How are others going about being notified of changes (and their
contents/diffs) to a Chef server? Perform Big Data Agile
SplunkStash Analytics HadoopStormStash on the Erchef log?
On 8/29/2013 4:42 PM, Jeff Blaine wrote:
How are others going about being notified of changes (and their
contents/diffs) to a Chef server? Perform Big Data Agile
SplunkStash Analytics HadoopStormStash on the Erchef log?
Nobody's keeping track of what changed in the Chef server data store
and who changed it?
Are you talking about changes to cookbooks, roles, data bags, etc?
In that case the way that we set that up is managing those assets with SCM
(git in our case). We have jenkins jobs that control the uploading of
those cookbooks to our chef server.
So for us, no users have the ability to upload cookbooks to chef server
directly - only jenkins is able to (kinda).
There are ways we can get around that if there is a jenkins failure and we
need to push a change very quickly. But there is a separate jenkins job
that will run (and fail) if someone uploaded data that is not the same as
the version in Git. So in the (rare) case that jenkins is bypassed we'll
be notified appropriately by a failing CI job. We are trying to keep any
individual from uploading cookbooks from their local version and
potentially causing issues.
On Tue, Sep 3, 2013 at 10:49 AM, Jeff Blaine jblaine@kickflop.net wrote:
On 8/29/2013 4:42 PM, Jeff Blaine wrote:
How are others going about being notified of changes (and their
contents/diffs) to a Chef server? Perform Big Data Agile
SplunkStash Analytics HadoopStormStash on the Erchef log?Nobody's keeping track of what changed in the Chef server data store
and who changed it?
One possibility would be to run a knife backup export on a regular basis to
a time-stamped directory, then have a job run a recursive diff to detect
any changes.
You can also run knife diff against the server comparing whats in your
local repository and find discrepancies but this doesn't diff nodes which
are usually only in chef server.
Nginx logs definitely show puts, posts, etc. but don't have any offhand
suggestions on parsing methods for that - to me, although depending on the
size of your instance may take some time, comparing knife backup exports
seems like a start.
On Tue, Sep 3, 2013 at 10:49 AM, Jeff Blaine jblaine@kickflop.net wrote:
On 8/29/2013 4:42 PM, Jeff Blaine wrote:
How are others going about being notified of changes (and their
contents/diffs) to a Chef server? Perform Big Data Agile
SplunkStash Analytics HadoopStormStash on the Erchef log?Nobody's keeping track of what changed in the Chef server data store
and who changed it?
--
Kevin Counts counts@digicat.org