Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Authoritative Resource Sets

Joe Nuspl
April 17, 2014
Programming
1
350

Building Authoritative Resource Sets

chef is additive by nature. Removing resource definitions from recipes will not remove the resources from the system. This can be confusing for beginner chefs. An authoritative resource set is a term used to describe a resource set containing only the resources defined in the chef recipes.

The "zap" pattern emerged as a way to build authoritative resource sets. The LWRPs from the zap cookbook, https://github.com/nvwls/zap, will be presented as well as various use cases.

This talk was presented at ChefConf 2014.

Joe Nuspl

April 17, 2014
Tweet

More Decks by Joe Nuspl

See All by Joe Nuspl
Lessons from 12 Years of Progress Chef Development
nvwls
0
38
Testing "Hardware" Cookbooks with Kitchen
nvwls
0
29
DevOps: Reflections on a Lifetime of Learning
nvwls
0
250
DevOps: Reflections on a Lifetime of Learning
nvwls
1
250
Team Building for $39.99
nvwls
0
54
How to DevOpsDays
nvwls
0
40

Other Decks in Programming

See All in Programming
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
170
Ruby Pattern Matching
bkuhlmann
0
930
SIMD Parallel Programming with the Vector API
josepaumard
0
200
Amazon SQSコンシューマー疎結合への旅 - 出張! #DevelopersIO IT技術ブログの中の人が語る勉強会 #3
quiver
0
280
Ruby GitHub Packages
bkuhlmann
0
630
TCAとKMPを用いた新規動画配信アプリ 「ABEMA Live」の設計
tomu28
1
120
大規模Reactアプリのリアーキテクチャ~8万行のTanStack Query移行の軌跡~
kj455
4
970
Snowflakeで眠ったデータを起こそう!
estie
0
120
二郎系ラーメンのコールで学ぶ AST 解析
memory1994
PRO
7
1.7k
AWS CDKコントリビュートTIPS / aws-cdk-contribution-tips
gotok365
3
240
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
860
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
370

Featured

See All Featured
A Philosophy of Restraint
colly
197
16k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
6
1.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
Clear Off the Table
cherdarchuk
84
310k
For a Future-Friendly Web
brad_frost
172
9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.9k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.1k
Art, The Web, and Tiny UX
lynnandtonic
289
19k

Transcript

  1. Building Authoritative Resource Sets @JoeNuspl [email protected] ChefConf 2014

  2. Who? • Who am I?

  3. What ? • “Building Authoritative Resource Sets”

  4. Where? • Regency

  5. When? • Now • 2:20 Pacific Time

  6. “Authoritative Resource Sets” • Blame Matt Ray for the name!

  7. “Authoritative Resource Sets” • A set of resources that only

    contains resources defined by chef. • Chef is action based. action is a keyword. • action :create • action :delete

  8. Example package ‘foo’ cron ‘email 503 report’ do minute ‘59’

    hour ‘23’ command ‘grep ,503, /var/log/httpd/access.log | mail noc -s “503 Report”’ end package ‘bar’

  9. Day 5 • WOOT! Flakey switch port!

  10. Day 6 • WOOT! Zero 503 errors!

  11. Day 10 • Still zero 503 errors. Problem solved. •

    “We don’t need the 503 report anymore.”

  12. Day 11 package ‘foo’ package ‘bar’

  13. Day 13 • NOC calls… • Why are we still

    receiving the 503 email?

  14. Ah-ha! • Chef is action-based

  15. Solution #1 package ‘foo’ cron ‘email 503 report’ do action

    :delete end package ‘bar’

  16. Solution #2 package ‘foo’ # Remove after 05/01 cron ‘email

    503 report’ do action :delete end package ‘bar’

  17. Solution #3 package ‘foo’ # Remove after 05/01 cron ‘email

    503 report’ do action :delete only_if { ::Crontab.exists?(‘email 503 report’) } end package ‘bar’

  18. Still yuck! • This example was benign. • /etc/iptables.d/11-open-rsh

  19. “Authoritative resource sets” • Chef should automagically delete resources that

    are not defined as part of the resource set of the current run

  20. The “zap” pattern • github.com/youscribe/sysctl • github.com/nvwls/zap

  21. Yet Another Solution zap_crontab ‘root’

  22. Behind the scenes INFO: Processing cron[ossec] action create (zap::test line

    19) INFO: Processing cron[tmpwatcher] action create (zap::test line 23) … INFO: Processing zap_crontab[root] action delete (zap::test line 27) INFO: zap_crontab[root] keeping cron[ossec] INFO: zap_crontab[root] keeping cron[tmpwatcher] INFO: zap_crontab[root] zapping cron[503 report] … INFO: Processing cron[503 report] action delete (dynamically defined) INFO: cron[503 report] deleted crontab entry

  23. zap_directory zap_directory ‘/etc/iptables.d’ do filter ‘*.conf’ notifies :run, ‘execute[rebuild-iptables]’ end

  24. Coming soon • zap::services • zap::users • zap::groups

  25. Warning!!! • “Don’t we zap that?”

  26. Challenge • “There’s a zap for that!”

  27. Hangover Epiphany • Authoritative Resources Sets • Zap: Garbage Collecting

    System Resources

  28. Thanks • github.com/nvwls • Pull requests welcome