PM
Uploaded byPatrick McDonnell
PDF, PPTX20,270 views

Lessons from Etsy: Avoiding Kitchen Nightmares - #ChefConf 2012

The document outlines best practices for managing Chef environments, emphasizing the importance of testing workflows, documented standards, and tools like Knife plugins and Foodcritic for ensuring code quality. It details various Knife commands for environment management, versioning workflows, and logging mechanisms. The content also highlights specific tools and configurations used by Etsy engineers to improve deployment processes and prevent outages.

Embed presentation

Download as PDF, PPTX
Image Service Outage
postrotate /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
NEVER TEST IN PRODUCTION!
It only takes one tiny mistake
How Do You Enforce This? • Documented standards and communicated best practices • Robust testing workflow • Environments • Knife Plugins • Linting with rules derived from standards • Foodcritic
Testing Workflow
How We Use Environments • Three environments: production, development, testing • Testing is unconstrained • Test nodes are depooled and “flipped” to the testing environment, then repooled and analyzed • Test nodes are then flipped back to production
Working with Environments • knife-flip by Etsy engineer Jon Cowie (https://github.com/jonlives/knife-flip) % knife node flip somenode.etsy.com testing % knife role flip SomeRole testing • knife-bulkchangeenvironment (https://github.com/jonlives/knife- bulkchangeenvironment) % knife node bulk_change_environment testing production
Keeping Environments in Sync • knife-env-diff by Etsy engineer John Goulah • Get it at https://github.com/jgoulah/knife-env-diff % knife environment diff development production diffing environment development against production cookbook: hadoop development version: = 0.1.0 production version: = 0.1.8 cookbook: mysql development version: = 0.2.4 production version: = 0.2.5
Introducing Knife Spork • Knife plugin providing a testing/versioning workflow • Authored by Jon Cowie • Get it at https://github.com/jonlives/knife-spork
Spork Features • Four stage process • Check: Look at versioning info for a cookbook • Bump: Automatically increment the cookbook’s version number • Upload: Knife upload and freeze • Promote: Set environment constraints equal to specified version
git: enabled: true irccat: enabled: true server: irccat.mycompany.com port: 12345 Spork Config channel: "#chef" graphite: enabled: true server: graphite.mycompany.com • /path/to/chef-repo port: 2003 /config/spork-config.yml gist: enabled: true • /etc/spork-config.yml in_chef: true chef_path: cookbooks/gist/files/default/gist • ~/.chef/spork-config.yml path: /usr/bin/gist foodcritic: enabled: true fail_tags: [any] tags: [foo] include_rules: [/home/me/myrules] default_environments: [ production, development ]
% knife spork check foodcritic Checking versions for cookbook foodcritic... Current local version: 0.0.4 Remote versions (Max. 5 most recent only): *0.0.4, frozen 0.0.3, frozen 0.0.2, unfrozen 0.0.1, frozen DANGER: Your local cookbook has same version number as the starred version above! Please bump your local version or you won't be able to upload.
% knife spork bump foodcritic Loaded config file /home/pmcdonnell/git/chef-repo/config/ spork-config.yml... Loaded config file /etc/spork-config.yml... Pulling latest changes from git Pulling latest changes from git submodules (if any) Bumping patch level of the foodcritic cookbook from 0.0.4 to 0.0.5 Git add'ing /home/pmcdonnell/git/chef-repo/cookbooks/ foodcritic/metadata.rb
% knife spork upload foodcritic Loaded config file /home/pmcdonnell/git/chef-repo/config/ spork-config.yml... Loaded config file /etc/spork-config.yml... Uploading and freezing foodcritic [0.0.5] upload complete
