Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Authoritative Resource Sets

Avatar for Joe Nuspl Joe Nuspl
April 17, 2014
Programming
1
460

Building Authoritative Resource Sets

chef is additive by nature. Removing resource definitions from recipes will not remove the resources from the system. This can be confusing for beginner chefs. An authoritative resource set is a term used to describe a resource set containing only the resources defined in the chef recipes.

The "zap" pattern emerged as a way to build authoritative resource sets. The LWRPs from the zap cookbook, https://github.com/nvwls/zap, will be presented as well as various use cases.

This talk was presented at ChefConf 2014.
Avatar for Joe Nuspl

Joe Nuspl

April 17, 2014
Tweet

More Decks by Joe Nuspl

See All by Joe Nuspl
Lessons from 12 Years of Progress Chef Development
Avatar for Joe Nuspl nvwls
0
67
Testing "Hardware" Cookbooks with Kitchen
Avatar for Joe Nuspl nvwls
0
48
DevOps: Reflections on a Lifetime of Learning
Avatar for Joe Nuspl nvwls
0
330
DevOps: Reflections on a Lifetime of Learning
Avatar for Joe Nuspl nvwls
1
310
Team Building for $39.99
Avatar for Joe Nuspl nvwls
0
64
How to DevOpsDays
Avatar for Joe Nuspl nvwls
0
52

Other Decks in Programming

See All in Programming
個人開発の学生アプリが企業譲渡されるまで
Avatar for akidon0000 akidon0000
2
1.2k
20250429 - CNTUG Meetup #67 / DevOps Taiwan Meetup #69 - Deep Dive into Tetragon: Building Runtime Security and Observability with eBPF
Avatar for ChengHao Yang tico88612
0
180
Designing Your Organization's Test Pyramid ( #scrumniigata )
Avatar for teyamagu teyamagu
PRO
5
1.4k
Vibe Coding の話をしよう
Avatar for schroneko schroneko
14
3.8k
SwiftDataのカスタムデータストアを試してみた
Avatar for 1mash0 1mash0
0
150
AIコーディングエージェントを 「使いこなす」ための実践知と現在地 in ログラス / How to Use AI Coding Agent in Loglass
Avatar for r-kagaya rkaga
4
1.4k
今話題のMCPサーバーをFastAPIでサッと作ってみた
Avatar for Yuuki Shimizu yuukis
0
130
Boost Your Performance and Developer Productivity with Jakarta EE 11
Avatar for ivargrimstad ivargrimstad
0
880
MySQL初心者が311個のカラムにNot NULL制約を追加していってALTER TABLEについて学んだ話
Avatar for hatsu hatsu38
2
140
オープンソースコントリビュート入門
Avatar for katsuma _katsuma
0
130
実践Webフロントパフォーマンスチューニング
Avatar for しーぴー cp20
45
10k
一緒に働きたくなるプログラマの思想 #QiitaConference
Avatar for mu_zaru mu_zaru
81
21k

Featured

See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
45
9.5k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
420
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
179
53k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
22
3.4k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
187
11k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
21k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
129
19k
Navigating Team Friction
Avatar for Lara Hogan lara
185
15k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
24
2.7k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
159
23k

Transcript

  1. Building Authoritative Resource Sets @JoeNuspl [email protected] ChefConf 2014

  2. Who? • Who am I?

  3. What ? • “Building Authoritative Resource Sets”

  4. Where? • Regency

  5. When? • Now • 2:20 Pacific Time

  6. “Authoritative Resource Sets” • Blame Matt Ray for the name!

  7. “Authoritative Resource Sets” • A set of resources that only

    contains resources defined by chef. • Chef is action based. action is a keyword. • action :create • action :delete

  8. Example package ‘foo’ cron ‘email 503 report’ do minute ‘59’

    hour ‘23’ command ‘grep ,503, /var/log/httpd/access.log | mail noc -s “503 Report”’ end package ‘bar’

  9. Day 5 • WOOT! Flakey switch port!

  10. Day 6 • WOOT! Zero 503 errors!

  11. Day 10 • Still zero 503 errors. Problem solved. •

    “We don’t need the 503 report anymore.”

  12. Day 11 package ‘foo’ package ‘bar’

  13. Day 13 • NOC calls… • Why are we still

    receiving the 503 email?

  14. Ah-ha! • Chef is action-based

  15. Solution #1 package ‘foo’ cron ‘email 503 report’ do action

    :delete end package ‘bar’

  16. Solution #2 package ‘foo’ # Remove after 05/01 cron ‘email

    503 report’ do action :delete end package ‘bar’

  17. Solution #3 package ‘foo’ # Remove after 05/01 cron ‘email

    503 report’ do action :delete only_if { ::Crontab.exists?(‘email 503 report’) } end package ‘bar’

  18. Still yuck! • This example was benign. • /etc/iptables.d/11-open-rsh

  19. “Authoritative resource sets” • Chef should automagically delete resources that

    are not defined as part of the resource set of the current run

  20. The “zap” pattern • github.com/youscribe/sysctl • github.com/nvwls/zap

  21. Yet Another Solution zap_crontab ‘root’

  22. Behind the scenes INFO: Processing cron[ossec] action create (zap::test line

    19) INFO: Processing cron[tmpwatcher] action create (zap::test line 23) … INFO: Processing zap_crontab[root] action delete (zap::test line 27) INFO: zap_crontab[root] keeping cron[ossec] INFO: zap_crontab[root] keeping cron[tmpwatcher] INFO: zap_crontab[root] zapping cron[503 report] … INFO: Processing cron[503 report] action delete (dynamically defined) INFO: cron[503 report] deleted crontab entry

  23. zap_directory zap_directory ‘/etc/iptables.d’ do filter ‘*.conf’ notifies :run, ‘execute[rebuild-iptables]’ end

  24. Coming soon • zap::services • zap::users • zap::groups

  25. Warning!!! • “Don’t we zap that?”

  26. Challenge • “There’s a zap for that!”

  27. Hangover Epiphany • Authoritative Resources Sets • Zap: Garbage Collecting

    System Resources

  28. Thanks • github.com/nvwls • Pull requests welcome