• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
ChefConf 2013: Beginner Chef Antipatterns
 

ChefConf 2013: Beginner Chef Antipatterns

on

  • 10,474 views

A presentation I gave at Opscode's ChefConf 2013.

A presentation I gave at Opscode's ChefConf 2013.

Statistics

Views

Total Views
10,474
Views on SlideShare
7,478
Embed Views
2,996

Actions

Likes
29
Downloads
109
Comments
0

6 Embeds 2,996

http://www.getchef.com 1440
http://www.opscode.com 1352
https://twitter.com 135
http://domaintest001.com 63
http://maoe.hatenadiary.jp 4
http://192.168.6.184 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    ChefConf 2013: Beginner Chef Antipatterns ChefConf 2013: Beginner Chef Antipatterns Presentation Transcript

    • Beginner Chef AntipatternsJulian C. DunnSenior ConsultantOpscode, Inc.Wednesday, May 1, 13
    • I learned Chef the hard wayWednesday, May 1, 13
    • Chef can have a steep learning curveFlickr user: chesterbrWednesday, May 1, 13
    • ... which we try to mitigate• learnchef.com• docs.opscode.com• Opscode Public/Privatetraining classes• Podcasts (Food Fight Show,etc.)• Local user groups• ChefConf! (and the hallwaytrack)Wednesday, May 1, 13
    • Still, it’s hard to knowwhen you’re doingthings right.Wednesday, May 1, 13
    • Even harder to know when you’re doingsomething wrong.Wednesday, May 1, 13
    • “Best practices” in the communityare evolving all the time.Wednesday, May 1, 13
    • • “I would have liked to see more about best practices ... [o]urinstructor had to go ‘off topic’ to explain some common pitfalls.”- feedback from Chef 2-Day FundamentalsWednesday, May 1, 13
    • This talk will give you some best practices to makeyou a Master Chef quickly.Wednesday, May 1, 13
    • Number one ruleWednesday, May 1, 13
    • Wednesday, May 1, 13
    • Nothing replaces good advance planningWednesday, May 1, 13
    • Advance planningWednesday, May 1, 13
    • Advance planning• Plan in advance:Wednesday, May 1, 13
    • Advance planning• Plan in advance:• What cookbooks you’re going to haveWednesday, May 1, 13
    • Advance planning• Plan in advance:• What cookbooks you’re going to have• What recipesWednesday, May 1, 13
    • Advance planning• Plan in advance:• What cookbooks you’re going to have• What recipes• Roles and their namesWednesday, May 1, 13
    • Advance planning• Plan in advance:• What cookbooks you’re going to have• What recipes• Roles and their names• How many environmentsWednesday, May 1, 13
    • Advance planning• Plan in advance:• What cookbooks you’re going to have• What recipes• Roles and their names• How many environments• Clusters within those environmentsWednesday, May 1, 13
    • Advance planning• Plan in advance:• What cookbooks you’re going to have• What recipes• Roles and their names• How many environments• Clusters within those environments• Data bag hierarchy & naming, data bag item structureWednesday, May 1, 13
    • Advance planning• Plan in advance:• What cookbooks you’re going to have• What recipes• Roles and their names• How many environments• Clusters within those environments• Data bag hierarchy & naming, data bag item structure• BTW, if you want to go blind: www.textfiles.com/underconstruction/Wednesday, May 1, 13
    • The Top Ten List ofAntipatternsWednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repogit://github.com/yourcompany/chef-repo.gitWednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repogit://github.com/yourcompany/chef-repo.gitWhy is this bad?Wednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repo• Mixing temporal data (environments, roles) withversioned data (cookbooks)• Git philosophy: One Git repo for each thing you’reversioning independently• Don’t be afraid of more Git repos!Wednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repoBetter:Wednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repogit://github.com/yourcompany/chef-data.gitBetter:Wednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repogit://github.com/yourcompany/chef-data.gitBetter:git://github.com/yourcompany-cookbooks/foo.gitWednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repoMore reasons to do this:Wednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repogit remote add upstream git://github.com/whatevs/upstream.gitgit fetch upstreamgit merge upstream/masterMore reasons to do this:Wednesday, May 1, 13
