Video in TIB AV-Portal: Policyfiles

Formal Metadata

Title of Series
CC Attribution - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
Let's dive into how with policyfiles we can onboard others onto Chef in 1/4 of the time, define a change management approach that everyone can be comfortable with, and allow you to effectively implement Chef within an air-gapped environment. We'll provide an overview of the policyfiles feature, how to manage it through a pipeline, how to migrate an existing Chef structure to a policyfiles structure, and some considerations for when the feature is not the best choice.
Code Euler angles Direction (geometry) Multiplication sign Insertion loss Mereology Order of magnitude Data management Programmer (hardware) Mathematics Strategy game Different (Kate Ryan album) Endliche Modelltheorie Information security Physical system Social class Software developer Feedback Data storage device Sound effect Chaos (cosmogony) Database transaction Bit Control flow Surface of revolution Entire function Type theory Data mining Data management Order (biology) Right angle Pattern language Quicksort Asynchronous Transfer Mode Row (database) Dataflow Trail Server (computing) Computer file Consistency Real number Amsterdam Ordnance Datum Product (business) Revision control Goodness of fit Internetworking Operator (mathematics) String (computer science) Computer hardware Integrated development environment Squeeze theorem Computing platform Domain name Key (cryptography) Demo (music) Consistency Interactive television Plastikkarte Division (mathematics) Transformation (genetics) System call Integrated development environment Software Network topology Family
Group action Installation art Code Euler angles Multiplication sign View (database) Workstation <Musikinstrument> Set (mathematics) Chaos (cosmogony) Coma Berenices Mereology Proper map Perspective (visual) Information technology consulting Data management Data model Mathematics Web service Different (Kate Ryan album) Endliche Modelltheorie Information security God Exception handling Source code Block (periodic table) Software developer Moment (mathematics) Electronic mailing list Shared memory Chaos (cosmogony) Database transaction Lattice (order) Control flow Skeleton (computer programming) Category of being Inflection point Data management Process (computing) Hash function Database Chain Self-organization Right angle Pattern language Quicksort Information security Row (database) Point (geometry) Web page Slide rule Implementation Server (computing) Mobile app Service (economics) Computer file Real number Firewall (computing) Virtual machine Process capability index Branch (computer science) Event horizon Product (business) Element (mathematics) Attribute grammar 2 (number) Revision control Database Operator (mathematics) Energy level Integrated development environment Software testing Computing platform Default (computer science) Operations research Shift operator Demo (music) Information Patch (Unix) Consistency Interactive television Code Line (geometry) Cartesian coordinate system System call Human migration Word Uniform resource locator Integrated development environment Software Blog Calculation Family Spectrum (functional analysis) Window
Computer virus Group action Context awareness Code Design by contract Set (mathematics) Bookmark (World Wide Web) Fraction (mathematics) Mathematics Different (Kate Ryan album) Automation Information security Software developer Keyboard shortcut Sound effect Attribute grammar Bit Data management Message passing Right angle Classical physics Server (computing) Implementation Game controller Identifiability Service (economics) Computer file Observational study Virtual machine Theory Product (business) Attribute grammar Local Group Revision control Frequency Inclusion map Goodness of fit Term (mathematics) Integrated development environment Shift operator Server (computing) Consistency Content (media) Planning Client (computing) Word Bootstrap aggregating Integrated development environment Blog Cube Factory (trading post) Revision control File archiver Object (grammar) Window
Group action Computer file Software developer Moment (mathematics) Energy level
Revision control Message passing Mathematics Computer file Information Source code Automation Whiteboard
Dependent and independent variables Group action Game controller Server (computing) Computer file Connectivity (graph theory) Incidence algebra Proper map Software bug Power (physics) Product (business) Twitter Mathematics Data management Blog Resultant
so my name is Michael has there was a dinner but when a Mitrovica and mine Michael hedge and I am a software architect at NCR In possible was a really great important feature of for us and for while there they after their development that can I went out of style for a little bit and I were to last I guess 9 months to a year to try to bring them back into style and because I believe that there is a simple and awesome way to do up development of and that to make things may great things happen just simply as today we talk about a little bit of my journey we're going to talk about why policy files like some good things balls evolves and we're going to go through a walk-through of the feature itself and then we're going talk about well the people say on why you would use false evolves from in some legitimate and not so legitimate reasons people would say you should use policy files were do a demo of policy files an automated but a demo as in a screenshot of things the tell me they're working on and which is that the demo in your marketing right now the market and so and then add them all answer questions my hope today is that you will see policy files as a viable in a great of method and hopefully going forward the method for doing stuff development is so simple it's a great feature and it makes everything wonderful so I'm going to make that real for you hopefully this afternoon so what about a little bit about me in us in R is a a hundred plus year-old companies we invented the cash register yeah thank you thank you I and actually many catheter was a really big technology revolution if you can think about what happened before the cash register and there was you know they called the mom-and-pop a reason