Build Cookbooks and The Service Delivery Canvas
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 50 | |
| Author | ||
| License | CC Attribution - ShareAlike 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/34618 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
ChefConf 201637 / 50
4
6
9
10
11
12
14
15
22
29
34
35
40
42
43
45
46
47
48
00:00
Service (economics)Information securityDemosceneLevel (video gaming)Covering spaceAuto mechanicSample (statistics)CodeSoftware repositoryLocal GroupSource codeBuildingIdeal (ethics)Maxima and minimaComputer networkDirect numerical simulationComa BerenicesData managementCartesian coordinate systemNumberProduct (business)Process (computing)ResultantLevel (video gaming)Order (biology)Term (mathematics)Operator (mathematics)Computer configurationBackupPlanningPolygonOvalWordWorkloadSoftwareStandard deviationRing (mathematics)Software developerSystem administratorBitWritingMathematicsFilm editingSource codeCASE <Informatik>Right angleQuicksortPoint (geometry)Line (geometry)Instance (computer science)Data storage deviceMereologyWebsiteArithmetic meanService (economics)Food energyDirect numerical simulationPoint cloudServer (computing)MeasurementDifferent (Kate Ryan album)CodeBinary codeSoftware repositoryIdentifiabilityNeuroinformatikMobile appGroup actionRevision controlMultiplication signGodMechanism designLastteilungInformation Technology Infrastructure LibraryPhysical systemEntropie <Informationstheorie>View (database)1 (number)Link (knot theory)Self-organizationFunctional (mathematics)Covering spaceOrbitData centerGoodness of fitAutomationInheritance (object-oriented programming)Amsterdam Ordnance DatumVideoconferencingSet (mathematics)Maxima and minimaContent delivery networkPanel paintingSource code
09:16
Continuous integrationService (economics)CodePhase transitionFunctional (mathematics)Machine visionExecution unitLevel (video gaming)Independence (probability theory)Revision controlData managementInformationIntegrated development environmentMobile appProduct (business)Level (video gaming)Point (geometry)Phase transitionSubsetSoftware testingRevision controlFlagExecution unitSoftware developerIntegrated development environmentMathematicsGodDefault (computer science)Mechanism designService (economics)CodePoint cloudEncryptionComputer fileServer (computing)State of matterEntire functionCASE <Informatik>Uniform resource locatorMetadataInformation securityHecke operatorCartesian coordinate systemRight angleConfiguration spaceWordMobile appBuildingJava appletBitData managementInheritance (object-oriented programming)Projective planeAxiom of choiceQuicksortMultiplication signMultilaterationMereologyContinuous integrationFormal languageTerm (mathematics)Electronic visual displayFormal verificationControl flowLogic gateInformationArithmetic meanSheaf (mathematics)Vector spaceBounded variationDrop (liquid)Process (computing)Physical systemInstance (computer science)Independence (probability theory)Goodness of fitUnit testingOpen sourceComputer animation
18:27
Mobile appAuto mechanicCodeService (economics)Software testingLinear mapSystem identificationReal numberDatabaseDirect numerical simulationStructural loadSample (statistics)Convex hullExecution unitElasticity (physics)Chemical equationFunctional (mathematics)Information securitySoftware testingBuildingRun time (program lifecycle phase)MereologyGene clusterMultiplication signData conversionBus (computing)CodeCASE <Informatik>LinearizationCartesian coordinate systemPresentation of a groupProduct (business)FrequencyStructural loadPhase transitionRemote procedure callInstance (computer science)WeightRight angleService (economics)Fiber (mathematics)TranscodierungMoving averageLine (geometry)DatabaseWeb pageIntegrated development environmentQuicksortInheritance (object-oriented programming)MathematicsSymbol tableProof theoryPoint (geometry)Endliche ModelltheorieData managementPower (physics)Graph (mathematics)FlagBitLastteilungUnit testingInformation Technology Infrastructure LibraryString (computer science)SubsetData centerOperator (mathematics)Water vaporWordRevision controlAuthenticationOpen setFiber bundleConfiguration spaceProbability density function.NET FrameworkElasticity (physics)Thomas BayesMobile appDirect numerical simulationFormal verificationSequelSystem callIdentifiabilityComputer animation
27:38
