Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Policyfiles: Be able to specify a policy revision ID for a node

Currently, nodes only use the latest policyfile uploaded to Chef Infra Server. Policyfiles are great because they are immutable (so someone can't change the cookbook source, put bad code in and cause issues to your nodes) but someone CAN upload a new policy (overwriting the existing policy that your nodes are happily using) and your nodes will use that new policy, bad code and all.

Pinning a node to a policy revision ID would mitigate this issue, further reinforcing the awesomeness of Policyfiles:

Usage Examples:

knife node policy set nodename --policy-name mypolicy --policy-revision 8f33d94d52 --policy-group prod

knife bootstrap IP -U username -i key --sudo --policy-name mypolicy --policy-revision 8f33d94d52 --policy-group prod

  • Guest
  • Jun 24 2021
  • New
  • Attach files
  • Ken MacLeod commented
    25 Jun, 2021 07:12pm

    Why not use a separate policy group for those selected nodes that can't accept (or should accept) the new policy yet?

    Our org often "subsets" our environments into smaller policy groups for testing and deployment.