On Tue, Apr 24, 2012 at 1:41 AM, Torben Knerr firstname.lastname@example.org wrote:
But what about attribute overrides on node level? Is that something that we
should rather avoid and better do any cookbook configuration on a role level
Generally avoid them. Ask yourself, is this something specific about
this computer, or about what it is doing? Usually the override is
configuring what the server is doing, like setting a configuration
value for your web server. Shouldn’t all your web servers be
configured the same way?
Sometimes your computer will be unique, like it has more or less ram
than another and you have to tune -Xmx for a Java VM, or whatever. Let
the automation do the work and upfactor this to the cookbook to choose
this value based on the environment, like the total memory installed
(via ohai) other roles assigned to the node.
The Chef Server doesn’t keep an audit trail, but Opscode expects to
ship some features in Chef 11 that would be useful here.
Interested to hear more if you can tell already.
We’ve got code written that audits actions on the API side, but it is
in the newer server code that is erlang based which we haven’t
released yet. We’re getting started on the planning portion of that
release over the next couple of months, so it’s too early to make any
claims about what specific features will look like.