    • 10. The Giant Git repo for your chef-repogit remote add upstream git://github.com/whatevs/upstream.gitgit fetch upstreamgit merge upstream/masterMore reasons to do this:Also, easy to open-source yourcookbooks just by tweaking ACLWednesday, May 1, 13
    • 9. The one giant cookbook for your companygit://github.com/yourcompany-cookbooks/yourco.gitWednesday, May 1, 13
    • 9. The one giant cookbook for your companygit://github.com/yourcompany-cookbooks/yourco.gitWhy is this bad?Wednesday, May 1, 13
    • 9. The one giant cookbook for your companyFlickr user: ctbtoWednesday, May 1, 13
    • 9. The one giant cookbook for your company• Chef cookbooks configure a top-level serviceFlickr user: ctbtoWednesday, May 1, 13
    • 9. The one giant cookbook for your company• Chef cookbooks configure a top-level service• The Giant Cookbook mixes & matches thingsthat don’t go with one anotherFlickr user: ctbtoWednesday, May 1, 13
    • 9. The one giant cookbook for your company• Chef cookbooks configure a top-level service• The Giant Cookbook mixes & matches thingsthat don’t go with one another• Big blast radius on changes to recipes: leads toaccidentsFlickr user: ctbtoWednesday, May 1, 13
    • 9. The one giant cookbook for your companyRather than:+ cookbooks+ yourcompany+ recipes|+- mainsite-apache-virtualhost.rb+- anothersite-apache-virtualhost.rb+- spring-properties.rbWednesday, May 1, 13
    • 9. The one giant cookbook for your companyThis:+ cookbooks+ mainsite| + recipes| +- apache-virtualhost.rb|+ anothersite| + recipes| +- apache-virtualhost.rb|+ springproperties+ recipes+- properties.rbWednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environmentWednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environment• Environments are a logical concept, mapping to youractual environmentsWednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environment• Environments are a logical concept, mapping to youractual environments• Don’t be tempted to overload them as “cluster name”or “data center name” though!Wednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environmentmongos = search(:node, “role:mongodb ANDchef_environment:#{node.chef_environment}”)Wednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environmentmongos = search(:node, “role:mongodb ANDchef_environment:#{node.chef_environment}”)Might not be enough if you have morethan one MongoDB cluster in the“production” environmentWednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environmentBetter:Wednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environmentnode.set[‘mongodb’][‘cluster_name’] =‘mongocluster1’mongos = search(:node, “role:mongodb ANDchef_environment:#{node.chef_environment} ANDmongodb.cluster_name=#{node[‘mongodb’][‘cluster_name’]}”)Better:Wednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environmentEven Better:Wednesday, May 1, 13
    • 8. Using Chef Environments for more than just logical environmentnode.set[‘globals’][‘data_center’] = ‘portlandia’node.set[‘mongodb’][‘cluster_name’] =‘mongocluster1’mongos = search(:node, “role:mongodb ANDchef_environment:#{node.chef_environment} ANDmongodb.cluster_name=#{node[‘mongodb’][‘cluster_name’]} ANDglobals.data_center=#{node[‘globals’][‘data_center’]}”)Even Better:Wednesday, May 1, 13
    • 7. Forking community cookbooksWednesday, May 1, 13
    • 7. Forking community cookbooks• Opscode maintains ~130cookbooksWednesday, May 1, 13
    • 7. Forking community cookbooks• Opscode maintains ~130cookbooks• Others out there are also reallygreat & well-maintained(Redis, MongoDB)Wednesday, May 1, 13