there was mom-and-pop in family because you could not trust you have an audit trail what was happening in store so stores could scale passed a family because you have the cash drawer this with no loss in so with the cash register that change all that and that began the redirect revolution 130 years ago or I guess more than an hour I can do math right now and there is some years and in so that was really awesome in throughout the 20th century uh that whole platform was a big deal like the IBM of people who start IBM came from his your and in for the 1st 25 years of of the 20th century like being at NCR as an executive was your pathway to Austin things and in high technology at the time and um but toward the end of the 20 century gun to reach elegante ATM's amble we realize that hardware was becoming a commodity but people were interested in software sufferers in the world and so we began what is your began investing in a software solutions are 1 of those is was company they got acquired that was a part of a real systems in my division of NCR focuses on a restaurant technology so anywhere from a fast food restaurant to a fine dining restaurant they all have in myself running it and 1 of our key key strategic the directions was trying to come and on the as a platform for our customers who would be anywhere from Home Depot to Chase to so when these for example and help them uh go into this on channel world which means you you're 1 order chicken sandwich potentially on your phone you might wanna drive by you might wanna call ahead you have a lot of different ways that you want interact with the business in C we help people do that and is so they're really interested in making delivery faster we arranged in making delivery pasta and I in so shelf was shot was is a part of that strategy so for me I started out in development to so development title I'm and so I I can I grew up in a world of of just make the destructive change and the dumb people get the way we make a ton of money and that sort of the programmer a developer and pattern i'll call into pattern hours of learned more and in I was really happy in development in fact about this pre some because you don't really have to deal with any real world stuff displaying them on other people and but but what I did not like is the fact that investors I was making in in our products more reaching the customer but in the value that the company was investing in the was not and was not being realized because I did the features but maybe what the right features visited have the feedback loop or maybe features were delayed because we can have an efficient effective way for deploying things and so this is a moral thing I got into the Dev Ops in and release automation stuff up because I I I I wanted to unblock that that value flow going to our customers I'm and I realize that delivery is really the key the value of that it it needs a developer of my features not delivered it's worthless in fact it's worse than worthless because they paid you make something that wasn't liver and and I'm actually looking for 2 and was followed by the losses that it's sort of making delivery 1st class citizen of the problem domain and and hopefully I can see Future work delivery is of more than a first-class citizens more important organizations for for happen then for the actual development the code so we looked at the chef reasons we wanted to show for and that we wanted more consistency in our requirements and looking up from a nap centric model and not so much infrastructure I came from a development background so we wanted to be more efficient if we want to speed up but then I was so excited and I talked my security in an there were as excited at 1st but because they very accurately and the since my the the a mature attitude of thinking you know I'm just going to and do all the school stuff and in in the dummies are going the other way around in I've had to learn how to be pathetic with them in in treat them as 1st class citizens tree operations 1st classes and you know I'm not that person today but they they were not really happy with the with this whole a chef stuff in and 1 of the things that they didn't like is that what you can make a lot of different changes to a chef server and those changes could have drastic effects on your infrastructure so you think about if you gonna change environment and to a new cookbook version you may have just change the code running on your entire production infrastructure if you're all sharing a product environment and that scared them deeply because of the bad actor and made a bad actor change then they are going to some very easily on your whole production infrastructure as a scary thing and if I think about this like beyond just shut up on I the news that S 3 in the east coast went down like the we so in rural and so that was due to somebody entering into a search string and like true promise of a wild card on a search and so they involve orders of magnitude more servers then they thought they would which brought the Internet that an end to a developer or even POC type of thing that seems really cool like are you we can do anything we want to with this thing but then in that in that row world situation if you're security persevere worried about change management and that Austin feature that that your development operations people may be salivating over is the potential thing over your whole business down in in C or provides of 1 you know this is marketing forcing it in your powers many of the world's transactions from
