Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Authoritative Resource Sets

Joe Nuspl
April 17, 2014
Programming
1
400

Building Authoritative Resource Sets

chef is additive by nature. Removing resource definitions from recipes will not remove the resources from the system. This can be confusing for beginner chefs. An authoritative resource set is a term used to describe a resource set containing only the resources defined in the chef recipes.

The "zap" pattern emerged as a way to build authoritative resource sets. The LWRPs from the zap cookbook, https://github.com/nvwls/zap, will be presented as well as various use cases.

This talk was presented at ChefConf 2014.

Joe Nuspl

April 17, 2014
Tweet

More Decks by Joe Nuspl

See All by Joe Nuspl
Lessons from 12 Years of Progress Chef Development
nvwls
0
53
Testing "Hardware" Cookbooks with Kitchen
nvwls
0
44
DevOps: Reflections on a Lifetime of Learning
nvwls
0
300
DevOps: Reflections on a Lifetime of Learning
nvwls
1
270
Team Building for $39.99
nvwls
0
59
How to DevOpsDays
nvwls
0
44

Other Decks in Programming

See All in Programming
Flutterを言い訳にしない!アプリの使い心地改善テクニック5選🔥
kno3a87
1
210
OnlineTestConf: Test Automation Friend or Foe
maaretp
0
120
型付き API リクエストを実現するいくつかの手法とその選択 / Typed API Request
euxn23
8
2.3k
Jakarta EE meets AI
ivargrimstad
0
710
とにかくAWS GameDay!AWSは世界の共通言語! / Anyway, AWS GameDay! AWS is the world's lingua franca!
seike460
PRO
1
910
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
3
700
watsonx.ai Dojo #4 生成AIを使ったアプリ開発、応用編
oniak3ibm
PRO
1
170
ローコードSaaSのUXを向上させるためのTypeScript
taro28
1
630
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
950
見せてあげますよ、「本物のLaravel批判」ってやつを。
77web
7
7.8k
Amazon Bedrock Agentsを用いてアプリ開発してみた!
har1101
0
340
Remix on Hono on Cloudflare Workers
yusukebe
1
300

Featured

See All Featured
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Designing for humans not robots
tammielis
250
25k
Fireside Chat
paigeccino
34
3k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
4 Signs Your Business is Dying
shpigford
180
21k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Music & Morning Musume
bryan
46
6.2k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k

Transcript

  1. Building Authoritative Resource Sets @JoeNuspl [email protected] ChefConf 2014

  2. Who? • Who am I?

  3. What ? • “Building Authoritative Resource Sets”

  4. Where? • Regency

  5. When? • Now • 2:20 Pacific Time

  6. “Authoritative Resource Sets” • Blame Matt Ray for the name!

  7. “Authoritative Resource Sets” • A set of resources that only

    contains resources defined by chef. • Chef is action based. action is a keyword. • action :create • action :delete

  8. Example package ‘foo’ cron ‘email 503 report’ do minute ‘59’

    hour ‘23’ command ‘grep ,503, /var/log/httpd/access.log | mail noc -s “503 Report”’ end package ‘bar’

  9. Day 5 • WOOT! Flakey switch port!

  10. Day 6 • WOOT! Zero 503 errors!

  11. Day 10 • Still zero 503 errors. Problem solved. •

    “We don’t need the 503 report anymore.”

  12. Day 11 package ‘foo’ package ‘bar’

  13. Day 13 • NOC calls… • Why are we still

    receiving the 503 email?

  14. Ah-ha! • Chef is action-based

  15. Solution #1 package ‘foo’ cron ‘email 503 report’ do action

    :delete end package ‘bar’

  16. Solution #2 package ‘foo’ # Remove after 05/01 cron ‘email

    503 report’ do action :delete end package ‘bar’

  17. Solution #3 package ‘foo’ # Remove after 05/01 cron ‘email

    503 report’ do action :delete only_if { ::Crontab.exists?(‘email 503 report’) } end package ‘bar’

  18. Still yuck! • This example was benign. • /etc/iptables.d/11-open-rsh

  19. “Authoritative resource sets” • Chef should automagically delete resources that

    are not defined as part of the resource set of the current run

  20. The “zap” pattern • github.com/youscribe/sysctl • github.com/nvwls/zap

  21. Yet Another Solution zap_crontab ‘root’

  22. Behind the scenes INFO: Processing cron[ossec] action create (zap::test line

    19) INFO: Processing cron[tmpwatcher] action create (zap::test line 23) … INFO: Processing zap_crontab[root] action delete (zap::test line 27) INFO: zap_crontab[root] keeping cron[ossec] INFO: zap_crontab[root] keeping cron[tmpwatcher] INFO: zap_crontab[root] zapping cron[503 report] … INFO: Processing cron[503 report] action delete (dynamically defined) INFO: cron[503 report] deleted crontab entry

  23. zap_directory zap_directory ‘/etc/iptables.d’ do filter ‘*.conf’ notifies :run, ‘execute[rebuild-iptables]’ end

  24. Coming soon • zap::services • zap::users • zap::groups

  25. Warning!!! • “Don’t we zap that?”

  26. Challenge • “There’s a zap for that!”

  27. Hangover Epiphany • Authoritative Resources Sets • Zap: Garbage Collecting

    System Resources

  28. Thanks • github.com/nvwls • Pull requests welcome