% knife spork promote foodcritic --remote Pulling latest changes from git Checking that foodcritic version 0.0.5 exists on the server before promoting (any error means it hasn't been uploaded yet)... foodcritic version 0.0.5 found on server! Environment: production Adding version constraint foodcritic = 0.0.5 Saving changes into production.json Git add'ing /home/pmcdonnell/git/chef-repo/environments/ production.json Uploading production to server
WARNING: You're about to promote changes to several cookbooks: logrotate: = 0.1.24 changed to = 0.1.23 foodcritic: = 0.0.4 changed to = 0.0.5 Are you sure you want to continue? (Y/N) n You said no, so I'm done here. Would you like to reset your local production.json to match the server?? (Y/N) y Git add'ing /home/pmcdonnell/git/chef-repo/environments/ production.json production.json reset.
Spork’s Logging Mechanisms • Irccat: Logs to IRC channel (https://github.com/RJ/irccat) [11:35:33] <irccat> CHEF: pmcdonnell uploaded and froze cookbook ldap version 0.1.27 [11:35:43] <irccat> CHEF: pmcdonnell uploaded environment production https://github.etsycorp.com/gist/376967 [11:35:43] <irccat> CHEF: pmcdonnell uploaded environment development https://github.etsycorp.com/gist/376968 • Graphite: promote --remote sends to deploys.chef metric • Gist: Added to irccat notifications on promote --remote Environment production uploaded at 2012-05-15 18:35:42 UTC by pmcdonnell Constraints updated on server in this version: ldap: = 0.1.26 changed to = 0.1.27
Linting
Foodcritic • A lint tool for Chef cookbooks written by Andrew Crump (http://acrmp.github.com/foodcritic/) • Comes with a good set of default rules and is very easily extensible • To enable in spork config: foodcritic: enabled: true fail_tags: [any] tags: [foo] include_rules: [/home/me/myrules]
Etsy’s Rules • A work in progress, but newly open-sourced at https://github.com/etsy/foodcritic-rules • Our rules are “style”-tagged rules that serve to enforce what we consider to be best practices in our environment • ETSY001 - Package or yum_package resource used with :upgrade action • ETSY002 - Execute resource used to run git commands • ETSY003 - Execute resource used to run curl or wget commands • ETSY004 - Execute resource defined without conditional or action :nothing • ETSY005 - Action :restart sent to a core service
Rule Resulting from Image Outage • ETSY005 - Action :restart sent to a core service • Trippable services include httpd, mysql, memcached, postgresql-server % foodcritic -t etsy -I ~/git/chef-repo/config/rules.rb ~/ git/chef-repo/cookbooks/apache ETSY005: Action :restart sent to a core service: /home/pmcdonnell/git/chef-repo/cookbooks/apache/recipes/ default.rb:39
Rule Resulting from Image Outage 30 template "/etc/httpd/conf/httpd.conf" do 31 source "httpd-conf.erb" 32 owner "root" 33 group "root" 34 mode 00644 35 variables( 36 :fqdn => node[:fqdn], 37 :port => "80" 38 ) 39 notifies :restart, resources(:service => "httpd") 40 end
Memcache Outage
02:27 < jallspaw> [Sat, 10 Jul 2010 01:45:01 +0000] INFO: Upgrading package[memcached] version from 1.4.2-1.fc10 to 1.4.5-1.el5
Don’t leave “known unknowns” lying in wait
Resulting Foodcritic Rule • ETSY001 - Package or yum_package resource used with :upgrade action • Enforces always using :install % foodcritic -t etsy -I ~/git/chef-repo/config/rules.rb ~/ git/chef-repo/cookbooks/memcache ETSY001: Package or yum_package resource used with :upgrade action: /home/pmcdonnell/git/chef-repo/cookbooks/memcache/ recipes/default.rb:20
Resulting Foodcritic Rule 20 package "memcached" do 21 action :upgrade 22 end Changed to: 20 package "memcached" do 21 version "1.4.2-1.fc10" 22 action :install 23 end
Reporting and Monitoring
Using Handlers • Etsy’s handlers (https://github.com/etsy/chef-handlers) • Log failures to IRC [10:52:03] <irccat> Chef run failed on dev-dbtasks01.ny4dev.etsy.com [10:52:03] <irccat> https://github.etsycorp.com/gist/371229 • Graph aggregated metrics with Graphite • Graph chef “deploys”