banking to retail to restaurant if we went down you would know about it would be in the news and we we live on the trust our customers give us to be a platform for transactions and in so no we're not going to just make some change to a chat server and it that is potentially not a test is a change measures fusion important we also have air gap environments and which means that you cannot you know from your workstation at your desk SSH into our prior servers and there's a block their their firewalls there's a whole different whole other network there in so you can have the 1 Chef server that rules the mall model and you have to have a repeatable way to go from a shove server to ship server with uh where you know what you did before you know what you did after uh and um in both locations are of our consistent and of finally having the the quote that the quotable moment was of of unoccluded about says I'm not going to have developers making changes to production like security felt that was treating felt that the that shuffle or even develops the brand itself was sort is chaotic things like word going word just you know we're getting everybody out way there's there's a lot of the kind cultural 100 times so that they see that I think there's some reality that in so I had to change my mentality In realize improvise with what they were saying I think that these concerns are completely region and and you know I was talking to a friend the other day and they were there adopting show very new and they were and they're talking at this by this thing that they were struggling with in in you know I'm sure you've all been there had been there to where you say you know that person stupid are there just done are they just don't a change in in you we've all had that moment if you're if you're trying to get people to implement show the reality is they probably have very real concerns that you just don't you you're thinking about it and the weighted the way to handle things it's got a lot of them and go through the concerns and legitimize them in your mind 1st and then try to come up with a clever solution to they're not going to and see that you are taking them seriously and that there there are can listen to you so I'm off topic and would go over time but this'll off topic but proton and 1 of things that change my relationship with my security person is 1 we can a master person of the PCI Express at my organization chapter not being with me and finally I got after 3 weeks of delay delay delay I finally got a meeting with them what we can do about PCI the sacrifices worship implementation and I realize those that have a meeting on Monday and it was Friday afternoon and so I went and bought the PCI book a 400 page PCI book has motivated because I was so frustrated with not making any progress with with this element of my my implementation I read the book over the weekend I n In part it in that meeting I want to with them he came up with the requirements are we talking about requirements lower requirement nine year he said 9 point 3 and at that moment that's why relationship changed it because he knew that I was just have recklessly commit like that the drunk uncle at thanksgiving you know you don't know what that person's going to do on this going to be fine and he want that person that is that is the business Thanksgiving so and so we had can have an impact of the security not when is chaotic DevOps thing happening but me wanting to drive change me starting understand where they were coming from this is a real problem that people that that there that there showing showing me and we do not want our whole business to go down even at the service of automation and uh so we I remember the day shift blog without a policy for post I never about future and I read through it and I thought 0 my god this is exactly what we are needing looking for and and and I immediately wrote out a whole in a whole spectrum of policy suppose look like for us and they immediately said yeah that's exactly what we're talking about we need proper change management we a controlled environment so all real policy files real quick the traditional model with uh with if you have everything is you go do your code of the applications stuff you know you to QA you're gonna go 3 lady you know brother right before prod you have all this stuff them at the end right so the consultants will say let's shift left the nest will really what they mean and what they want you put all these things all the way at the beginning of QA whatever so this is what we're trying to get rid of a trying to create consistent implementation terol environments OK so then if we think about show when I talked to my shaft to them look like this and if you're nice furniture like no other node you totally understand I was right yet thumbs up Noah gets it right he's not the problem no and the problem is with security person looking at all of this they are thinking chaos OK so what i'm illustrating here is that in the traditional shop model you have a lot of different elements in show that could be change events to your servers and that should scare you because it's harder to control the more change events that happened the more difficult to control so you have you could be in changing a role and I could change everything a production it did you test that role in early environments maybe not you could change environment you could change a cookbook you get absolutely not increment a cookbook version and but then change a cookbook and that's really difficult to to figure out so this traditional Model II and non argue is is much more difficult to manage from change management perspective In the policy files model says let's take all of what was there before all of these roles all these environments I'm always cookbooks In this put them into a policy I'm in all of the concerns that we're looking at going to that policy as well the and those policies and the code that go alongside them can go through the environments where you can trust that I'm running this chef code with with this version of software or whatever or these versions software and I'm promoting them to the environment and by the way if you're looking at Dhaka I which is the cost of these things that's is darker far right there right you got you got something that you from 0 3 environments if you look at habitat the which is the main cost of these things is the same thing you have a habitat package that goes through your environments so what policy files do is they take the model that we prune with with darker the model that we proven with habitat and it also applies that same model to them to a chef workflow which makes everything better you get all the benefits that those smart people in those other than those other tools have realized by making the tool in that way and that's what you give a policy falls as well chain so these other benefit with policy because I've seen and I've heard this from my friends in the community so it's not just me I believe that with policy files you are more people which in 20 per cent of the time but you will on that you have been onboarding them if people say Schepers difficult to learn you ask yourself the question are cookbooks difficult to write in my experience at NCR cookbooks are not difficult right you set people up with the with the skeleton cookbook you town here's the resources you show them that you show them a process great they can they can could but the problem comes about when you talk about a role environment Penny of all these other things that go