Content delivery networkInstance (computer science)DatabaseDirect numerical simulationVertex (graph theory)Data storage deviceComputer hardwareStructural loadExecution unitTime zoneInformation securityFunctional (mathematics)Elasticity (physics)Fiber bundleDefault (computer science)Link (knot theory)Computer fileGame theoryBinary fileLocal ringIntegrated development environmentPurchasingPhase transitionConfiguration spaceStandard deviationProcess (computing)Directory serviceStructural loadRule of inferenceSign (mathematics)Key (cryptography)Cartesian coordinate systemSoftware testingCodeBit rateInstance (computer science)Right anglePoint (geometry)Figurate numberInstallation artGodPoint cloudStandard deviationQuicksortCodebuchMathematicsForcing (mathematics)Flock (web browser)BitWordUniverse (mathematics)INTEGRALCuboidTrailInternetworkingPurchasingLine (geometry)PlastikkarteEmailNamespaceMereologyDirectory serviceUnit testingFiber bundleIP addressRepresentational state transferLastteilungComputer fileDefault (computer science)Functional (mathematics)Integrated development environmentData structureSoftware repositoryLibrary (computing)Function (mathematics)Video gameCategory of beingService (economics)Traffic reportingRadical (chemistry)Total S.A.Electronic mailing listChecklistNumberMilitary baseConfiguration spaceBuildingSubsetProduct (business)Multiplication signSet (mathematics)Direct numerical simulationPhase transitionCommon Language InfrastructureEntire functionMagnetic stripe cardSlide ruleExecution unitNumbering schemeBlock (periodic table)InformationMobile appReal numberSequelWeb 2.0Data centerComputer animation
36:49
BuildingPoint (geometry)Cache (computing)Multiplication signRight angleInformationComplex (psychology)Standard deviationLie groupCodeOperator (mathematics)Execution unitDefault (computer science)RootPhase transitionDifferential (mechanical device)Link (knot theory)MereologyLecture/Conference
38:08
Reading (process)Source codeLecture/Conference
Transcript: English(auto-generated)
00:05
All right, so is everybody started to wake up from like the lunch coma Are we just gonna kind of like take a nap because I'm gonna try and have enough energy to like keep us going but I totally understand if you just like And over because like yeah lunch was wonderful. All right, so we'll start with a little bit of where'd it go
00:24
Oh, that's wonderful. We'll just use the button Or maybe we won't There we go. All right, so let's talk a little bit about who I am Or who am I I'm the person that was behind how many people were at ChefConf last year
00:41
So if you watch the video on stage, they delivered delivery using delivery On stage at ChefConf. I was the person in the back Super heavily stressed because they were doing that live and on stage and I was responsible for writing the build cookbook that made all of that happen To the point of there was actually a little Sinatra app
01:04
written off to the side that gave us the ability to like cut over fastly to a Pre-prepped thing just in case because we're all ops people right like you got to have a backup plan But that was legit. We actually did deliver delivery on stage at ChefConf using delivery now automate workflow
01:24
I'm the author of about 20 or so build cookbooks and that number just keeps increasing because my team keeps shipping software The important part to to really take in is I'm not standing up here as a developer of automate In fact, I'm customer really patient zero
01:44
I'm going to be the person that goes to the delivery teams like guys Can we fix this thing because it kind of hurts? and The delivery team I'm going to use that word the workflow team has been super responsive and you know
02:01
the number of opportunities we've had to Dock food our own stuff and actually fix things before they got out to customers. It's just been fantastic With that said I'm the engineering manager for the CIA team That has nothing to do with intelligence. It has everything to do with our corporate infrastructure and
02:21
Applications which when we get into some of the stuff later, you'll understand why I say it doesn't have to do with intelligence So, what are we gonna cover today we're gonna cover the prerequisites and assumptions some concepts vocabulary Prerequisites and these are kind of the things I think are prerequisites the mechanics of how all this works
02:46
The actual service delivery canvas. Yes. It's actually a thing Some examples using that canvas and then I'm going to show you some actual code that runs actual things at chef so Starting with prerequisites and assumptions because we always have to make assumptions
03:07
I'm gonna assume you're doing the DevOps and really all of my code assumes you're doing the DevOps now as we all know That's kind of a loaded term. What does it actually mean to do the DevOps? I'm gonna use some very specific things that I expect of you
03:21
And I think that the workflow that I'm going to present to you it Really does require the app dev teams and the ops teams are able to use get Its workflow We're opinionated and one of the things we're opinionated is you can use any one of the version control systems As long as they are get
