On Dec 27, 2011, at 9:31 AM, Jake Vanderdray wrote:
How do you mange your validator PEM? Do you end up doing the
initial install for the developers and put the PEM on manually, or do
you openly share the validator within your organization?
That's shared openly by all systems and users in the company. Of course, we're a small shop -- seven people at the moment, although I understand that they're looking to fill some positions. And of those, not all are developers. Of the developers we have, most aren't doing much of anything at all with Chef -- as the Ops guy, I'm the primary one doing most of the work with Chef.
Pretty much all of our systems are (or will be) VMs "in the cloud". Our developers do have local machines that they work from, but those are primarily used as a place to jump off into the actual development work that is done elsewhere.
To be honest, if you're using a Chef-managed environment, I don't see how you can avoid sharing the validator PEM amongst all systems. For those people who are developers but who don't need root access to their development machines, I could see where they wouldn't have open access to the validator PEM, but everyone doing anything with Chef would need to have access.
We're testing out using Vagrant instances for developers that get
built with our normal chef cookbooks. I'd love to just be able to
point people at a wiki page of instructions and let it be self-serve.
We could use vagrant, but we really want to get away from having any physical hardware that we have to manage, beyond the desktops that each person sits in front of -- and they're mostly responsible for managing those machines.
We do have a server with a few VMs loaded on it, and that machine has been used for some development to date, but going forward I think we're going to get away from that.
Of course, in a larger shop, I could see where our flat development architecture wouldn't necessarily work so well.
Brad Knowles firstname.lastname@example.org
SAGE Level IV, Chef Level 0.0.1