Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Chef at Prezi

And How It Enables DevOps
by

Zsolt Dollenstein

on 9 June 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Chef at Prezi

until satisfied do
hack; hack; hack
unless i_bumped_already
`knife spork bump my_cookbook`
`knife spork upload my_cookbook`
i_bumped_already = true
else
`knife cookbook upload --force my_cookbook`
end
satisfied = [true, false].sample
end History Core conditions Extending Chef in a big team our Chef repo active users Chef at Prezi community cookbooks and how it enables DevOps The Very Beginning Trying Chef Hire an ops guy to copy-pasteable instructions for setting up a machine migrate to chef-solo weekend project Chef every day one node at a time iteratively still a one-man show Today over 50 contributors Prezi Infrastructure Mobile team Website team Every team has to be self-sufficient Core services
team Online editor
team Desktop team nothing special happens here share and discover knowledge customize and refine jump start infrastructure make it easy to cookbook metadata stuff. cookbook metadata stuff. cookbook metadata stuff. cookbook metadata stuff. Role attributes Node Environments cookbook
pinned at
version X cookbook
pinned at
version X cookbook
pinned at
version X more attributes ad-hoc staging gradual cookbook upgrades Data Bags global shared
data [
{
"obj_type": "text",
"string": "Welcome to a Prezi generated from JSON",
"style": 2,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 2
}
},
{
"obj_type": "circle",
"radius": 30,
"style": 3,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 1
}
}
] [
{
"obj_type": "text",
"string": "Welcome to a Prezi generated from JSON",
"style": 2,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 2
}
},
{
"obj_type": "circle",
"radius": 30,
"style": 3,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 1
}
}
] [
{
"obj_type": "text",
"string": "Welcome to a Prezi generated from JSON",
"style": 2,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 2
}
},
{
"obj_type": "circle",
"radius": 30,
"style": 3,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 1
}
}
] [
{
"obj_type": "text",
"string": "Welcome to a Prezi generated from JSON",
"style": 2,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 2
}
},
{
"obj_type": "circle",
"radius": 30,
"style": 3,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 1
}
}
] [
{
"obj_type": "text",
"string": "Welcome to a Prezi generated from JSON",
"style": 2,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 2
}
},
{
"obj_type": "circle",
"radius": 30,
"style": 3,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 1
}
}
] [
{
"obj_type": "text",
"string": "Welcome to a Prezi generated from JSON",
"style": 2,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 2
}
},
{
"obj_type": "circle",
"radius": 30,
"style": 3,
"position": {
"obj_type": "position",
"x": 0,
"y": 0,
"rotation": 0,
"scale": 1
}
}
] secrets Custom Knife Plugins automate daily tasks wrappers for easier access horrible code quality works-for-me style testing written by frustrated and/or overexcited people fail find the other person working on the cookbook and FIGHT you have a lock on this cookbook, so work FAST usually too complex don't do exactly what we want confusing for beginners package "supervisor"

cookbook_file "/etc/supervisor/supervisord.conf" do
owner "root"
group "root"
mode 0644
source "supervisord.conf"
end

sudo_config "nagios_supervisorctl_status" include_recipe "python"

# foodcritic FC023: we prefer not having the resource on non-smartos
if platform_family?("smartos")
package "py27-expat" do
action :install
end
end

python_pip "supervisor" do
action :upgrade
version node['supervisor']['version'] if node['supervisor']['version']
end

directory node['supervisor']['dir'] do
owner "root"
group "root"
mode "755"
end

template node['supervisor']['conffile'] do
source "supervisord.conf.erb"
owner "root"
group "root"
mode "644"
variables({
:inet_port => node['supervisor']['inet_port'],
:inet_username => node['supervisor']['inet_username'],
:inet_password => node['supervisor']['inet_password'],
:supervisord_minfds => node['supervisor']['minfds'],
:supervisord_minprocs => node['supervisor']['minprocs'],
:supervisor_version => node['supervisor']['version'],
})
end

directory node['supervisor']['log_dir'] do
owner "root"
group "root"
mode "755"
recursive true
end

case node['platform']
when "debian", "ubuntu"
template "/etc/init.d/supervisor" do
source "supervisor.init.erb"
owner "root"
group "root"
mode "755"
end

template "/etc/default/supervisor" do
source "supervisor.default.erb"
owner "root"
group "root"
mode "644"
end

service "supervisor" do
action [:enable, :start]
end
when "smartos"
directory "/opt/local/share/smf/supervisord" do
owner "root"
group "root"
mode "755"
end

template "/opt/local/share/smf/supervisord/manifest.xml" do
source "manifest.xml.erb"
owner "root"
group "root"
mode "644"
notifies :run, "execute[svccfg-import-supervisord]", :immediately
end

execute "svccfg-import-supervisord" do
command "svccfg import /opt/local/share/smf/supervisord/manifest.xml"
action :nothing
end

service "supervisord" do
action [:enable]
end
end we run foodcritic with strict settings on the other hand elasticsearch, rvm, apt great documentation! per-cookbook FC rules
wrapper cookbook + chef-rewind
fork it helps beginners, too foodcritic ChefSpec minitest Vagrant run automatically after each commit or manually before you commit very strict settings: "-Wall -Werror -pedantic" some rules are buggy or don't make sense for us curious about how others do it, we static code analysis tools AKA unit tests: quick and "easy" run automatically after each commit NOT for checking system state integration tests (post-converge) is the service really listening on the port it's supposed to be? resource and
time-intensive start a virtual machine run chef on it check tests we use chef-solo, so search() is untested used to run minitest locally extremely handy for manual cookbook "testing" dramatically shortens development cycle more people, more bugs catch bugs early on no staging environment knife file edit hack on top of knife-file manipulate encrypted data bags in json format open editor with decrypted json encrypt and write to file knife ec2 server from file hack on top of knife-ec2 document the arguments to knife-ec2 commands
in a json file put this in the repo others can use it throwaway nodes monitoring-api No Dedicated Ops Team Ownership Review Training service owned by a team on-call 2 week "boot camp" code practices brown bags Zsolt Dollenstein
zsol@prezi.com
@dzsol Monitoring Sucks! old-school new-school Existing Solutions hard to maintain nagios & co. does not scale well (300+ nodes) *sensu* & co we built something inbetween Internals User Interface Monitoring API Client Backend declaration Ruby DSL with Chef LWRP monitoring 'mem_free' do
script_template "meminfo.sh.erb"
script_cookbook "monitoring"
script_arguments 'available'
alerts [{:minimum => 128000, :severity => :warning}]
end check script #!/bin/bash

echo ${free_mem_in_bytes} contacts {
"contacts": {
"infrastructure-pagerduty": {
"type": "pagerduty",
"args": "infrastructure"
},
"default-hipchat": {
"type": "hipchat",
"alias": "Default HipChat Room Alert",
"args": "System Events"
},
"zsol-email": {
"type": "email",
"args": "zsolt.dollenstein+monitoring@prezi.com"
}
}
} inside a data bag: implements LWRP communicates with API Broker Node Check Node Check Check Check icinga config generator from API pagerduty simple! migrate all things to chef Only developers in the company Operations outsourced attributes cookbook metadata stuff. cookbook metadata stuff. cookbook metadata stuff. cookbook metadata stuff. Role attributes Workflow designed for cloud no experience with them email hipchat graphite get a feel for diversity out of 60 engineers YES for validating ruby logic template for "manufacturing" ec2 nodes easier to grasp
for beginners 1: flow of new users 2: it does not break 3: enable experts
Full transcript