03:42
You know and or and very specifically deliveries GitHub's orbit buckets because those are the ones we support today But you're the team has to be able to use get if you can't use get this just isn't going to work Because the system kind of sorted depends on it Each group is willing to see the work
04:00
The other is doing this is super super important because I'm gonna ask you to take your ops infrastructure code that relates to the application that's being deployed and The application code and put them in the same repo You've got to work with the rest of your organization you've got to work with your app teams You've got to work with your ops teams It is all about being as a single team because how many people have had that thing where it's like, okay
04:27
Oh my god, we have to Coordinate this change across the cookbook and the app at the same time because otherwise everything's gonna go wrong And how often does that work? Well?
04:40
Instead I can make a code change and a cookbook change and they get to deployed as the same change set because they really are the same change set Both groups have to care about production I just you know, I usually start but I'm gonna do it right now How many people in the room identify as sysadmins operations engineers that sort of thing?
05:02
my peoples How many people identify as developers that? Right totally Do I have any QA folks in the house DBAs I Got to give it up for my DBAs because that's a hard job
05:23
You have to be in a place where everybody's talking and you all have to care about the end result Because I'm gonna say some super blasphemous things in a few minutes and it will really make sense Why we all have to care about the service in production In fact, I'm going to go so far as to say the only thing that matters is the service in production
05:42
The source code for the application and I touched on this a second ago, but the application the cookbook that deploys the application and The cook the cookbook for building the application all need to live in the same repo in harmony Because it's just the only same way to operate in my not-so-humble opinion. I should probably also mention mention
06:04
These are my views of how I my team functions that doesn't necessarily mean they are the views of how chef thinks you should function because like Yeah, there's a completely different thing between like what my team does and what we say is the right thing to do But I'm totally gonna tell you this is totally the right thing to do
06:23
We all have to start from a place of an API. I want you to deliver the entire service How many people think the service is some application code? I? Sure don't and it doesn't look like anybody else good. I just got blank stares
06:41
Like what are you talking about dude? Cuz right? It's like a load balancer There's there's probably some like storage involved. Hey, we probably got to have compute instances I actually have services that I run that don't have compute. It's kind of cool. There might be some CDN involved You have to be in a place where the majority of your stuff is API accessible
07:02
It doesn't all have to be but for everything that's not in the pipeline The more opportunity you have for things to go horribly wrong, so The more you do it in the pipeline as part of the pipeline makes a huge difference So for me what the minimum thing has to be is that we can provision new compute whether that's VMS instances
07:28
You know pick your flavor right open stack VMware AWS Azure Google you can provision a thing Most of us don't just like stand up an instance and point stuff at it
07:43
There's usually some sort of load balancer stuff You really should be able to spin or make the load balancer change necessary to spin up that cluster of servers And also how many people have API access to change their DNS? That makes me sad so for how many how many people are in the cloud right now
08:04
How about people on-prem data centers Okay, I've got suggestions. I should totally yeah, we'll talk about that later. Okay, so we're gonna talk concepts vocabulary You know the words. I'm going to use
08:22
We are delivering a service a thing that you hit What we are not delivering is a packaged binary that someone else downloads and does something with That's another talk for another day And it's not something frankly I care much about my team delivers services right we deliver
08:44
The corporate website we deliver the thing that makes the jobs actually show up on the website Those are the things my team is responsible for When I say the word artifact What does that mean to people is there anybody that like does how many people have heard the use of the word artifact?
