Configuration Management Anti-Patterns

Transcript

1. Configuration Management Anti-Patterns Sam Kottler @samkottler Thursday, June 20, 13

2. Hi, I’m Sam Thursday, June 20, 13

3. Hi, I’m Sam Thursday, June 20, 13

4. Configuration management is great. Thursday, June 20, 13

5. I don’t really care which system you’re using. This talk

   will feature Puppet & Chef Thursday, June 20, 13

6. Predictability Thursday, June 20, 13

7. Scalability Thursday, June 20, 13

8. Auditing Thursday, June 20, 13

9. Opinions lie within Thursday, June 20, 13

10. Thursday, June 20, 13

11. Build packages. Seriously, it’s worth it. Thursday, June 20, 13

12. /usr/bin/fpm -s gem -t rpm -n freight -v $VERSION -C

    $TMP_DIR \ -d "dpkg" usr/local Thursday, June 20, 13

13. A quick diversion... Thursday, June 20, 13

14. rpmbuild -ba foo.spec mock foo-3.4.0-1.src.rpm Thursday, June 20, 13

15. dh_make git-buildpackage debuild-pbuilder Thursday, June 20, 13

16. Thursday, June 20, 13

17. And put them into repos. Thursday, June 20, 13

18. Use PPA’s or COPR’s. Thursday, June 20, 13

19. This is actually really easy to automate. Thursday, June 20,

    13

20. Koji is your friend. Thursday, June 20, 13

21. I’m working on an OS agnostic solution. Talk to me

    after if you want to help. Thursday, June 20, 13

22. Inline logic that includes parameters Thursday, June 20, 13

23. Thursday, June 20, 13

24. Thursday, June 20, 13

25. Thursday, June 20, 13

26. Thursday, June 20, 13

27. Lack of parameterization Thursday, June 20, 13

28. “Why would I ever want to change this?” Thursday, June

    20, 13

29. Parameterized classes, hiera, and attributes Thursday, June 20, 13

30. Thursday, June 20, 13

31. Thursday, June 20, 13

32. Thursday, June 20, 13

33. Just look at the Opscode cookbooks And give Joshua Timberman

    a hug. Thursday, June 20, 13

34. Storing plain-text secrets in your config management repos. Thursday, June

    20, 13

35. Encrypted databags Thursday, June 20, 13

36. hiera-gpg Thursday, June 20, 13

37. Role decisions based on inventory values Thursday, June 20, 13

38. Thursday, June 20, 13

39. Thursday, June 20, 13

40. Thursday, June 20, 13

41. Thursday, June 20, 13

42. Thursday, June 20, 13

43. $ FACTER_physicalprocesscount=2 puppet agent -t $ chef-client -j “{ processors:

    2 }” Thursday, June 20, 13

44. Don’t fear wrapper cookbooks or modules. Thursday, June 20, 13

45. Thursday, June 20, 13

46. Remember all those awesome abstractions? Thursday, June 20, 13

47. Stop putting upstream modules and cookbooks into your repos. Thursday,

    June 20, 13

48. librarian-chef berkshelf Thursday, June 20, 13

49. Thursday, June 20, 13

50. Thursday, June 20, 13

51. librarian-puppet Thursday, June 20, 13

52. Don’t deploy with your configuration management tool Thursday, June 20,

    13

53. Thursday, June 20, 13

54. Rollbacks? Revision management? Thursday, June 20, 13

55. Consistency? Phased rollouts? Thursday, June 20, 13

56. Thursday, June 20, 13

57. It’s a bug if you can’t run end-to-end provisioning in

    a single run. Thursday, June 20, 13

58. Use a build system to run each type of machine

    in an isolated environment LXC or schroot are great for doing this Thursday, June 20, 13

59. Deploy your configuration management tools just like production Thursday, June

    20, 13

60. Questions? @samkottler shk@redhat.com https://github.com/skottler Thursday, June 20, 13