Graph with Graphite • Metrics reporting made possible by knife-lastrun, authored by John Goulah (https://github.com/jgoulah/knife-lastrun) • Provides a handler and knife plugin for reporting on the most recent chef run, storing data as node attributes • Elapsed, starting, and ending time • Exit code status • Backtrace/exception information
% dsh -g all -c -M 'grep "Chef Run complete in" /var/log/ chef/client.log | head -n 3' 2>&1 | tee /tmp/tee && grep 'Chef Run complete' /tmp/tee | sort -n -k +13 | tail -5 dn0035.doop: [Mon, 14 May 2012 03:21:07 +0000] INFO: Chef Run complete in 512.936813012 seconds dn0004.doop: [Mon, 14 May 2012 04:28:03 +0000] INFO: Chef Run complete in 677.423964906 seconds dn0006.doop: [Mon, 14 May 2012 04:29:51 +0000] INFO: Chef Run complete in 770.231469266 seconds dn0025.doop: [Mon, 14 May 2012 04:26:13 +0000] INFO: Chef Run complete in 787.183615612 seconds dn0030.doop: [Mon, 14 May 2012 04:30:42 +0000] INFO: Chef Run complete in 848.586507872 seconds
Finding Run Time Outliers • Knife doesn’t currently support Lucene’s NumericRangeQuery • Elapsed time is a floating point number, but we can only match it as a string due to query limitations in knife • Work around it with knife search -a
% knife search node 'elapsed:[200 TO 225]' -a lastrun.runtimes.elapsed 4 items found id: cent6-vmtemplate.ny4dev.etsy.com lastrun.runtimes.elapsed: 21.642378406 id: sandboxmisc01.ny4.etsy.com lastrun.runtimes.elapsed: 211.749555 id: smardenfeld.vm.ny4dev.etsy.com lastrun.runtimes.elapsed: 22.184596 id: bob0120.vm.ny4dev.etsy.com lastrun.runtimes.elapsed: 21.348335354
% knife node lastrun sandboxmisc01.ny4.etsy.com Status failed Elapsed Time 211.78604 Start Time 2012-05-15 07:43:18 +0000 End Time 2012-05-15 07:46:50 +0000 Backtrace Omitted for brevity Exception Chef::Exceptions::Package: package[diffutils] (installerz::diffutils line 1) had an error: Yum failed - #<Process::Status: pid 21293 exit 1> - returns: ["yum-dump Repository Error: Cannot retrieve repository metadata (repomd.xml) for repository: PostgreSQL-8.3-x86_64. Please verify its path and try againn"]
What Did Chef Just Do? • chefrecentupdates by Etsy engineer Laurie Denness (https://github.com/lozzd/ChefScripts) % chefrecentupdates ... 1 resources updated in /var/log/chef/client.log-20120505.gz: [Fri, 04 May 2012 17:49:42 +0000] INFO: cookbook_file[/usr/bin/gist] ...
Preventative Measures
Knife Preflight • By Jon Cowie (https://github.com/jonlives/knife-preflight) % knife preflight memcache::datacache Searching for nodes containing memcache::datacache in their expanded run_list... 4 Nodes found datacache03.ny4.etsy.com datacache04.ny4.etsy.com datacache01.ny4.etsy.com datacache02.ny4.etsy.com Searching for roles containing memcache::datacache in their run_list... 1 Roles found Datacache Found 4 nodes and 1 roles using the specified search criteria
Continuous Chef • Using Jenkins and base virtual machine images
“Out-of-Band” Management • dsh (distributed shell) works even if Chef server is down • Etsy’s dsh groups are managed by Chef and generated from the list of nodes corresponding to each role
Configs Bundled with Packages • Be careful with configs distributed with packages overwriting Chef configs • They must be replaced by Chef before restarting services, so watch out for resource order
Jon will be at Velocity! • Workshop: Michelin Starred Cooking with Chef • 11:00am Monday, 06/25/2012 • Topics • Team-wide familiarity and understanding • Critical approach and experimentation with workflows • Plugin writing 101
We’re Hiring! http://www.etsy.com/careers • TONS of engineering positions open! • Especially looking for a talented network engineer; referrals welcome!