around with a with could put development and are difficult to teach in the right people wanted so we do is the is we leave all and we say OK you don't databanks you don't policy files and policy files but I have to tell them this is a policy proud to show them the 4 lines that we'll see in just a few minutes of what the policy followers and they do with data banks and then with these other things they don't have to worry about them and that's a feature not but because it simplifies everything for the so the some of the benefits of policy files and let me take a 2nd for question there may have questions so far but yes make a sense of the goal so let's go through policy bells now but so let me let me be fully of full disclosure here you can find all this when they tell you is basically ripped off my blog post on policy from also hedged dash arts . com forward slash policy files I you can read all this in that so that's and then if you go on to the past policy files channel on the on the set communities slack that's that what was suspenders well so I'm just sort of talking to you about what you can read so it's but it's part of the talk so the reader and so policy well this is the basic feature in you know this is almost like ever ever do a Dev Ops demo where like you push the button and you tell people the whole point of this is that should be boring you know like this or it just does all the things and you don't watch shown the command line is that's not really big deal so demoing policy poses similar because policy files are uh very simple so I'm going to try to make it as interesting as I possibly can even those grows simple so a policy file starts with a policy filed R. it is generated by that or when a path windows right I Adam that would put his views on this generated with that or it's generated with the chef command and so you can generate possibile but but an example is probably more instructive is is it so you got 4 lines here 1st I forget the policy name so posse name is uh like maybe a role name for server so for us we would have some insight dash web service or product name and the role so policy name is like a role you can think of a set of servers get a policy name and that you are categorized seconding is where are you getting your cookbooks from so that's similar to what you may notice with 1st birch off some idea from supermarket I we use a private supermarket which I highly recommend saw some of them but you can use the ships abroad used to supermarkets so you can and you can fall back on the public supermarket use a prior supermarket for your answers your stuff then asks for less I hopefully you know it's and and then it asks for any exceptions that you have to what you just told them so I pay I'd I'd like to get all my cookbooks from and from the supermarket but there's this 1 that I that I need to have a particular of poor of our for 2 branches something like that or my internal cookbook whatever might using supermarkets and so that's a policy for and so you know another side it was always funny like when were learning show the on these calls were something goes wrong and people start blaming share will maybe it's just like Schepers this mythical god of war you know like well it's not I mean chapters that magical it's just in the being code somewhere so any usually isn't because Schepers way more tested than any other thing that follows along the way we're doing is way more test of anything that that they're doing with otherwise and so like when you're policy files you know all policy probable it's those 4 lines is really simple OK it's just a file it says what what is a category of servers I'm going with this policy name where I get my cookbooks from and what I'm I'm going to run on a machine there this is sometimes checked new cookbook and like it something that later but sometimes technical but checked in saw someone right so that's a policy file are you might think when I can do with attributes so maybe you stop listening to me a few minutes ago because I much you up with us and they'd all you're going to get rid of environments in the river roles they know that really scares me because I am I use those 1st it's I'm so there are different ways you can you can handle list so you have to use a change of using attributes in environments roles 0 1 way is that you can declare active users of the ball suppose what so some of our policy evolves in fact many of our policy suppose are not 4 lines long because they include actually information if you can see here there is the active your dick defined hash but it's grouped by kind of what you could think of his environment and so I have attitudes group by QA UAT interaction in those groups are called policy groups the legal policy group as environments can the same thing so I declare that is right there and and I can consume those activities in a recipe uh no told me that the chef in Fig policy there can be node policy groups are known for not the science a but you can also use no was ways he poise right yeah poised placed I but I practiced a lot to try to say that the right way because I was I was nervous somewhat poised always does is it takes your policy group in it in it promotes attributes that were based on that 1 group like in this In this previous slide here like the depot QA you have my at database if you're running POIs voiced it'll voiced those attributes up to the node level so I would see my app database and it would do that based on the positive that's there so very many things to know for creating that no work has been um I guess we've been hand-in-hand on let's do let's give policy falls working in a we're both on the Crusades and so actually are pretty easy and I think talked about