Is it good practice to version control the nodes and roles when using chef? If so, what is a good way to do it?
It looks likes one should be able to take a tree of JSON files created using chef_server_backup.rb and simply check it into VC. Are there better alternatives?
Update
It turns out that checking in the JSON produced by chef_server_backup.rb is not a good solution. The problem is that the JSON produced by the script is not stable. Each time the hashes come out in a different order and the resulting files are totally different to the previous versions ... even though they means the same thing when parsed as JSON. I would be better of just saving compress tarballs.
(But if I could canonicalize the JSON files by ordering the attributes ... )
I try and keep as much of my configuration as possible as JSON files and update chef-server with
knife [noun] from file name.json. I started with the repository at https://github.com/opscode/chef-repo and I keep all of JSON files in the appropriate directories. You can do the same with YAML or Ruby files too. Use theshowcommand, likeknife role show apache2 -Fj > roles/apache2.jsonto create files from existing data already on a chef-server.Some of the benefits of a "from file"-based approach are:
git diff, and view history of more than just cookbook versionsThe only thing not in opscode/chef-repo are node files. You can export/import nodes from files too, but it's generally not recommended because nodes should be disposable. I like how Nathen Harvey once said: "think of nodes as cattle, not pets."