More Related Content

PDF
Testable Infrastructure with Chef, Test Kitchen, and Docker
byMandi Walls
 
KEY
Michelin Starred Cooking with Chef
byJon Cowie
 
PPTX
How to Write Chef Cookbook
bydevopsjourney
 
PDF
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
byChef
 
PDF
Environments - Fundamentals Webinar Series Week 5
byChef
 
PDF
Docker Docker Docker Chef
bySean OMeara
 
PDF
SCALE 10x Build a Cloud Day
byChef Software, Inc.
 
PDF
Etsy chef-workflow
byDaniel Schauenberg
 
Testable Infrastructure with Chef, Test Kitchen, and Docker
byMandi Walls
 
Michelin Starred Cooking with Chef
byJon Cowie
 
How to Write Chef Cookbook
bydevopsjourney
 
Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
byChef
 
Environments - Fundamentals Webinar Series Week 5
byChef
 
Docker Docker Docker Chef
bySean OMeara
 
SCALE 10x Build a Cloud Day
byChef Software, Inc.
 
Etsy chef-workflow
byDaniel Schauenberg
 

What's hot

PDF
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
byChef Software, Inc.
 
ODP
Introduction to Chef
byKnoldus Inc.
 
PPTX
Infrastructure Automation with Chef & Ansible
bywajrcs
 
PDF
Chef Fundamentals Training Series Module 2: Workstation Setup
byChef Software, Inc.
 
PDF
Node object and roles - Fundamentals Webinar Series Part 3
byChef
 
PPTX
CLUG 2014-10 - Cookbook CI with Jenkins
byZachary Stevens
 
PDF
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
byChef Software, Inc.
 
PDF
Cloud Automation with Opscode Chef
bySri Ram
 
PDF
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
byChef
 
PPT
Chef, Devops, and You
byBryan Berry
 
PDF
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
byChef Software, Inc.
 
PDF
Test Driven Development with Chef
bySimone Soldateschi
 
PDF
Automating your infrastructure with Chef
byJohn Ewart
 
PDF
Test-Driven Infrastructure with Chef
byMichael Lihs
 
PDF
Infrastructure Automation with Chef
byJonathan Weiss
 
PDF
Common configuration with Data Bags - Fundamentals Webinar Series Part 4
byChef
 
PPTX
Opscode Webinar: Managing Your VMware Infrastructure with Chef
byChef Software, Inc.
 
PDF
The unintended benefits of Chef
byChef Software, Inc.
 
PPTX
Testing for infra code using test-kitchen,docker,chef
bykamalikamj
 
PDF
Automating Large Applications on Modular and Structured Form with Gulp
byAnderson Aguiar
 
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
byChef Software, Inc.
 
Introduction to Chef
byKnoldus Inc.
 
Infrastructure Automation with Chef & Ansible
bywajrcs
 
Chef Fundamentals Training Series Module 2: Workstation Setup
byChef Software, Inc.
 
Node object and roles - Fundamentals Webinar Series Part 3
byChef
 
CLUG 2014-10 - Cookbook CI with Jenkins
byZachary Stevens
 
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
byChef Software, Inc.
 
Cloud Automation with Opscode Chef
bySri Ram
 
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
byChef
 
Chef, Devops, and You
byBryan Berry
 
Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding...
byChef Software, Inc.
 
Test Driven Development with Chef
bySimone Soldateschi
 
Automating your infrastructure with Chef
byJohn Ewart
 
Test-Driven Infrastructure with Chef
byMichael Lihs
 
Infrastructure Automation with Chef
byJonathan Weiss
 
Common configuration with Data Bags - Fundamentals Webinar Series Part 4
byChef
 
Opscode Webinar: Managing Your VMware Infrastructure with Chef
byChef Software, Inc.
 