09:03
Okay, is there anybody that thinks I'm crazy by saying the simplest artifact we can ship in the world is a tarball Anybody have a problem with that? Okay, so a tarball a Cookbook it is a packaged artifact. We care about the versioned
09:22
promotable thing which means We really do want to do continuous integration and delivery I'm just going to say it now if you are not merging to master. It's not continuous integration You can run all your tests all day long on Jenkins if that code isn't on master. It isn't continuously
09:45
integrated And delivery actually means it's in production somewhere crazy thought Even if it's in production in QA because I don't know about the rest of you But my acceptance environment totally production environment just production for someone else
10:04
It goes back to that point we are talking about services and not code Your code is no longer holy developers. I don't care that there's something broken on master Well, I do but if it gets to master that's not the end of the world because the thing I care about is
10:20
The artifact is that artifact something I can deploy and if it's not We need to throw up a big flag that says that artifact. It'd be broke. Don't do anything with that and We need to get to a point where every pull request or change request is Shippable we need to ship the thing the goal is to get to as many small changes
10:43
They go all the way out to production as we can because as we all know The smaller the change the easier it is to debug right if I go and deploy six months worth of changes I just deployed six months worth of changes And I don't know about you, but that scares me the crap out like holy God. I'm
11:05
couple of useful tools We're gonna talk a little bit about delivery truck How many automate delivery users do I have in the room right now? Like you already have it installed somewhere. Okay, cool You've probably seen delivery truck, right? It is at the heart of our cookbook workflow
11:21
Essentially you can take this the this Cookbook use its recipes and it will handle moving cookbooks through the pipeline for you Little do people know it also has some facilities through for moving your versions of the application that you're using Through the pipeline and that's probably also a good point
11:42
When I talk about moving a version that doesn't mean like we deployed a thing that just means like the version pinning Just so that we're super clear on that come concept And then there's delivery sugar, which is a neat cookbook that has a whole bunch of helper methods that are sugar on top of delivery, right so
12:05
There's for example one where you use it to go talk to the deliveries Chef server to pull versions and do some stuff at those live in delivery sugar so Let's Talk about mechanics
12:26
Display is weird. Okay, so we're gonna talk about Phases and stages. So I'm gonna walk through this real fast just so that everybody has it We have stages with phases inside of them Stages are verify build acceptance union rehearsal and delivered
12:43
In lint we run things to lint our code and I just want to be clear everything before acceptance is Pre artifact So we're talking in terms of this is about the code. So we're linting the code. We're syntax checking the code We are unit testing the code
13:02
That doesn't mean we're standing up a service and running tests against it because that's bad we want this to be as fast as possible and Functional tests come later. We do it again and build so when that approved bit hits we just merge to master Let me say that again
13:20
When we hit the approve button we have merged to master there are also there are two Places where there are human gates that is for a reason We're not gonna get into it now, but anytime you sit and think to yourself. Oh my god We need to approve that one more time don't It's there. There are reasons why and I'd love to talk some more about it, but
13:42
Why there are only two human gates? so When we get back into build we've now merged to master and as anybody that's ever used any sort of version control system You know that on occasion you merge things and the thing you got out at the other end is not what you thought you Were gonna get so we rerun lint syntax and unit because it's entirely possible
14:03
That the code that came out the other end wasn't what you thought it was Security this is code security. It is not This our instant security or service security it is code security we'll give examples of that a little bit later quality
14:22
That's kind of a loaded term, and I think we understand that it needs to be there But we don't have super great examples in many cases of what the right thing to do is there depending on your language of choice Publish this is where you actually do the build like you build the thing you build the artifact in my case Tarballs because I like tarballs
14:42
Or in the case of my cookbooks. I like do a knife cookbook upload because we upload cookbooks we'll talk a little bit about this each stage is made up of phases I Think I did that right. I'm totally gonna screw that up at some point today because like yeah the words
