Taste of Chef's Special for Devops

07a47a0ade6ef9b7b5475a3d2e30a65e?s=47 Aleksi
September 13, 2013

Taste of Chef's Special for Devops

Devops meetup group on 2013-09-13. Explained how we set up a Chef managed environment with external developers, how much it cost and what we got.

07a47a0ade6ef9b7b5475a3d2e30a65e?s=128

Aleksi

September 13, 2013
Tweet

Transcript

  1. TASTE OF CHEF'S SPECIAL EXPERIENCE OF SETTING UP A CHEF

    MANAGED ENV / Aleksi Rossi @AlekRossi
  2. SOME OF MY EXPERIENCES I'm going to tell you about

    one specific project outcomes and some recruitment tips
  3. OUR SITUATION Avoin ministeriö (The Open ministry) http://avoinministerio.fi

  4. ORIGINAL AM.FI ENVIRONMENT

  5. EXTENDED ENVIRONMENT FOR SIGNING

  6. REQUIREMENTS No administrators yet penetration test to pass very little

    time, but a bit of money repeatability
  7. TECHNICAL REQUIREMENTS Ruby on Rails app with PostgreSQL database RoR

    needs a webserver Normal administration: monitoring Security: hardening, backups, logs, IDS GPG reporting Niceties: health checks, reporting
  8. PLAN Hire freelance skills and get it done Test with

    other resources and make sure it works Get important things right the first time but Fix rest later
  9. HIRING MADSKILLZ

  10. HIRING MADSKILLZ

  11. LET'S TAKE A LOOK AT THE REPO

  12. WHAT DID WE GOT? 275 commits 7 cookbooks, 32 vendor

    cookbooks production and staging roles also for EC2 and local Vagrant setup 2 monitoring roles, 2 security roles, and a few other roles
  13. ROLE: AVOINMINISTERIO n a m e ' a v o

    i n m i n i s t e r i o ' d e s c r i p t i o n ' T h i s r o l e m a n a g e s a p p l i c a t i o n d e p l o y m e n t . S e e v e n d o r - c o o k b o o k s d e f a u l t _ a t t r i b u t e s ' a v o i n m i n i s t e r i o ' = > { ' e n v i r o n m e n t ' = > ' p r o d u c t i o n ' , ' s s l _ c e r t s ' = > ' p r o d u c t i o n ' , ' r e p o s i t o r y ' = > ' h t t p s : / / g i t h u b . c o m / a v o i n m i n i s t e r i o / a m ' r e v i s i o n ' = > ' m a s t e r ' } , ' s i m p l e _ c u k e ' = > { ' c o o k b o o k s ' = > [ ' a v o i n m i n i s t e r i o ' ] } , ' a u d i t ' = > { ' r u n _ d a i l y ' = > t r u e , ' r e p o r t _ e m a i l ' = > ' a l e k s i . r o s s i + s e c u r i t y @ g m a i l . c o m ' } ,
  14. ROLE: AVOINMINISTERIO CONT. ' b a c k u p

    ' = > { ' n o t i f y ' = > { ' e m a i l ' = > ' a l e k s i . n o t i f y + b a c k u p s @ a v o i n m i n i s t e r i o . c o } , ' s 3 ' = > { ' r e a d _ f r o m _ d a t a _ b a g ' = > t r u e , ' k e e p ' = > 8 7 6 0 # h a l f o f y e a r } , ' l o c a l ' = > { ' k e e p ' = > 4 3 8 0 # h a l f o f y e a r } , ' g p g ' = > { ' p u b l i c _ k e y ' = > < < - K E Y - - - - - B E G I N P G P P U B L I C K E Y B L O C K - - - - - V e r s i o n : G n u P G v 1 . 4 . 1 2 ( D a r w i n ) m Q I N B F A 6 F T M B E A C 7 V M 4 l 0 Z E 6 b l x 6 Z / 9 Y k S 9 O E 0 3 Y u B D K T H u P w O w l 8 r o c u T m b A 5 9 k . . . - - - - - E N D P G P P U B L I C K E Y B L O C K - - - - - K E Y } }
  15. ROLE: AVOINMINISTERIO r u n _ l i s t

    ' r o l e [ b a s e ] ' , ' r o l e [ p r o d u c t i o n ] ' , ' r o l e [ p o s t g r e s q l - s e r v e r ] ' , ' r o l e [ f a i l 2 b a n ] ' , ' r o l e [ n g i n x ] ' , ' r o l e [ p o s t f i x ] ' , ' r o l e [ m u n i n - n o d e ] ' , ' r o l e [ k n o c k d ] ' , ' r e c i p e [ a v o i n m i n i s t e r i o ] ' , ' r e c i p e [ c h e f _ h a n d l e r ] ' , ' r e c i p e [ s i m p l e _ c u k e ] ' , ' r e c i p e [ b a c k u p ] ' , ' r e c i p e [ s a v e l o g s ] ' , ' r e c i p e [ r s y s l o g ] ' , ' r e c i p e [ a u d i t ] '
  16. WHAT DID IT REQUIRE? Time: 3 months whilst the main

    app was running in a day
  17. WHAT DID IT REQUIRE? Money: 250h = 7 600€, about

    30€/h but we were whetting the appetite
  18. WHAT DID IT REQUIRE? Time & Money

  19. WHAT DID IT REQUIRE? Time & Money

  20. LESSONS LEARNED 1. Single person will work the quickest 2.

    You need other people to test out everything 3. Multiple environments is a requirement and a burden 4. Document how-to 5. Document opinions
  21. WOULD I DO IT AGAIN? Sure! At the time, it

    was the only option
  22. WOULD I DO IT DIFFERENTLY? Sure! Minimize requirements Playing with

    MVPs is fun
  23. WOULD I DO IT DIFFERENTLY? Leaning on community! Scaling up

    completely skipped
  24. WOULD I DO IT DIFFERENTLY? Reusability remains unproven! Local admin

    is a reasonable requirement
  25. THANKS ALEKSI.ROSSI@AVOINMINISTERIO.FI @ALEKROSSI ALEKSIROSSI.COM