    • 7. Forking community cookbooks• Opscode maintains ~130cookbooks• Others out there are also reallygreat & well-maintained(Redis, MongoDB)• Resist the temptation to forkcookbooks!Wednesday, May 1, 13
    • 7. Forking community cookbooks• Opscode maintains ~130cookbooks• Others out there are also reallygreat & well-maintained(Redis, MongoDB)• Resist the temptation to forkcookbooks!• You won’t get the benefit ofupstream bugfixes &enhancementsWednesday, May 1, 13
    • 7. Forking community cookbooks• Rather, use application/library cookbook pattern to overlay your changes (thanks,Bryan Berry)• Example: SecondMarket’s “wrapper” PostgreSQL cookbookWednesday, May 1, 13
    • 7. Forking community cookbooks• Rather, use application/library cookbook pattern to overlay your changes (thanks,Bryan Berry)• Example: SecondMarket’s “wrapper” PostgreSQL cookbooksmpostgresql/recipes/server.rb:See: github.com/secondmarket-cookbooks/smpostgresql.gitWednesday, May 1, 13
    • 6. Run list in rolesWednesday, May 1, 13
    • 6. Run list in roles• Controversial, I know!Wednesday, May 1, 13
    • 6. Run list in roles• Controversial, I know!• Opscode’s own training material says to put run listsin rolesWednesday, May 1, 13
    • 6. Run list in roles• Controversial, I know!• Opscode’s own training material says to put run listsin roles• But... roles aren’t versioned. Anyway, they aretemporal data.Wednesday, May 1, 13
    • 6. Run list in roles• Controversial, I know!• Opscode’s own training material says to put run listsin roles• But... roles aren’t versioned. Anyway, they aretemporal data.• Hard to deploy run_list changes in a role acrossenvironments without the “nuclear” optionWednesday, May 1, 13
    • 6. Run list in rolesInstead of:Wednesday, May 1, 13
    • 6. Run list in roles"run_list": ["recipe[selinux::permissive]","recipe[rsyslog]","recipe[chef-client::config]","recipe[chef-client::service]","recipe[chef-client::delete_validation]","recipe[openssh::iptables]"]Instead of:Wednesday, May 1, 13
    • 6. Run list in roles"run_list": ["recipe[selinux::permissive]","recipe[rsyslog]","recipe[chef-client::config]","recipe[chef-client::service]","recipe[chef-client::delete_validation]","recipe[openssh::iptables]"]Instead of:Do:Wednesday, May 1, 13
    • 6. Run list in roles"run_list": ["recipe[selinux::permissive]","recipe[rsyslog]","recipe[chef-client::config]","recipe[chef-client::service]","recipe[chef-client::delete_validation]","recipe[openssh::iptables]"]Instead of:% knife cookbook create roles% vi roles/base.rb“run_list”: [ “recipe[roles::base]” ]Do:Wednesday, May 1, 13
    • 6. Run list in rolesroles/recipes/base.rb:Wednesday, May 1, 13
    • 6. Run list in rolesinclude_recipe “selinux::permissive"include_recipe “rsyslog”include_recipe “chef-client::config”include_recipe “chef-client::service”include_recipe “chef-client::delete_validation”include_recipe “openssh::iptables”roles/recipes/base.rb:Wednesday, May 1, 13
    • 6. Run list in rolesinclude_recipe “selinux::permissive"include_recipe “rsyslog”include_recipe “chef-client::config”include_recipe “chef-client::service”include_recipe “chef-client::delete_validation”include_recipe “openssh::iptables”roles/recipes/base.rb:• Write conditionals around these too if you want• Or set role attributes in the recipeWednesday, May 1, 13
    • 5. Disorganized data bags• Remember what I said aboutpre-planning?Flickr user: macsurakWednesday, May 1, 13
    • 5. Disorganized data bagsWednesday, May 1, 13
    • 5. Disorganized data bagsWednesday, May 1, 13
    • 5. Disorganized data bags• Only have two-levels (data bag, and then data bagitem) to work with, so plan ahead!Wednesday, May 1, 13
    • 5. Disorganized data bags• Only have two-levels (data bag, and then data bagitem) to work with, so plan ahead!• Avoid making data bag items enormous JSONhashes - keep them small for performanceWednesday, May 1, 13
