We use different chef servers for staging and production so we can allow
staging to be open to all developers. Then production server admin access
is only allowed by the ops team. This is mainly due to compliance concerns
in our line of work. When something needs to move from staging to
production we just knife cookbook upload to the production server. All
cookbooks are kept in git repos and tagged when a version is uploaded to
We are in the process of moving to enterprise chef which has much better
per environment permissions.
Hope this helps.
On Thu, Jan 23, 2014 at 11:03 PM, Gourav Shah email@example.com wrote:
Is anyone running a separate physical Chef server per environment?
ie - staging vs production
If so, how do you handle deployment of changes to roles, data bags, and
environments? What process/tooling do you use to move changes into staging
first and then into production?
My suggestions here are,
- Use some SCM such as git.
- Push everything to the SCM first, and then pull it from the
- Use branching based on the environment names
- Version your cookbooks
- Then You could also extensively use Chef environments to use specific
versions of your cookbook for wach environment
Skype: initcron | Phone: +91 96 2328 2328