the unintended benefits of chef

The Unintended Benefits of Chef

Standardization FTW

whoamiClinton Wolfe, Web Architect @ OmniTI mod perl developer since 1996cheffin' since 2012

@clintoncwolfegithub: clintoncwolfe

LEGO group

$JOBomniti.comcustom web development - UX to hostingwe make OmniOS, an Illumos based OS distro

our dev clientsmostly brownfield worknew featuresoh no it won't scalemy nephew built it

client scalesome have hundreds of nodesmost clients have < 10 nodes

some have many, want fewersome have few, need morewe specialize in doing more with less

mijasper/brickshelf

process : anti-processeach customer has "unique" problems

some are, most aren't

we're flexible, urging gradual change

TMTOWTDI....dev environmentsasset statecronself-referential urlsCPAN/PECL/gem/egg/npm builds

“You Only Deploy Once!"

clients: YODO!!!

except for disaster recovery

clients: YODO!!!

except for disaster recoveryexcept for onboarding devs

clients: YODO!!!

except for disaster recoveryexcept for onboarding devsexcept for CI

clients: YODO!!!

except for disaster recoveryexcept for onboarding devsexcept for CIexcept for scaling out

clients: YODO!!!

except for disaster recoveryexcept for onboarding devsexcept for CIexcept for scaling outexcept for load testing

clients: YODO!!!

except for disaster recoveryexcept for onboarding devsexcept for CIexcept for scaling outexcept for load testingexcept for upgrade testing

clients: YODO!!!

except for disaster recoveryexcept for onboarding devsexcept for CIexcept for scaling outexcept for load testingexcept for upgrade testingexcept for datacenter moves

QA is hardcan't make new QA environments

QA env is precious

state hard to manage

If testing is hard, no testing is done

mijasper/brickshelf

surely we can do better

We want standardization

Client wants deployability (scale-out, resilience)

Chef FTW

The Plan!Focus on deployability

Integrate systems and app deployment

Custom Recipes – choosing your battles

Automate testing early

cheffing as discoveryExploring the existing app for on-boarding

Even rsyncing a golden image is OK

capture it in chefGet deployable (in Vagrant ) ASAP mijasper/customminifigs.co.uk



Custom Recipes – choosing your battles Automate testing early

app deployment in chef?

most app deployment tools partially dictate layout, push process, etc

who knows what we have been handed

but chef can do pretty much anything!

cheffing an app

identify and decouple rolessetup user auth, systems stuffcode checkouttemplatize config filesservice definitions

Iterate, standardize, simplify!

finding variances

understand existing variancesstandardize the arbitraryjustify the ones that need to remain

writing a custom cookbook is a red flag

jokeith/brickshelf

Our shared cookbooks

Over 20 cookbooks used internally at the company, cross-clientAttribute-driven default recipesExposes project variances in clear relief... yet we can easily extend them if needed

Shared roles/handlers/databags, too

it's still OK to punt

We will never be fully standardizedAs old projects mature, new projects arrive

known technical debtcan be healthy

mijasper/brickshelf

cheffing: ci with jenkins

static checks on chef configscratchbuild Vagrant runsparametric builds and Vagrantfilesvagrant-test-subject

mijasper/brickshelf

system tests

High-level, near-english behavioral tests

Not low-level unit tests against codebase Supposed to be serving http? Check for it!

Easy to add more later - start with minimum

aside: our test harness

vagrant-rspec-ci gemprovision ok?services running?connect to port?Capybara for web UI testingJunit output for pretty Jenkins graphs

Test spec exampledescribe "TrafficServer Service" do

before(:all) do

@vm = VagrantTestSubject::VM.attach()

end

it "should appear as a healthy service" do

@vm.should have_running_service("trafficserver")

end

it "should be listening on external_ip:80" do

@vm.should be_listening_on_external_ip(80)

end

it "should be the right process name on port 80" do

process = @vm.process_name_listening('127.0.0.1', 80)

process.should match(/\/opt\/ts\/bin\/traffic_manager/)

end

it "should respond with HTTP 200 to / on port 80" do

@vm.http_get('/').should be_http_not_found # from rspec-http gem

end

end

Shiny, Happy TeamsOps Team ImpactDev Team ImpactQA Team ImpactOrganizational Impact

LEGO Group

Ops Team ImpactChef everywhere! YAY!

Chef for everything, especially wildly divergent app deployments! BOO!

Direct exposure to dev team deployment needs & tooling... a more devvy ops team

Dev Team ImpactCan get a new dev env anytime, have more than one - YAYSame build everywhere – YAYI have to learn ruby? BOOSome awareness of practices on other projects, improved perspectiveMuch more visibility into how systems are provisioned – a more opsy dev team

QA Team ImpactUse vagrant VMs as test subjects

QA VM provisioning can now be elastic, responsive to testing/release cycles

Dev and QA exposure to systems BDT

Dev and ops teams more QA-y: devopsqa!

the VM as fixture

data loads - vary by test scenariodata loads - vary for scaleasset loadsrole permutationsos, vm, env permutationsclusters of related machines (db, web, CDN, client)

aside: loading fixturesWe use Chef roles to define attributes that load fixture state

We use recipes to read the attributes and converge to the needed test state

•special purge-all role clears all state•use env var to pass fixture list into vagrant for

provision

i accidentally the whole dbfixture loading must be used with care

use a safety flag to enable it

Nelson Yrizarry/brickshelf

Organizational Impact

Standardization eases: actual deployment on-call ops can support the app more devs responsible for deployability ops can participate in app management reduced ramp-up time onto existing projects

Thanks!Clinton [email protected]

findmybrick.com

the unintended benefits of chef

Technology

onboarding devsexcept

load testing

dev team impactcan

opsy dev team

deployabilityintegrate

app deploymentcustom

upgrade testing

existing app