Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Authoritative Resource Sets

Joe Nuspl
April 17, 2014
Programming
1
300

Building Authoritative Resource Sets

chef is additive by nature. Removing resource definitions from recipes will not remove the resources from the system. This can be confusing for beginner chefs. An authoritative resource set is a term used to describe a resource set containing only the resources defined in the chef recipes.

The "zap" pattern emerged as a way to build authoritative resource sets. The LWRPs from the zap cookbook, https://github.com/nvwls/zap, will be presented as well as various use cases.

This talk was presented at ChefConf 2014.

Joe Nuspl

April 17, 2014
Tweet

More Decks by Joe Nuspl

See All by Joe Nuspl
Testing "Hardware" Cookbooks with Kitchen
nvwls
0
20
DevOps: Reflections on a Lifetime of Learning
nvwls
0
200
DevOps: Reflections on a Lifetime of Learning
nvwls
1
230
Team Building for $39.99
nvwls
0
48
How to DevOpsDays
nvwls
0
36

Other Decks in Programming

See All in Programming
どうするLeSS - スクラムフェス三河2023.9.16
stanby_inc
1
240
iOSエンジニアに求められる役割について
teamlab
PRO
0
210
スキル差があるペア_モブプロで効果的な_ドライバーナビゲータ以外のロールの分け方.pdf
yatasunshine
1
240
Compose で Android/iOS アプリを作る
m_coder
0
2.2k
Twillio SDKをFlutterアプリに統合した話/twilio-in-flutter
minma_curama
1
150
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
800
Monorepo for Cloudflare Workers
peaceiris
0
120
CSS Subgridが遂に全ブラウザ対応。新時代のグリッドデザインを学ぼう
tonkotsuboy_com
6
6.9k
テーブル駆動テストと状態
hazumirr
2
1.1k
Jakarta EE 10 - Simplicity for Modern and Lightweight Cloud
ivargrimstad
0
720
マイクロサービス環境におけるToilを削減するTerraformの活用 in DMMプラットフォーム
pospome
1
230
Build Backwards-Compatible REST APIs with Rolling Versions
subomi
0
140

Featured

See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.7k
Practical Orchestrator
shlominoach
179
9.3k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
50k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
Three Pipe Problems
jasonvnalue
89
9.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
Automating Front-end Workflow
addyosmani
1354
200k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
The Cult of Friendly URLs
andyhume
71
5.4k
Intergalactic Javascript Robots from Outer Space
tanoku
263
26k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
49
16k

Transcript

  1. Building Authoritative
    Resource Sets
    @JoeNuspl
    [email protected]
    ChefConf 2014

    View Slide

  2. Who?
    • Who am I?

    View Slide

  3. What ?
    • “Building Authoritative Resource Sets”

    View Slide

  4. Where?
    • Regency

    View Slide

  5. When?
    • Now
    • 2:20 Pacific Time

    View Slide

  6. “Authoritative
    Resource Sets”
    • Blame Matt Ray for the name!

    View Slide

  7. “Authoritative
    Resource Sets”
    • A set of resources that only contains resources
    defined by chef.
    • Chef is action based. action is a keyword.
    • action :create
    • action :delete

    View Slide

  8. Example
    package ‘foo’
    cron ‘email 503 report’ do
    minute ‘59’
    hour ‘23’
    command ‘grep ,503, /var/log/httpd/access.log
    | mail noc -s “503 Report”’
    end
    package ‘bar’

    View Slide

  9. Day 5
    • WOOT! Flakey switch port!

    View Slide

  10. Day 6
    • WOOT! Zero 503 errors!

    View Slide

  11. Day 10
    • Still zero 503 errors. Problem solved.
    • “We don’t need the 503 report anymore.”

    View Slide

  12. Day 11
    package ‘foo’
    package ‘bar’

    View Slide

  13. Day 13
    • NOC calls…
    • Why are we still receiving the 503 email?

    View Slide

  14. Ah-ha!
    • Chef is action-based

    View Slide

  15. Solution #1
    package ‘foo’
    cron ‘email 503 report’ do
    action :delete
    end
    package ‘bar’

    View Slide

  16. Solution #2
    package ‘foo’
    # Remove after 05/01
    cron ‘email 503 report’ do
    action :delete
    end
    package ‘bar’

    View Slide

  17. Solution #3
    package ‘foo’
    # Remove after 05/01
    cron ‘email 503 report’ do
    action :delete
    only_if { ::Crontab.exists?(‘email 503
    report’) }
    end
    package ‘bar’

    View Slide

  18. Still yuck!
    • This example was benign.
    • /etc/iptables.d/11-open-rsh

    View Slide

  19. “Authoritative
    resource sets”
    • Chef should automagically delete resources that
    are not defined as part of the resource set of the
    current run

    View Slide

  20. The “zap” pattern
    • github.com/youscribe/sysctl
    • github.com/nvwls/zap

    View Slide

  21. Yet Another Solution
    zap_crontab ‘root’

    View Slide

  22. Behind the scenes
    INFO: Processing cron[ossec] action create (zap::test line 19)
    INFO: Processing cron[tmpwatcher] action create (zap::test line 23)

    INFO: Processing zap_crontab[root] action delete (zap::test line
    27)
    INFO: zap_crontab[root] keeping cron[ossec]
    INFO: zap_crontab[root] keeping cron[tmpwatcher]
    INFO: zap_crontab[root] zapping cron[503 report]

    INFO: Processing cron[503 report] action delete (dynamically
    defined)
    INFO: cron[503 report] deleted crontab entry

    View Slide

  23. zap_directory
    zap_directory ‘/etc/iptables.d’ do
    filter ‘*.conf’
    notifies :run, ‘execute[rebuild-iptables]’
    end

    View Slide

  24. Coming soon
    • zap::services
    • zap::users
    • zap::groups

    View Slide

  25. Warning!!!
    • “Don’t we zap that?”

    View Slide

  26. Challenge
    • “There’s a zap for that!”

    View Slide

  27. Hangover Epiphany
    • Authoritative Resources Sets
    • Zap: Garbage Collecting System Resources

    View Slide

  28. Thanks
    • github.com/nvwls
    • Pull requests welcome

    View Slide