How SmartLogic Uses Chef-Dan Ivovich

How$We$Use$Chef$(currently)
By#Dan#Ivovich
January'21,'2015
LAX$Internal$Conf

Chef%can%be%hard%to%wrap%your%head%around

Automa'ons*can*go*horribly*wrong

But$without$Chef
This%is%your%server%infrastructure

I've%given%talks%about%what%Chef%is%and%how%Chef%
works
But$it$is$hard$to$cover$all$of$Chef$thoroughly

So#Let's#Get#Prac%cal
How$do$we$use$Chef$today$at$SmartLogic?

Consider)this)app)Wuphf
If#you#send#a#Wuphf,#the#message#goes#to#the#
recipients'#home#phone,#cell#phone,#email,#Facebook,#
twi<er,#fax#and#homescreen#at#the#same#>me.

Wuphf&Tech&Stack
1. Rails(App((Unicorn)
2. Nginx
3. Amazon(S3,(Twi=er,(Facebook,(and(Twilio(tokens
4. Redis
5. Sidekiq
6. Postgresql

How$do$we$use$the$tool$to$minimize$
diﬀerences$between$environments?
Your%server%cluster%is%all%about%coordina1on

Infrastructure+Considera0ons
1. Staging)is)a)single)VM
2. Beta)is)a)web/worker)VM)and)a)DB)VM
3. Produc=on)has)web,)worker,)and)DB)VMs

Chef%Setup%(Berksﬁle)
source 'https://supermarket.getchef.com'
cookbook 'annoyances', '~> 0.0.2'
cookbook 'build-essential'
cookbook 'firewall', '>= 0.8'
cookbook 'git', '~> 3.0'
cookbook 'hostname', '~> 0.0.4'
cookbook 'hostsfile', '~> 1.0'
cookbook 'imagemagick', '~> 0.2'
cookbook 'monit', '~> 0.7'
cookbook 'mysql'
cookbook 'newrelic'
cookbook 'nginx', '~> 2.7'
cookbook 'openssl', '~> 1.1'
cookbook 'openssh', '~> 1.2'
cookbook 'postgresql', '~> 3.4'
cookbook 'rbenv'
cookbook 'redisio', '~> 1.4'
cookbook 'sudo', '~> 1.1'
cookbook 'ufw'
cookbook 'users_solo', '~> 1.0'
cookbook 'xml'
cookbook 'github_keys', github: 'smartlogic/github_keys-cookbook'
cookbook 'wuphf', path: './site-cookbooks/wuphf'

One$Chef$Cookbook$to$RULE$THEM$ALL
cookbook 'wuphf', path: './site-cookbooks/wuphf'
Place&all&the&work&our&app&needs&done&in&a&single&
cookbook&with&recipies&for&each&major&component
1. wuphf::setup
2. wuphf::db
3. wuphf::redis
4. wuphf::web
5. wuphf::app
6. wuphf::worker
We#can#use#these#recipes#in#each#environment#as#we#
need#to.

The$recipe$for$your$app$can$be$very$simple
What%do%those%recipes%look%like?

wuphf::setup
Do#the#work#that#needs#to#happen#on#every#server#we#
set#up

wuphf::setup
Hostname)and)hosts)ﬁle
include_recipe 'hostname'
hostsfile_entry '127.0.0.1' do
hostname "#{node['fqdn']} #{node['hostname']} localhost"
end
(node['wuphf']['hosts'] || {}).each_pair do |name, ip|
hostsfile_entry ip do
hostname name
end
end

wuphf::setup
Compile(dependencies,(ssl,(ssh,(sudo(setup
include_recipe 'build-essential'
include_recipe 'openssl'
include_recipe 'openssh'
include_recipe 'sudo'
Admin&accounts,&ssh&keys,&ﬁrewall&rules
include_recipe 'users_solo::admins'
include_recipe 'github_keys'
include_recipe 'ufw'

wuphf::db
Setup&and&conﬁgure&a&database&server

wuphf::db
Make%sure%setup%has%run
include_recipe 'wuphf::setup'
Install'the'db'server'so/ware,'add2ons,'and'tuning
include_recipe 'postgresql::server'
include_recipe 'postgresql::contrib'
include_recipe 'postgresql::ruby'
include_recipe 'postgresql::config_pgtune'

