Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Taste of Chef's Special for Devops

Aleksi
September 13, 2013

Taste of Chef's Special for Devops

Devops meetup group on 2013-09-13. Explained how we set up a Chef managed environment with external developers, how much it cost and what we got.

Aleksi

September 13, 2013
Tweet

More Decks by Aleksi

Other Decks in Programming

Transcript

  1. TASTE OF CHEF'S SPECIAL EXPERIENCE OF SETTING UP A CHEF

    MANAGED ENV / Aleksi Rossi @AlekRossi
  2. SOME OF MY EXPERIENCES I'm going to tell you about

    one specific project outcomes and some recruitment tips
  3. TECHNICAL REQUIREMENTS Ruby on Rails app with PostgreSQL database RoR

    needs a webserver Normal administration: monitoring Security: hardening, backups, logs, IDS GPG reporting Niceties: health checks, reporting
  4. PLAN Hire freelance skills and get it done Test with

    other resources and make sure it works Get important things right the first time but Fix rest later
  5. WHAT DID WE GOT? 275 commits 7 cookbooks, 32 vendor

    cookbooks production and staging roles also for EC2 and local Vagrant setup 2 monitoring roles, 2 security roles, and a few other roles
  6. ROLE: AVOINMINISTERIO n a m e ' a v o

    i n m i n i s t e r i o ' d e s c r i p t i o n ' T h i s r o l e m a n a g e s a p p l i c a t i o n d e p l o y m e n t . S e e v e n d o r - c o o k b o o k s d e f a u l t _ a t t r i b u t e s ' a v o i n m i n i s t e r i o ' = > { ' e n v i r o n m e n t ' = > ' p r o d u c t i o n ' , ' s s l _ c e r t s ' = > ' p r o d u c t i o n ' , ' r e p o s i t o r y ' = > ' h t t p s : / / g i t h u b . c o m / a v o i n m i n i s t e r i o / a m ' r e v i s i o n ' = > ' m a s t e r ' } , ' s i m p l e _ c u k e ' = > { ' c o o k b o o k s ' = > [ ' a v o i n m i n i s t e r i o ' ] } , ' a u d i t ' = > { ' r u n _ d a i l y ' = > t r u e , ' r e p o r t _ e m a i l ' = > ' a l e k s i . r o s s i + s e c u r i t y @ g m a i l . c o m ' } ,
  7. ROLE: AVOINMINISTERIO CONT. ' b a c k u p

    ' = > { ' n o t i f y ' = > { ' e m a i l ' = > ' a l e k s i . n o t i f y + b a c k u p s @ a v o i n m i n i s t e r i o . c o } , ' s 3 ' = > { ' r e a d _ f r o m _ d a t a _ b a g ' = > t r u e , ' k e e p ' = > 8 7 6 0 # h a l f o f y e a r } , ' l o c a l ' = > { ' k e e p ' = > 4 3 8 0 # h a l f o f y e a r } , ' g p g ' = > { ' p u b l i c _ k e y ' = > < < - K E Y - - - - - B E G I N P G P P U B L I C K E Y B L O C K - - - - - V e r s i o n : G n u P G v 1 . 4 . 1 2 ( D a r w i n ) m Q I N B F A 6 F T M B E A C 7 V M 4 l 0 Z E 6 b l x 6 Z / 9 Y k S 9 O E 0 3 Y u B D K T H u P w O w l 8 r o c u T m b A 5 9 k . . . - - - - - E N D P G P P U B L I C K E Y B L O C K - - - - - K E Y } }
  8. ROLE: AVOINMINISTERIO r u n _ l i s t

    ' r o l e [ b a s e ] ' , ' r o l e [ p r o d u c t i o n ] ' , ' r o l e [ p o s t g r e s q l - s e r v e r ] ' , ' r o l e [ f a i l 2 b a n ] ' , ' r o l e [ n g i n x ] ' , ' r o l e [ p o s t f i x ] ' , ' r o l e [ m u n i n - n o d e ] ' , ' r o l e [ k n o c k d ] ' , ' r e c i p e [ a v o i n m i n i s t e r i o ] ' , ' r e c i p e [ c h e f _ h a n d l e r ] ' , ' r e c i p e [ s i m p l e _ c u k e ] ' , ' r e c i p e [ b a c k u p ] ' , ' r e c i p e [ s a v e l o g s ] ' , ' r e c i p e [ r s y s l o g ] ' , ' r e c i p e [ a u d i t ] '
  9. WHAT DID IT REQUIRE? Money: 250h = 7 600€, about

    30€/h but we were whetting the appetite
  10. LESSONS LEARNED 1. Single person will work the quickest 2.

    You need other people to test out everything 3. Multiple environments is a requirement and a burden 4. Document how-to 5. Document opinions