Slide 1
Slide 1 text
Configuration Management
Anti-Patterns
Sam Kottler
@samkottler
Thursday, June 20, 13
Slide 2
Slide 2 text
Hi, I’m Sam
Thursday, June 20, 13
Slide 3
Slide 3 text
Hi, I’m Sam
Thursday, June 20, 13
Slide 4
Slide 4 text
Configuration management
is great.
Thursday, June 20, 13
Slide 5
Slide 5 text
I don’t really care which
system you’re using.
This talk will feature Puppet & Chef
Thursday, June 20, 13
Slide 6
Slide 6 text
Predictability
Thursday, June 20, 13
Slide 7
Slide 7 text
Scalability
Thursday, June 20, 13
Slide 8
Slide 8 text
Auditing
Thursday, June 20, 13
Slide 9
Slide 9 text
Opinions lie within
Thursday, June 20, 13
Slide 10
Slide 10 text
Thursday, June 20, 13
Slide 11
Slide 11 text
Build packages.
Seriously, it’s worth it.
Thursday, June 20, 13
Slide 12
Slide 12 text
/usr/bin/fpm -s gem -t rpm -n
freight -v $VERSION -C $TMP_DIR \
-d "dpkg" usr/local
Thursday, June 20, 13
Slide 13
Slide 13 text
A quick diversion...
Thursday, June 20, 13
Slide 14
Slide 14 text
rpmbuild -ba foo.spec
mock foo-3.4.0-1.src.rpm
Thursday, June 20, 13
Slide 15
Slide 15 text
dh_make
git-buildpackage
debuild-pbuilder
Thursday, June 20, 13
Slide 16
Slide 16 text
Thursday, June 20, 13
Slide 17
Slide 17 text
And put them into repos.
Thursday, June 20, 13
Slide 18
Slide 18 text
Use PPA’s or COPR’s.
Thursday, June 20, 13
Slide 19
Slide 19 text
This is actually really
easy to automate.
Thursday, June 20, 13
Slide 20
Slide 20 text
Koji is your friend.
Thursday, June 20, 13
Slide 21
Slide 21 text
I’m working on an
OS agnostic solution.
Talk to me after if you want to help.
Thursday, June 20, 13
Slide 22
Slide 22 text
Inline logic that includes
parameters
Thursday, June 20, 13
Slide 23
Slide 23 text
Thursday, June 20, 13
Slide 24
Slide 24 text
Thursday, June 20, 13
Slide 25
Slide 25 text
Thursday, June 20, 13
Slide 26
Slide 26 text
Thursday, June 20, 13
Slide 27
Slide 27 text
Lack of parameterization
Thursday, June 20, 13
Slide 28
Slide 28 text
“Why would I ever want to
change this?”
Thursday, June 20, 13
Slide 29
Slide 29 text
Parameterized classes,
hiera, and attributes
Thursday, June 20, 13
Slide 30
Slide 30 text
Thursday, June 20, 13
Slide 31
Slide 31 text
Thursday, June 20, 13
Slide 32
Slide 32 text
Thursday, June 20, 13
Slide 33
Slide 33 text
Just look at the Opscode
cookbooks
And give Joshua Timberman a hug.
Thursday, June 20, 13
Slide 34
Slide 34 text
Storing plain-text secrets
in your config management
repos.
Thursday, June 20, 13
Slide 35
Slide 35 text
Encrypted databags
Thursday, June 20, 13
Slide 36
Slide 36 text
hiera-gpg
Thursday, June 20, 13
Slide 37
Slide 37 text
Role decisions based
on inventory values
Thursday, June 20, 13
Slide 38
Slide 38 text
Thursday, June 20, 13
Slide 39
Slide 39 text
Thursday, June 20, 13
Slide 40
Slide 40 text
Thursday, June 20, 13
Slide 41
Slide 41 text
Thursday, June 20, 13
Slide 42
Slide 42 text
Thursday, June 20, 13
Slide 43
Slide 43 text
$ FACTER_physicalprocesscount=2 puppet agent -t
$ chef-client -j “{ processors: 2 }”
Thursday, June 20, 13
Slide 44
Slide 44 text
Don’t fear wrapper
cookbooks or modules.
Thursday, June 20, 13
Slide 45
Slide 45 text
Thursday, June 20, 13
Slide 46
Slide 46 text
Remember all those
awesome abstractions?
Thursday, June 20, 13
Slide 47
Slide 47 text
Stop putting upstream
modules and cookbooks
into your repos.
Thursday, June 20, 13
Slide 48
Slide 48 text
librarian-chef
berkshelf
Thursday, June 20, 13
Slide 49
Slide 49 text
Thursday, June 20, 13
Slide 50
Slide 50 text
Thursday, June 20, 13
Slide 51
Slide 51 text
librarian-puppet
Thursday, June 20, 13
Slide 52
Slide 52 text
Don’t deploy with your
configuration
management tool
Thursday, June 20, 13
Slide 53
Slide 53 text
Thursday, June 20, 13
Slide 54
Slide 54 text
Rollbacks? Revision management?
Thursday, June 20, 13
Slide 55
Slide 55 text
Consistency? Phased rollouts?
Thursday, June 20, 13
Slide 56
Slide 56 text
Thursday, June 20, 13
Slide 57
Slide 57 text
It’s a bug if you can’t run
end-to-end provisioning in
a single run.
Thursday, June 20, 13
Slide 58
Slide 58 text
Use a build system to run each
type of machine in an isolated
environment
LXC or schroot are great for doing this
Thursday, June 20, 13
Slide 59
Slide 59 text
Deploy your configuration
management tools just
like production
Thursday, June 20, 13
Slide 60
Slide 60 text
Questions?
@samkottler
[email protected]
https://github.com/skottler
Thursday, June 20, 13