Doom Your Chef in 3 Easy Steps

Transcript

1. Doom Your Chef in 3 easy steps Saturday, April 27,

   13

2. sascha bates  blog.brattyredhead.com    @sascha_d The  Ship  Show  Podcast Saturday,

   April 27, 13

3. How to Fuck Up Your Chef Implementation and Piss Everyone

   Off Saturday, April 27, 13

4. Why should you listen?  5    years  on  a  retail

    web  ops  team  5  years  infrastructure  consulting    3  years  with  Chef Saturday, April 27, 13

5. Why should you listen? The  ability  to  learn  from  another’s

     mistakes  is  a  sign  of  operational  maturity. -­‐me Saturday, April 27, 13

6. I  make  messes so  you  don’t  have  to Saturday, April

   27, 13

7. TECHNICAL DEBT Saturday, April 27, 13

8. acceptable technical debt Saturday, April 27, 13

9. UNacceptable technical debt Saturday, April 27, 13

10. UNacceptable technical debt Saturday, April 27, 13

11. Saturday, April 27, 13

12. Saturday, April 27, 13

13. I love chef Chef  is  one  element  in  your  Ecosystem

    Saturday, April 27, 13

14. Saturday, April 27, 13

15. ohai! Saturday, April 27, 13

16. Ignore Your Infrastructure Test nothing Write scripts, not code Saturday,

    April 27, 13

17. Ignore Your Infrastructure Test nothing Write scripts, not code Saturday,

    April 27, 13

18. ignore your infrastructure free range packages  Packages  and  repositories  are

     more  than   just  something  to  fight  about  on  the   Internet Saturday, April 27, 13

19. ignore your infrastructure free range packages What  works  for  chickens

     and  cows  doesn’t   work  for  software Saturday, April 27, 13

20. ignore your infrastructure free range packages Who  cares  where  I

     keep  my  packages? Saturday, April 27, 13

21. ignore your infrastructure free range software Saturday, April 27, 13

22. ignore your infrastructure free range software  Ruby  (epel) Saturday, April

    27, 13

23. ignore your infrastructure free range software  Ruby  (epel)  Rubygems  (rubygems.org)

    Saturday, April 27, 13

24. ignore your infrastructure free range software  Ruby  (epel)  Rubygems  (rubygems.org)

     Chef  and  associated  gems  (rubygems.org) Saturday, April 27, 13

25. ignore your infrastructure free range software  Ruby  (epel)  Rubygems  (rubygems.org)

     Chef  and  associated  gems  (rubygems.org)  Random  gems  for  projects Saturday, April 27, 13

26. ignore your infrastructure free range software  Ruby  (epel)  Rubygems  (rubygems.org)

     Chef  and  associated  gems  (rubygems.org)  Random  gems  for  projects  Zip  packages  downloaded  from  the  internet Saturday, April 27, 13

27. ignore your infrastructure free range software  Ruby  (epel)  Rubygems  (rubygems.org)

     Chef  and  associated  gems  (rubygems.org)  Random  gems  for  projects  Zip  packages  downloaded  from  the  internet Saturday, April 27, 13

28. ignore your infrastructure life without package repos Saturday, April 27,

    13

29. ignore your infrastructure life without package repos  Compiling  from  source

     sucks Saturday, April 27, 13

30. ignore your infrastructure life without package repos  Compiling  from  source

     sucks  Rabbit  droppings Saturday, April 27, 13

31. ignore your infrastructure life without package repos  Compiling  from  source

     sucks  Rabbit  droppings  Source  bombs Saturday, April 27, 13

32. ignore your infrastructure life without package repos  Compiling  from  source

     sucks  Rabbit  droppings  Source  bombs  Stealth  bombs Saturday, April 27, 13

33. ignore your infrastructure life without package repos  Compiling  from  source

     sucks  Rabbit  droppings  Source  bombs  Stealth  bombs  Serial  failed  deployments Saturday, April 27, 13

34. halp! Saturday, April 27, 13

35. Package Repositories JUST  DO  IT   Saturday, April 27, 13

36. ignore your infrastructure honorable mentions Do  not  get  attached  to

     your  servers Get  some  virtualization Saturday, April 27, 13

37. ignore your infrastructure Test nothing Write scripts, not code Saturday,

    April 27, 13

38. TEST NOTHING testing is dumb Who  cares  if  I  bring

     down  all  the  other  people   developing  on  Chef-­‐provisioned  VMs  and   servers? Saturday, April 27, 13

39. TEST NOTHING testing is dumb  I’m  just  fixing  a  typo

       with  another  typo  It’s  just  new  functionality  with  more  logic Saturday, April 27, 13

40. TEST NOTHING baby steps  Syntax  Testing  with  Knife  Lint  with

     Foodcritic  Vagrant:  Basic  local  testing   Saturday, April 27, 13

41. test nothing do it again  Converge  until  it  works  Rerun

     it  from  scratch  Do  it  again Saturday, April 27, 13

42. test nothing do it again test  or  be  forever  shamed

    Saturday, April 27, 13

43. test nothing level up  Functional  tests  with  Minitest  Chef  Handler

    it "creates directories" do directory("/etc/").must_exist.with(:owner, "root") assert_directory "/etc", "root", "root", 0755 end Saturday, April 27, 13

44. test nothing advanced level up TDD  Baby! Write  your  tests

     first Saturday, April 27, 13

45. ignore your infrastructure Test nothing Write scripts, not code Saturday,

    April 27, 13

46. write scripts, not code direct script port porting  scripts  into

     Chef  is  a   recipe  for  eternal  sadness Saturday, April 27, 13

47. bash "update_ssh" do code <<-EOH sed -i -e 's/AuthorizedKeysFile.*authorized_keys/ AuthorizedKeysFile

    \\/\\.keys\\/%u\\/ authorized_keys/g' /etc/ssh/sshd_config EOH end bash “ssh_dns” do code <<-EOH sed -i -e 's/#UseDNS.yes/UseDNS no/g' / etc/ssh/sshd_config EOH end Saturday, April 27, 13

48. write scripts, not code learn the primitives template file package

    Saturday, April 27, 13

49. write scripts, not code code trumps scripts package "ssh" do

    action :install end service "sshd" do action [:enable, :start] end template "/etc/ssh/sshd_config" do action :create mode 0644 notifies :restart,"service[sshd]" end Saturday, April 27, 13

50. # Cookbook Name:: keys # Recipe:: common # Author:: Sascha

    Bates keys = [] search('public_keys',"tags:common").each { |k| keys << k } search('public_keys',"tags:chef AND tags:#{node.env}").each { |k| keys << k } keys.each do |k| key_type, key_part, key_comment = k['pub_key'].split(' ') ruby_block "root_keys_#{k['id']}" do Chef::Log.debug("test condition: grep #{key_part} #{keyfile}") not_if "grep #{key_part} #{keyfile}" block do File::open(keyfile, 'a') do |f| Chef::Log.debug("Adding #{key_comment} to #{f.path}") f << k["pub_key"] << "\n" end end end end Saturday, April 27, 13

51. write scripts, not code dsl trumps code # Cookbook Name::

    keys # Recipe:: common # Author:: Sascha Bates authkey “common_key” do action :add user “root” end Saturday, April 27, 13

52. now what? "Almost nobody wants things to be as shitty

    as they can be...” -Jesse Robbins Saturday, April 27, 13