    • 5. Disorganized data bags• Only have two-levels (data bag, and then data bagitem) to work with, so plan ahead!• Avoid making data bag items enormous JSONhashes - keep them small for performance• 8 KB JSON x 4 Chef runs/h x 1000 nodes = 5.38GB/week!Wednesday, May 1, 13
    • 4. Not knowing about or using the chef-shellFlickr user: blueridgekittiesWednesday, May 1, 13
    • 4. Not knowing about or using the chef-shell• Chef-Shell (formerlyShef): One of the mostunder-utilized tools!• IRB (Interactive Ruby) +Chef primitives• Cookbook development• Production debuggingFlickr user: blueridgekittiesWednesday, May 1, 13
    • 4. Not knowing about or using the chef-shellWednesday, May 1, 13
    • 4. Not knowing about or using the chef-shellWednesday, May 1, 13
    • 29: <% @members.each do |member| -%>30: <%= member[hostname] %> IN CNAME<%= member[ec2][public_hostname] %>.31: <% end -%>4. Not knowing about or using the chef-shellWednesday, May 1, 13
    • 4. Not knowing about or using the chef-shell[jdunn@dns1 ~]$ chef-shell -zloading configuration: /etc/chef/client.rbSession type: client..chef > echo offchef > members = search(node, "domain:epicfail.com")chef > members.each do |m|chef > pp "#{m[hostname]}, #{m[ec2][public_hostname]}"chef ?> end"host1, ec2-50-17-43-13.compute-1.amazonaws.com""host37, ec2-23-23-145-243.compute-1.amazonaws.com""host3, "NoMethodError: undefined method `[] for nil:NilClassWednesday, May 1, 13
    • 4. Not knowing about or using the chef-shell• Way more stuff than this• Check out my Slideshare deck: slideshare.net/JulianDunn/an-introduction-to-shef-the-chef-shell• Chef Shell will save you time, guaranteed!Wednesday, May 1, 13
    • 3. Who’s Afraid of the Big Bad LWRP• Myth: LWRPs are hard to write!You need to know Ruby!Flickr user: edenpicturesWednesday, May 1, 13
    • catmacros.wordpress.comWednesday, May 1, 13
    • 3. Who’s Afraid of the Big Bad LWRP• Use inline resources• Basic Ruby classes and methods go a long way(Array, Hash, String, etc.)• The LWRP framework is ... lightweight and does alot for youFlickr user: emawebdesignWednesday, May 1, 13
    • 3. Who’s Afraid of the Big Bad LWRPcookbooks/mouse/recipes/default.rbmouse “Itchy” dosays “Ow, Scratchy cut off my tail”tail falseaction :sayendWednesday, May 1, 13
    • 3. Who’s Afraid of the Big Bad LWRPcookbooks/mouse/resources/default.rbactions :sayattribute :given_name, :name_attribute => trueattribute :phrase, :default => “squeak”attribute :tail, :default => true, :kind_of => [TrueClass, FalseClass]cookbooks/mouse/providers/default.rbaction :say dolog “My name is #{new_resource.given_name}”log new_resource.phrase unless new_resource.phrase =~ /^squeak$/log “I #{new_resource.tail ? ‘do’ : ‘do not’ } have a tailendWednesday, May 1, 13
    • See, it’s that easy!Wednesday, May 1, 13
    • 2. “Not Invented Here” Syndrome• Bias against using other people’s code/libraries/cookbooks• Temptation to write your own bespoke cookbook• Instead, do your research, find the best one, and useit in a library/application cookbook pattern• Contribute improvements/changes backWednesday, May 1, 13
    • #1 Chef Antipattern...Wednesday, May 1, 13
    • Being the only Chef in your shopWednesday, May 1, 13
    • 1. The Lone Wolf Chef• Bus/truck factor of 1• Chef configures applications• Developers know applications better than you• Get them involved in writing & maintainingcookbooks• Then, everyone is responsible for production-readiness!Wednesday, May 1, 13
    • Recap: Top Ten List of Antipatterns• The one giant Git repo for all Chef data• The one giant cookbook named after your company• Using Chef Environments for more than just logical environment• Forking community cookbooks• Maintaining the run list in your role• Disorganized data bags• Not knowing about or using the chef-shell• Being afraid of LWRPs• Not Invented Here Syndrome• The Lone Wolf ChefWednesday, May 1, 13
    • Thanks!@julian_dunngithub.com/juliandunnjdunn@opscode.comWe’re hiring like gangbusters! opscode.com/careersWednesday, May 1, 13