The unintended benefits of Chef
byChef Software, Inc.
 
Testing for infra code using test-kitchen,docker,chef
bykamalikamj
 
Automating Large Applications on Modular and Structured Form with Gulp
byAnderson Aguiar
 

Similar to Lessons from Etsy: Avoiding Kitchen Nightmares - #ChefConf 2012

PPTX
Chef advance
byRamesh Sencha
 
PDF
Chef basics - write infrastructure as code
bystevaaa
 
PDF
Testing your-automation-code (vagrant version) v0.2
bySylvain Tissot
 
PDF
Testing Your Automation Code (Vagrant Version)
byMischa Taylor
 
PDF
IT Automation with Chef
byAnuchit Chalothorn
 
PDF
Cook like a Chef
byIan Yang
 
PPTX
Chef Jumpstart
byKimball Johnson
 
PDF
Chef
byWill Sterling
 
PDF
Cheffing Etsy - Do too many cooks spoil the soup?
byJon Cowie
 
PDF
Introduction to chef framework
bymorgoth
 
KEY
SELF 2011: Deploying Django Application Stacks with Chef
byChef Software, Inc.
 
PPTX
Chef advance
byRamesh Sencha
 
PDF
Chef at Etsy
byJon Cowie
 
PDF
Chef 0.10 Overview
byMatt Ray
 
PDF
Testing Your Automation Code (Docker Version)
byMischa Taylor
 
PPTX
Kickstarter - Chef Opswork
byHamza Waqas
 
PDF
Introduction to Cooking with Chef
byJohn Osborne
 
PDF
Chef or how to make computers do the work for us
bysickill
 
PDF
Dive into Chef
byEduardo Scarpellini
 
PDF
Chef 11 Preview/Chef for OpenStack
byMatt Ray
 
Chef advance
byRamesh Sencha
 
Chef basics - write infrastructure as code
bystevaaa
 
Testing your-automation-code (vagrant version) v0.2
bySylvain Tissot
 
Testing Your Automation Code (Vagrant Version)
byMischa Taylor
 
IT Automation with Chef
byAnuchit Chalothorn
 
Cook like a Chef
byIan Yang
 
Chef Jumpstart
byKimball Johnson
 
Chef
byWill Sterling
 
Cheffing Etsy - Do too many cooks spoil the soup?
byJon Cowie
 
Introduction to chef framework
bymorgoth
 
SELF 2011: Deploying Django Application Stacks with Chef
byChef Software, Inc.
 
Chef advance
byRamesh Sencha
 
Chef at Etsy
byJon Cowie
 
Chef 0.10 Overview
byMatt Ray
 
Testing Your Automation Code (Docker Version)
byMischa Taylor
 
Kickstarter - Chef Opswork
byHamza Waqas
 
Introduction to Cooking with Chef
byJohn Osborne
 
Chef or how to make computers do the work for us
bysickill
 
Dive into Chef
byEduardo Scarpellini
 
Chef 11 Preview/Chef for OpenStack
byMatt Ray
 

Recently uploaded

PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
December Patch Tuesday
byIvanti
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
December Patch Tuesday
byIvanti
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
API-First Architecture in Financial Systems
bycyy111112
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 