migration so that's probably 1 of biggest thing points is if you have nodes in it if you have actress declaring roles or environments but you can declare them there or you can declare them in a row cookbook that's probably good pattern for you and and then this would take care of the environment so so that a can attributes an analysis and generate a file so a lot file is basically all of the dependencies that you need to run share in adjacent file event so you run that With this command shepherds style and in the possible and what that does is it takes you don't do it's kind of like it used for accessible to stop and so it takes all which you declared declared and it says OK I'm going to you told me get this cookbook from the supermarket I'm going to go to the supermarket look for the latest version of whatever it is and get back a book locally and save what cookbook I'm using to this block so here we have the very top of a lot file on the very coolest part of this is the revision ID and which looks like again using set of characters and it is but the some part about this is that you can know exactly based on this data file if you check in to get you can know exactly what you're running in production so the very 1st thing we'll see whenever you whenever you're running chef-client is were running a policy named this against group this with revision ID that 1 and so you can go on in in know exactly what you're running this is the policy of i'm running in by the way this happens way before your code runs this is totally separate you're you are doing all the calculations for dependencies in everything it needs to run the show In in your development environment said the bill your build part of the process not in your run part of process yeah and and then there's also cook data and so this made the
security people being get really excited because there's a um there is a little bit of a problem with secure change management with cookbooks in traditional show and that is I can have version 1 . 0 . 0 0 cookbook and I can be a bad actor and put in a virus in Acapulco in I can't forced push that could version 1 . 0 2 my server and if that's connected to a role that is global or something all of a sudden my whole infrastructure got owned and because even know it says 1 . 0 it's not really 1 . 0 there's no guarantee here In that's scary even if you did all the good things around roles believe that all the things around environments with change management did everything right down the down the road with what people are telling you you still have the problem so you can you can deal with that with access control but I maybe so here you have this on my favorite future policy files to be honest this is dotted decimal I don't know yet is no it's the identifier is down here is the idea of our thanks you get this identifier my theory judge don't awareness of the identifier is a check some of the cookbooks contents and shuffle not run effect checksum is different so you get always production it says OK I want this I want to download this cookbook Austin wait a minute somebody's assemble with this cookbook were not running and so you have full change control this is I told my Windows friends of which I am and when it's really a Tomás is almost like taking shuffling compiling into an executable like there is you are doing static binding to other deals in Windows world world terms but you're doing a static cookbooks too so that you can not break those bindings you could try to do some things but chef-client what run for that and so this makes it extremely controllable everything is declared in 1 place and everything is safe and simple to use so after you get a lot of you are now ready to push it yourself that I put a proper policy I just do ship which policy group and in my policy file and behind there is the Law College already created so the pulsar group again is a set of services cabin environment concept for you have the you have a QA environment production vomit or you can you can split things in the policy groups in in how many ways you want you can have prior in improv the pulsar group and and we've done some that if you want to test out a shift change even within a fraction of those are just completely arbitrary by the way if you bite by putting push QA you're actually creating a policy run on ships are so it's not there's not not really manager on that is just your you're giving an arbitrary name and you and if using air gap environments is the coolest feature over other than identifier but you can say I want to export my entire policy into a file and and you can do whatever it is you do get that thing approach and that's walking through walking past the machine and people it's is that they are in you have the I guess the was that the US the inside of and so the Rubik's cube or whatever and that said Everest on reference on if you whatever you need to do to get yourself to production you can have a file that does it all in the cool thing here too is it that that feature itself have tells you the coolness of policy thousand that policy files are encapsulated so dependencies on the ship server like you another policy about because you have the awesome identifier thing is never going to mess with your policy you get you are getting a guarantee of here is the chef code that is going to run on the server period there's nothing around it it's it's a guarantee a contract that this feature gives you that you not going to get anywhere else on and so I can put that put all those dependencies into into a archive so it's got all the could dependencies everything and I can walk into production or whatever is ideal and to the ship server which shaft push archive will start to ship which I've archived to the policy group and then give it the the following so if you're struggling with you shut implementation with regard to air get environments because it's difficult for you to move and sharp objects from much of server the other and it behooves you to use this feature of so and I was I was that about that we use the word but moved In this talk because these are some kind of old English word but it because you use this feature because and it makes everything so much simpler and controllable in actually and it follows the spirit of an air