wuphf::db
Make%sure%the%applica/on%database%user%and%schema%
exists
connection_info = {
:host => "127.0.0.1",
:port => 5432,
:username => 'postgres',
:password => node['postgresql']['password']['postgres']
}
postgresql_database_user node['wuphf']['database_user'] do
connection connection_info
password node['wuphf']['database_password']
action :create
end
postgresql_database node['wuphf']['database'] do
connection connection_info
encoding 'UTF8'
owner node['wuphf']['database_user']
action :create
end

wuphf::redis
Setup&a&redis&server

wuphf::redis
Install'the'redis'and'enable'it,'install'monit'for'
monitoring
include_recipe 'redisio::install'
include_recipe 'redisio::enable'
include_recipe 'monit'

wuphf::web
Setup&Nginx&web&server&components

wuphf::web
Install'Nginx'from'the'repository,'and'monit'so'we'
can'monitor'it
include_recipe 'nginx::repo'
include_recipe 'nginx'

wuphf::app
Setup&the&applica,on&core

wuphf::app
Install'client'libraries'needed'and'monitoring
include_recipe 'postgresql::client'

wuphf::app
Install'applica+on'ruby'and'setup'folder'structure
include_recipe 'wuphf::ruby'
include_recipe 'wuphf::app_env'
Install'applica+on'dependencies
include_recipe 'xml'
include_recipe 'imagemagick'
include_recipe 'nodejs'

wuphf::app
Rotate&your&logs
package "logrotate"
template "/etc/logrotate.d/wuphf_unicorn" do
source "unicorn_logrotate.erb"
mode "0644"
owner 'root'
group 'root'
variables(
:log_paths => [
"#{node['wuphf']['deploy_to']}/shared/log/#{node['wuphf']['environment']}.log",
"#{node['wuphf']['deploy_to']}/shared/log/unicorn.log"
],
:pid_path => "#{node['wuphf']['deploy_to']}/shared/tmp/pids/unicorn.pid"
)
end

WOAH!&Two&new&recipes!
1. wuphf::ruby
2. wuphf::app_env

wuphf::ruby
Setup&Ruby&and&Install&Bundler
include_recipe 'rbenv'
include_recipe 'rbenv::ruby_build'
rbenv_ruby node['wuphf']['ruby_version']
rbenv_gem "bundler" do
ruby_version node['wuphf']['ruby_version']
end

wuphf::app_env
Setup&the&folder&structure&for&the&app&to&deploy&to
directory "#{node['wuphf']['cap_base']}" do
action :create
owner 'deploy'
group 'deploy'
mode '0755'
end
directory "#{node['wuphf']['deploy_to']}" do
action :create
owner 'deploy'
group 'deploy'
mode '0755'
end
directory "#{node['wuphf']['deploy_to']}/shared" do
action :create
owner 'deploy'
group 'deploy'
mode '0755'
end
directory "#{node['wuphf']['deploy_to']}/shared/config" do
action :create
owner 'deploy'
group 'deploy'
mode '0755'
end

wuphf::app_env
Create&the&database.yml&and&ﬁle&for&dotenv
template "#{node['wuphf']['deploy_to']}/shared/config/database.yml" do
source 'database.yml.erb'
owner 'deploy'
group 'deploy'
mode '0644'
end
template "#{node['wuphf']['deploy_to']}/shared/wuphf_env" do
source 'wuphf_env.erb'
owner 'deploy'
group 'deploy'
mode '0644'
end

wuphf::worker
Setup&background&worker&node

wuphf::worker
Install'client'libraries'needed'and'monitoring
include_recipe 'postgresql::client'

wuphf::worker
Install'applica+on'ruby'and'setup'folder'structure
include_recipe 'wuphf::ruby'
include_recipe 'wuphf::app_env'
Install'applica+on'dependencies
include_recipe 'xml'
include_recipe 'imagemagick'
include_recipe 'nodejs'