Lessons from Etsy: Avoiding Kitchen Nightmares - #ChefConf 2012

  • 2.
  • 3.
    postrotate /bin/kill-HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
  • 4.
  • 5.
    It only takes onetiny mistake
  • 6.
    How Do YouEnforce This? • Documented standards and communicated best practices • Robust testing workflow • Environments • Knife Plugins • Linting with rules derived from standards • Foodcritic
  • 7.
  • 8.
    How We UseEnvironments • Three environments: production, development, testing • Testing is unconstrained • Test nodes are depooled and “flipped” to the testing environment, then repooled and analyzed • Test nodes are then flipped back to production
  • 9.
    Working with Environments • knife-flip by Etsy engineer Jon Cowie (https://github.com/jonlives/knife-flip) % knife node flip somenode.etsy.com testing % knife role flip SomeRole testing • knife-bulkchangeenvironment (https://github.com/jonlives/knife- bulkchangeenvironment) % knife node bulk_change_environment testing production
  • 10.
    Keeping Environments inSync • knife-env-diff by Etsy engineer John Goulah • Get it at https://github.com/jgoulah/knife-env-diff % knife environment diff development production diffing environment development against production cookbook: hadoop development version: = 0.1.0 production version: = 0.1.8 cookbook: mysql development version: = 0.2.4 production version: = 0.2.5
  • 11.
    Introducing Knife Spork • Knife plugin providing a testing/versioning workflow • Authored by Jon Cowie • Get it at https://github.com/jonlives/knife-spork
  • 12.
    Spork Features • Four stage process • Check: Look at versioning info for a cookbook • Bump: Automatically increment the cookbook’s version number • Upload: Knife upload and freeze • Promote: Set environment constraints equal to specified version
  • 13.
    git: enabled: true irccat: enabled: true server: irccat.mycompany.com port: 12345 Spork Config channel: "#chef" graphite: enabled: true server: graphite.mycompany.com • /path/to/chef-repo port: 2003 /config/spork-config.yml gist: enabled: true • /etc/spork-config.yml in_chef: true chef_path: cookbooks/gist/files/default/gist • ~/.chef/spork-config.yml path: /usr/bin/gist foodcritic: enabled: true fail_tags: [any] tags: [foo] include_rules: [/home/me/myrules] default_environments: [ production, development ]
  • 14.
    % knife sporkcheck foodcritic Checking versions for cookbook foodcritic... Current local version: 0.0.4 Remote versions (Max. 5 most recent only): *0.0.4, frozen 0.0.3, frozen 0.0.2, unfrozen 0.0.1, frozen DANGER: Your local cookbook has same version number as the starred version above! Please bump your local version or you won't be able to upload.
  • 15.
    % knife sporkbump foodcritic Loaded config file /home/pmcdonnell/git/chef-repo/config/ spork-config.yml... Loaded config file /etc/spork-config.yml... Pulling latest changes from git Pulling latest changes from git submodules (if any) Bumping patch level of the foodcritic cookbook from 0.0.4 to 0.0.5 Git add'ing /home/pmcdonnell/git/chef-repo/cookbooks/ foodcritic/metadata.rb
  • 16.
    % knife sporkupload foodcritic Loaded config file /home/pmcdonnell/git/chef-repo/config/ spork-config.yml... Loaded config file /etc/spork-config.yml... Uploading and freezing foodcritic [0.0.5] upload complete
  • 17.
    % knife sporkpromote foodcritic --remote Pulling latest changes from git Checking that foodcritic version 0.0.5 exists on the server before promoting (any error means it hasn't been uploaded yet)... foodcritic version 0.0.5 found on server! Environment: production Adding version constraint foodcritic = 0.0.5 Saving changes into production.json Git add'ing /home/pmcdonnell/git/chef-repo/environments/ production.json Uploading production to server