gap environment way better than you're rolling a lot of different changes to shove server and hoping that you have a consistency with other environments should do OK so now I'm how i bootstrap something and you can do that would like to show you would use of the policy group and policy name and you would get I know that receptor policy about so and notice is how we're that we're talking about policy files a sort of out of all feature in the past but it's fully baked into show right now in running approach and for over a year so this is a this is an old features been tested in there were not announcing anything today right this is this how it how it goes so you can bootstrap with the policy group and our policy named and you can also that maybe not you can also include policy group and policy name in your attributes so this is how you're defining here's my node what's the name of the policy like it's my insight webserver what's the policy group this is a QA and policy groups so you do that in actually studies in passes chef-client should bootstrapping or you can even change the node object and give it a policy group and policy name and then it would switch to policy problem of and the if you're running something with classic stuff right now all you have to do is define these 2 things here and you are now and policy followed magically like that's already baked into everything in it just works that way there's nothing really else to turn on right so there no pipeline for us and if you go to my blog hedge dashpot stuff on but that's a DG e that shows that come up and you'll see a lot of work was there at last week I largely because I feel like I can explain this very and succinctly and sorbitol I want poster how do we use POS 2000 how we promote them through an environment with Jenkins in our factory etc. but the basic the basic here is we pack is a policy because everything for us an air gap environments woodpeckers policies and we impose a art of factory and then we have pushed into an air gap on a factory and consumed in there by using those those shock Ashoka commands so if you a more to showing up my blog so here's here's running shaft and like I said earlier show of when you when you write what policy files it just works I would argue it works way better of and that it it it says here I'm running policies effect so some potential drawbacks of why people would not use policy that's so so I've heard before but more in the past and the present I will I will use policy files because does not support Wallace vowels in I'll brag on my Christmas success seamanship supporting they have completely supported policy files for and see it's been fantastic there's no problem there and so that should not be a concern years if you're chef customer the communities there and the supports the and does chef automate support policy files on that's a little bit better different question and up until now they have not and they there are no current concrete plans to do that in a shelf workflow i'm because those Shep foreclose stuff is a little different than policy files workflow unbuffered visibility it is in active development
and let me try in a few minutes I have work to show you the so this is what I saw just yesterday
these are mockups of a what House files have autumn it look like in this is under active development and by shaft being at the moment and so they're thinking you know there's going to put positive in Boston and filter their CDs you nodes by Policy Group Policy names and and then you will when you get to the node level and you'll see policy group
also name in the In the node data and then when you look at your list you'll see
the cookbook the full pass version of the cookbook rather than just a cookbook version we we talked about that earlier on so what's cool about this is all we need to do is turn on data source of possible information into shuffle automate and these are pretty simple I think of you changes are being made to show on made to support policy files and we're very excited about those and appreciated the chef for and for being board making them and so yes
so it will be supported in
shall follow me and um in the visibility component and finally when I do about 0 changes so I got like 3 minutes from a race through this but this is a big concern so if you're thinking about possible as you really need to listen up because this is a this is a potential negative and if you have policy follows you potentially have a pulsar proper group servers alterative infrastructure in if you have a zero-day incident and a need to roll out a cookbook to everything to recover from a 0 the incident and that's going to be more difficult the post with policy because it will be without it because we're talking about Paul suppose are encapsulated behavior that you promote through everything you can just push 1 button and update all the things idea that as a feature not a bug we talked about that earlier that that with great power comes great responsibility and I do not want that responsibility rests on so your results may vary if you really feel like you're using chef just because you won't be able to update things in production immediately of great uh go for it and you may not want use policy wells of but I believe that the control and the change management that you get from policy files and will give you that that speed of delivery in safe delivery so the 0 they change could be dollar policy files if you focus on having a solid pipeline onto your your stuff and and and you could you could use this but it will help you do that a lot more safer especially for the days in which you don't need 0 changes so hopefully this got sided with the policy files from you find on Twitter on at Michael edge that but also there's the the text of my blog where you can find all the other policy post post and all the other posts related to how we do and how would you deployment and also I model this channel pre regularly along with the people a chance to develop also browse knows there this and policy false channel ownership community is a great place to to get help so hopefully a lot of you are inspired to so to implement this Austin features make you a better in I am looking forward in future and hearing how those things are very few