Make%sure%your%new%cookbook%has%a0ributes
a"ributes/default.rb
default['wuphf']['cap_base'] = '/home/deploy/apps'
default['wuphf']['deploy_to'] = '/home/deploy/apps/wuphf'
default['wuphf']['environment'] = 'production'
default['wuphf']['database'] = 'wuphf'
default['wuphf']['adapter'] = 'postgresql'
default['wuphf']['database_user'] = 'postgres'
default['wuphf']['database_password'] = (node['postgresql']['password']['postgres'] rescue nil)
default['wuphf']['database_host'] = 'localhost'
default['wuphf']['database_pool'] = 25
default['wuphf']['ruby_version'] = '2.1.3'
default['wuphf']['env_settings'] = {}

The$wuphf$conﬁg$key$and$the$Run$List$vary$
signiﬁcantly
Firewall(and(Postgres(keys(also(vary(from(node(to(node

First&let's&consider&the&ﬁrewall&rules

Staging'(10.0.0.1)
"firewall" : {
"rules" : [
{ "http" : { "port" : "80" } }
]
},
The$cookbook$keeps$SSH$port$22$open$for$us

Beta%Web/App/Worker%(10.0.0.2)
"firewall" : {
"rules" : [
{ "http" : { "port" : "80" } }
]
},
Beta%DB/Redis%(10.0.0.3)
"firewall" : {
"rules" : [
{ "psql" : { "port" : "5432", "source": "10.0.0.2/32" } },
{ "redis" : { "port" : "6379", "source": "10.0.0.2/32" } }
]
},

Prod%Web%(10.0.0.5)
"firewall" : {
"rules" : [
{ "http" : { "port" : "80" } }
]
},
Prod%Worker%(10.0.0.6)
"firewall" : {
"rules" : [ ]
},

Prod%DB/Redis%(10.0.0.7)
"firewall" : {
"rules" : [
{ "psql" : { "port" : "5432", "source": "10.0.0.5/32" } },
{ "psql" : { "port" : "5432", "source": "10.0.0.6/32" } },
{ "redis" : { "port" : "6379", "source": "10.0.0.5/32" } },
{ "redis" : { "port" : "6379", "source": "10.0.0.6/32" } },
]
},

Postgres(Setup
Staging'(10.0.0.1)
"postgresql" : {
"password" : {
"postgres" : "super-secret-password"
},
"enable_pgdg_apt" : true,
"version" : "9.3",
"config_pgtune" : {
"max_connections" : "100",
"db_type" : "desktop"
}
},

Beta%DB/Redis%(10.0.0.3)%(Addi3ons)
"postgresql" : {
"config" : {
"listen_addresses" : "localhost, 10.0.0.3"
},
"pg_hba" : [
{ "type" : "local", "db" : "all", "user" : "postgres", "addr" : null, "method" : "ident"},
{ "type" : "local", "db" : "all", "user" : "all", "addr" : null, "method" : "ident"},
{ "type" : "host", "db" : "all", "user" : "all", "addr" : "127.0.0.1/32", "method" : "md5"},
{ "type" : "hostssl", "db" : "all", "user" : "wuphf", "addr" : "10.0.0.2/32", "method" : "md5"},
{ "type" : "host", "db" : "all", "user" : "all", "addr" : "::1/128", "method" : "md5"}
],
"config_pgtune" : {
"db_type" : "web",
"max_connections" : "400"
}
},

Prod%DB/Redis%(10.0.0.7)%(Addi4ons)
"postgresql" : {
"pg_hba" : [
],
},

Wuphf
Staging'(10.0.0.1)
"wuphf" : {
"environment" : "staging",
"database" : "wuphf_staging",
"env_settings" : {
"AWS_ACCESS_KEY" : "AWS_ACCESS_KEY",
"AWS_SECRET_ACCESS_KEY" : "AWS_SECRET_ACCESS_KEY",
"FACEBOOK_APP_ID" : "FACEBOOK_APP_ID",
"FACEBOOK_APP_SECRET" : "FACEBOOK_APP_SECRET",
"NEW_RELIC_LICENSE_KEY" : "NEW_RELIC_LICENSE_KEY",
"TWITTER_CONSUMER_KEY" : "TWITTER_KEY",
"TWITTER_CONSUMER_SECRET" : "TWITTER_SECRET",
"TWILIO_API_KEY" : "TWILIO_API_KEY",
"REDIS_PROVIDER" : "REDIS_URL",
"REDIS_URL" : "redis://localhost:6379",
"RACK_ENV" : "staging",
"RAILS_ENV" : "staging"
}
},