  • 18.
    WARNING: You're aboutto promote changes to several cookbooks: logrotate: = 0.1.24 changed to = 0.1.23 foodcritic: = 0.0.4 changed to = 0.0.5 Are you sure you want to continue? (Y/N) n You said no, so I'm done here. Would you like to reset your local production.json to match the server?? (Y/N) y Git add'ing /home/pmcdonnell/git/chef-repo/environments/ production.json production.json reset.
  • 19.
    Spork’s Logging Mechanisms • Irccat: Logs to IRC channel (https://github.com/RJ/irccat) [11:35:33] <irccat> CHEF: pmcdonnell uploaded and froze cookbook ldap version 0.1.27 [11:35:43] <irccat> CHEF: pmcdonnell uploaded environment production https://github.etsycorp.com/gist/376967 [11:35:43] <irccat> CHEF: pmcdonnell uploaded environment development https://github.etsycorp.com/gist/376968 • Graphite: promote --remote sends to deploys.chef metric • Gist: Added to irccat notifications on promote --remote Environment production uploaded at 2012-05-15 18:35:42 UTC by pmcdonnell Constraints updated on server in this version: ldap: = 0.1.26 changed to = 0.1.27
  • 20.
  • 21.
    Foodcritic • A lint tool for Chef cookbooks written by Andrew Crump (http://acrmp.github.com/foodcritic/) • Comes with a good set of default rules and is very easily extensible • To enable in spork config: foodcritic: enabled: true fail_tags: [any] tags: [foo] include_rules: [/home/me/myrules]
  • 22.
    Etsy’s Rules • A work in progress, but newly open-sourced at https://github.com/etsy/foodcritic-rules • Our rules are “style”-tagged rules that serve to enforce what we consider to be best practices in our environment • ETSY001 - Package or yum_package resource used with :upgrade action • ETSY002 - Execute resource used to run git commands • ETSY003 - Execute resource used to run curl or wget commands • ETSY004 - Execute resource defined without conditional or action :nothing • ETSY005 - Action :restart sent to a core service
  • 23.
    Rule Resulting fromImage Outage • ETSY005 - Action :restart sent to a core service • Trippable services include httpd, mysql, memcached, postgresql-server % foodcritic -t etsy -I ~/git/chef-repo/config/rules.rb ~/ git/chef-repo/cookbooks/apache ETSY005: Action :restart sent to a core service: /home/pmcdonnell/git/chef-repo/cookbooks/apache/recipes/ default.rb:39
  • 24.
    Rule Resulting fromImage Outage 30 template "/etc/httpd/conf/httpd.conf" do 31 source "httpd-conf.erb" 32 owner "root" 33 group "root" 34 mode 00644 35 variables( 36 :fqdn => node[:fqdn], 37 :port => "80" 38 ) 39 notifies :restart, resources(:service => "httpd") 40 end
  • 25.
  • 26.
    02:27 < jallspaw>[Sat, 10 Jul 2010 01:45:01 +0000] INFO: Upgrading package[memcached] version from 1.4.2-1.fc10 to 1.4.5-1.el5
  • 27.
  • 28.
    Resulting Foodcritic Rule • ETSY001 - Package or yum_package resource used with :upgrade action • Enforces always using :install % foodcritic -t etsy -I ~/git/chef-repo/config/rules.rb ~/ git/chef-repo/cookbooks/memcache ETSY001: Package or yum_package resource used with :upgrade action: /home/pmcdonnell/git/chef-repo/cookbooks/memcache/ recipes/default.rb:20
  • 29.
    Resulting Foodcritic Rule 20package "memcached" do 21 action :upgrade 22 end Changed to: 20 package "memcached" do 21 version "1.4.2-1.fc10" 22 action :install 23 end
  • 30.
  • 31.
    Using Handlers • Etsy’s handlers (https://github.com/etsy/chef-handlers) • Log failures to IRC [10:52:03] <irccat> Chef run failed on dev-dbtasks01.ny4dev.etsy.com [10:52:03] <irccat> https://github.etsycorp.com/gist/371229 • Graph aggregated metrics with Graphite • Graph chef “deploys”
  • 32.
