracking at the chef server side. Any plugin or advice would be appreciated.