"wuphf" : {
"environment" : "beta",
"database" : "wuphf_beta",
"hosts" : {
"db1" : "10.0.0.3"
},
"env_settings" : {
"REDIS_URL" : "redis://10.0.0.3:6379",
"RACK_ENV" : "beta",
"RAILS_ENV" : "beta"
}
},

Prod%Web/App%(10.0.0.5)
"wuphf" : {
"environment" : "production",
"database" : "wuphf_production",
"hosts" : {
"db1" : "10.0.0.7",
"worker1" : "10.0.0.6"
},
"env_settings" : {
"REDIS_URL" : "redis://10.0.0.7:6379",
"RACK_ENV" : "production",
"RAILS_ENV" : "production"
}
},

"wuphf" : {
"environment" : "production",
"database" : "wuphf_production",
"hosts" : {
"db1" : "10.0.0.7",
"web1" : "10.0.0.5",
},
"env_settings" : {
"REDIS_URL" : "redis://10.0.0.7:6379",
"RACK_ENV" : "production",
"RAILS_ENV" : "production"
}
},

Staging'(10.0.0.1)
"run_list": [
"recipe[wuphf::db]",
"recipe[wuphf::redis]",
"recipe[wuphf::web]",
"recipe[wuphf::app]",
"recipe[wuphf::worker]",
"recipe[newrelic]"
]

"run_list": [
"recipe[newrelic]"
]
Beta%DB/Redis%(10.0.0.3)
"run_list": [
"recipe[newrelic]"
]

Prod%Web%(10.0.0.5)
"run_list": [
"recipe[newrelic]"
]
"run_list": [
"recipe[newrelic]"
]

Prod%DB/Redis%(10.0.0.7)
"run_list": [
"recipe[newrelic]"
]

Don't&worry
It#is#a#process#of#trial#and#error

Thank&You!
smartlogic.io
@smartlogic
danivovich.com
@danivovich

Image&Cita*ons
h"p:/
/devopsreac.ons.tumblr.com/post/
104064772852/understanding@git
h"p:/
/collec.onofawesome.com/2012/10/18/
anchorman@60@of@the@.me@gif/
h"p:/
106500035590/building@a@new@server@and@adding@
it@to@the@live
h"p:/
105951734875/describing@our@network@
infrastructure
h"p:/
/theoﬃce.wikia.com/wiki/WUPHF.com

Image&Cita*ons&(con*nued)
h"p:/
77162384009/se?ngAupAnewAhostAwithApuppetAorA
chef
h"p:/
87186564388/kspliceAkpatch
h"p:/
97207834532/ﬁxingAsystemsAinternals
h"p:/
/giphy.com/gifs/keanuAreevesAuPnKU86sFa2fm
h"p:/
107492619940/deployingAaAcluster
h"p:/

Image&Cita*ons&(con*nued)
h"p:/
/i.imgur.com/dJ5jnB0.gif
h"p:/
/devopsreac:ons.tumblr.com/post/
61010641998/someChos:ngCcompaniesConC
availability
h"p:/
/i.imgur.com/QdVD216.gif
h"ps:/
/i.imgur.com/CXNOCBb.gif
h"p:/
/media.tumblr.com/
fe40a2da7c8e594479f48fd8450817d5/
tumblr_inline_nczuo9C9ov1raprkq.gif
h"p:/
/devopsreac:ons.tumblr.com/post/
72072493400/srmdsCserverCroomCmadnessC

Image&Cita*ons&(concluded)
h"p:/
79349198148/vendors<benchmarks
h"p:/
86295268875/cleaning<up<openssl<code
h"p:/
93197357391/security<hole
h"p:/
87581910878/trying<to<make<progress<on<monday
h"p:/
91731143332/doing<trial<and<error<with<chef

How SmartLogic Uses Chef-Dan Ivovich

Recommended

Recommended

More Related Content

Similar to How SmartLogic Uses Chef-Dan Ivovich

Similar to How SmartLogic Uses Chef-Dan Ivovich (20)

More from SmartLogic

More from SmartLogic (20)

Recently uploaded

Recently uploaded (20)

How SmartLogic Uses Chef-Dan Ivovich