    Graph with Graphite • Metrics reporting made possible by knife-lastrun, authored by John Goulah (https://github.com/jgoulah/knife-lastrun) • Provides a handler and knife plugin for reporting on the most recent chef run, storing data as node attributes • Elapsed, starting, and ending time • Exit code status • Backtrace/exception information
  • 35.
    % dsh -gall -c -M 'grep "Chef Run complete in" /var/log/ chef/client.log | head -n 3' 2>&1 | tee /tmp/tee && grep 'Chef Run complete' /tmp/tee | sort -n -k +13 | tail -5 dn0035.doop: [Mon, 14 May 2012 03:21:07 +0000] INFO: Chef Run complete in 512.936813012 seconds dn0004.doop: [Mon, 14 May 2012 04:28:03 +0000] INFO: Chef Run complete in 677.423964906 seconds dn0006.doop: [Mon, 14 May 2012 04:29:51 +0000] INFO: Chef Run complete in 770.231469266 seconds dn0025.doop: [Mon, 14 May 2012 04:26:13 +0000] INFO: Chef Run complete in 787.183615612 seconds dn0030.doop: [Mon, 14 May 2012 04:30:42 +0000] INFO: Chef Run complete in 848.586507872 seconds
  • 40.
    Finding Run TimeOutliers • Knife doesn’t currently support Lucene’s NumericRangeQuery • Elapsed time is a floating point number, but we can only match it as a string due to query limitations in knife • Work around it with knife search -a
  • 41.
    % knife searchnode 'elapsed:[200 TO 225]' -a lastrun.runtimes.elapsed 4 items found id: cent6-vmtemplate.ny4dev.etsy.com lastrun.runtimes.elapsed: 21.642378406 id: sandboxmisc01.ny4.etsy.com lastrun.runtimes.elapsed: 211.749555 id: smardenfeld.vm.ny4dev.etsy.com lastrun.runtimes.elapsed: 22.184596 id: bob0120.vm.ny4dev.etsy.com lastrun.runtimes.elapsed: 21.348335354
  • 42.
    % knife nodelastrun sandboxmisc01.ny4.etsy.com Status failed Elapsed Time 211.78604 Start Time 2012-05-15 07:43:18 +0000 End Time 2012-05-15 07:46:50 +0000 Backtrace Omitted for brevity Exception Chef::Exceptions::Package: package[diffutils] (installerz::diffutils line 1) had an error: Yum failed - #<Process::Status: pid 21293 exit 1> - returns: ["yum-dump Repository Error: Cannot retrieve repository metadata (repomd.xml) for repository: PostgreSQL-8.3-x86_64. Please verify its path and try againn"]
  • 43.
    What Did ChefJust Do? • chefrecentupdates by Etsy engineer Laurie Denness (https://github.com/lozzd/ChefScripts) % chefrecentupdates ... 1 resources updated in /var/log/chef/client.log-20120505.gz: [Fri, 04 May 2012 17:49:42 +0000] INFO: cookbook_file[/usr/bin/gist] ...
  • 44.
  • 45.
    Knife Preflight • By Jon Cowie (https://github.com/jonlives/knife-preflight) % knife preflight memcache::datacache Searching for nodes containing memcache::datacache in their expanded run_list... 4 Nodes found datacache03.ny4.etsy.com datacache04.ny4.etsy.com datacache01.ny4.etsy.com datacache02.ny4.etsy.com Searching for roles containing memcache::datacache in their run_list... 1 Roles found Datacache Found 4 nodes and 1 roles using the specified search criteria
  • 46.
    Continuous Chef • Using Jenkins and base virtual machine images
  • 47.
    “Out-of-Band” Management • dsh (distributed shell) works even if Chef server is down • Etsy’s dsh groups are managed by Chef and generated from the list of nodes corresponding to each role
  • 48.
    Configs Bundled withPackages • Be careful with configs distributed with packages overwriting Chef configs • They must be replaced by Chef before restarting services, so watch out for resource order
  • 49.
    Jon will beat Velocity! • Workshop: Michelin Starred Cooking with Chef • 11:00am Monday, 06/25/2012 • Topics • Team-wide familiarity and understanding • Critical approach and experimentation with workflows • Plugin writing 101
  • 50.
    We’re Hiring! http://www.etsy.com/careers • TONS of engineering positions open! • Especially looking for a talented network engineer; referrals welcome!