Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Exiting Vacuum: Integrating Configuration Manag...

Exiting Vacuum: Integrating Configuration Management into your Ecosystem

Sascha Bates

October 02, 2013
Tweet

More Decks by Sascha Bates

Other Decks in Technology

Transcript

  1. Wasn’t it awesome when it took 3-6 weeks to get

    a dev server and you got to share it with 60 other people? - nobody ever Wednesday, October 2, 13
  2. This Never Happens wrong database connection string deployed to prod

    smtp server fixed by hand and forgotten test apache server with special configs ssh keys pushed by hand Wednesday, October 2, 13
  3. Configuration Management is NOT a magic rainbow pixie dusted unicorn

    coming to save you Wednesday, October 2, 13
  4. In a perfect universe One deployment process to rule them

    all because deployments are complicated enough Wednesday, October 2, 13
  5. In a perfect universe Repositories for all OS packages yum

    install tomcat trumps curl -o http://some-tomcat-url tar -xvf tomcat.gz Wednesday, October 2, 13
  6. Infrastructure Crafting App Layer Configuration keep configuration data separate from

    code different configs in different environments deployments controlled by different teams Wednesday, October 2, 13
  7. Infrastructure Crafting Dynamic Discovery Across Tiers application instances noticed by

    web instances noticed by load balancer configs Wednesday, October 2, 13
  8. Infrastructure Crafting Workstation Automation make onboarding a fast happy process

    eliminate stale epic-length wiki pages Wednesday, October 2, 13
  9. Infrastructure Crafting Beef Up Your Pipeline Jenkins + Configuration Management

    = powa bootstrap/deploy automated integration/functional testing ftw Wednesday, October 2, 13
  10. Pick a Sane Use Case don’t try to automate the

    world small achievable measurable impactful Wednesday, October 2, 13
  11. Pick a Sane Use Case stay agile and visible demo

    your impactful automation show time/frustration saved Wednesday, October 2, 13
  12. Keep an Open Mind “because we’ve always done it that

    way” is no longer acceptable Wednesday, October 2, 13
  13. Brownfielding collaborating legacy apps have possessive owners be inclusive, ask

    questions listen when they tell you what will work mute criticism Wednesday, October 2, 13
  14. a package manager a package repository a substitute for version

    control Configuration Management is not Wednesday, October 2, 13
  15. package repos configuration management A Balanced Ecosystem Package Repos insert

    package repository rant here Wednesday, October 2, 13
  16. configuration management code is CODE put it where it belongs

    A Balanced Ecosystem Version Control Wednesday, October 2, 13
  17. Practical CM testing you can write tests for CM unit

    testing w/rspec functional/integration testing with minitest/bats Wednesday, October 2, 13
  18. Practical CM dependency resolution Librarian for both Puppet and Chef

    Berkshelf for Chef There could be others Wednesday, October 2, 13
  19. Practical CM primitives file, user, package, template, directory built-in idempotence

    readability operating system cross-functionality Wednesday, October 2, 13
  20. Practical CM exec vs primitives bash ‘install_my_package’ do command “yum

    -y install my_package” end NEVER DO THIS Wednesday, October 2, 13
  21. Practical CM exec vs primitives ALWAYS DO THIS package 'apache'

    do action :install end Wednesday, October 2, 13
  22. bash "install_tomcat6" do tomcat_version_name = "apache-tomcat-#{node.tomcat.version}" tomcat_version_name_tgz = "#{tomcat_version_name}.tar.gz" user

    "root" code <<-EOH curl --proxy https://aproxy.com:8080/ --user user:pass https://myartifactoryurl.com/artifactory/ext-release-local/ apache-tomcat/apache-tomcat/#{node.tomcat.version}/ #{tomcat_version_name_tgz} -o /tmp/#{tomcat_version_name_tgz} tar -zxf /tmp/#{tomcat_version_name_tgz} -C /tmp rm /tmp/#{tomcat_version_name_tgz} mv /tmp/#{tomcat_version_name} #{node.tomcat.install_path} chown -R #{node.tomcat.run_user}:#{node.tomcat.run_group} #{node.tomcat.install_path} chmod -R 755 #{node.tomcat.install_path} rm -rf #{node.tomcat.install_path}/webapps/ROOT EOH end Wednesday, October 2, 13
  23. Practical CM template primitive templates allow you to write flat

    files with varied configs across different environments Wednesday, October 2, 13
  24. <% @sudoers_users.each do |user| -%> <%= user %> ALL=(ALL) <%=

    "NOPASSWD:" if @passwordless %>ALL <% end -%> # Members of the sysadmin group may gain root privileges %sysadmin ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL Wednesday, October 2, 13
  25. bash "update_ssh" do code <<-EOH sed -i -e 's/ AuthorizedKeysFile.*authorized_keys/

    AuthorizedKeysFile \\/\\.keys\\/%u\\/ authorized_keys/g' /etc/ssh/sshd_config EOH end bash “ssh_dns” do code <<-EOH sed -i -e 's/#UseDNS.yes/UseDNS no/g' /etc/ssh/sshd_config EOH end Wednesday, October 2, 13
  26. primitives trump execs package "ssh" do action :install end service

    "sshd" do action [:enable, :start] end template "/etc/ssh/sshd_config" do action :create mode 0644 notifies :restart,"service[sshd]" end Wednesday, October 2, 13
  27. Practical CM extending and abstracting CM tools are easy to

    extend understand repeatable patterns abstract them into libraries, resources, custom types keep front line code readable Wednesday, October 2, 13
  28. # Cookbook Name:: keys # Recipe:: common # Author:: Sascha

    Bates keys = [] search('public_keys',"tags:common").each { |k| keys << k } search('public_keys',"tags:chef AND tags:#{node.env}").each { | k| keys << k } keys.each do |k| key_type, key_part, key_comment = k['pub_key'].split(' ') ruby_block "root_keys_#{k['id']}" do Chef::Log.debug("test condition: grep #{key_part} #{keyfile}") not_if "grep #{key_part} #{keyfile}" block do File::open(keyfile, 'a') do |f| Chef::Log.debug("Adding #{key_comment} to #{f.path}") f << k["pub_key"] << "\n" end end Wednesday, October 2, 13
  29. dsl trumps code # Cookbook Name:: keys # Recipe:: common

    # Author:: Sascha Bates authkey “common_key” do action :add user “root” end Wednesday, October 2, 13
  30. If you don’t remember anything else start small, stay visible,

    communicate craft a holistic ecosystem use the tool wisely and well Wednesday, October 2, 13
  31. bonus slide # -*- mode: ruby -*- # vi: set

    ft=ruby Vagrant.configure("2") do |config| config.vm.hostname = "goto-example" config.vm.box = "opscode_centos-6.4_provisionerless" config.vm.network :private_network, ip: "33.33.33.10" config.vm.network "forwarded_port", guest: 8080, host: 8080, auto_correct: true config.omnibus.chef_version = :latest config.ssh.max_tries = 40 config.ssh.timeout = 120 config.berkshelf.enabled = true config.vm.provision :chef_solo do |chef| chef.log_level = :debug chef.run_list = [ "recipe[goto::default]" ] end end Wednesday, October 2, 13