15:04
You can skip phases, but not stages right so if you're running I I legitimately have HTML have projects that are just HTML files like there's not even you just make some changes, and we seriously skip unit lint and syntax because
15:21
There's nothing to unit lint or syntax. It's just like go put some files on s3 and stand up some fastly config Each phase is a collection of two independent chef runs, so you run your default dot RB In your build cookbook as a recipe so your default recipe
15:41
That is going to be your setup recipe you're going to handle And I'll show examples of this you know AWS creds You might want to lay down maybe install some Ruby because like I love me some Ruby If you're a PHP shop or Java shop you're gonna do that in that recipe and then the second run is done as the debo D build user and
16:02
It executes the phase name recipe so if we're in bill I'm sorry for in unit it's gonna run the unit recipe for in lint. It's gonna run the lint recipe How am I doing on time? She probably move slightly faster all right so Versions version promotion so what we do essentially is we create a data bag item with the version and artifact information
16:24
so if I have version 1.5 Where the heck do I get version 1.5? If it's a cookbook we totally know just to go the chef server right like that's easy, but if it's an application Do you have any artifactory users in the house?
16:43
Nexus s3 totally an s3 user You've got to know where to go find the artifact that you actually want deployed so what we're gonna Do is we're gonna go take that information So I always store like a checksum because we want to verify that the thing we're supposed to be deploying is the thing that we're deploying
17:02
The location of said artifact so usually it's an s3 URL And any other metadata that's associated with that that's important because you may need it I Tend to like drop the entire delivery environment in just so that I know like how like the state of the world when it was built I'm just gonna go point it out here
17:22
Because we're all we all kind of hit this secrets management is kind of an interesting use case or interesting situation in delivery right now I'm sorry in a workflow right now It's getting better, but it's not perfect But for me the way I handle this is my builders have the ability have the Encrypted data bag secret on the build nodes and I use that to encrypt my secrets and put them up in the cloud
17:45
I'm sorry into the chef server and then My actual nodes have the encrypted data bag secret as well and use that My hope is that that over the next year that I'll get a little bit better We're gonna do breaking a part of the app and I'm just glossing over this because it's a it's if there you can have an
18:04
entire session on just breaking apart applications and understanding like what it looks like but The couple questions you want to ask yourself are all the pieces related to the application so You know you occasionally see applications where it's really three applications in one we'll break that apart
18:26
Maybe there are shared pieces of the application so we talked about being in an a Actual on-prem data center you probably don't spin up a new load balancer for every single application and if you do I want to work for your company because you probably have lots and lots of money to have a
18:42
f5 f5 or Net scaler for every single one of your applications, that'd be cool though Um That and it's probably not API accessible if you have to go over crack something every time like that would be crazy You know is the database shared I've worked in environments where the database is a shared thing and the applications that
19:03
Go talk to the database like that the database is itself an application in other cases like we spin in my sequel instance Or a postgres instance or a postgres cluster for every single application. It really depends on what you're doing When We talk about dependencies you need to understand them if there are things that you can do something about there
19:23
What we'll call operational concern, I'm so you can't do anything about their operational concerns So like if it's the VMware cluster, that's totally dependency But you're not gonna test whether or not the VMware cluster is up and running because like if the VMware cluster is not up And running we probably have a different problem and like we shouldn't be having this conversation right now
19:45
Isn't a build time or runtime dependency we are gonna talk explicitly about runtime dependencies as we move forward And what I mean by that is does the service use it while it's running so like libc That's a bad example because it's like a service dependence bay anyway when we talk about things
20:04
It's the does this API talk to this other API Well if it does it's probably a certain runtime dependency And you should actually actively test code paths that verify that dependency that you've declared And if you can't test it like there's no reason to declare it
20:23
Okay, so important. We're emerging out to verify We're gonna build for master, and we're gonna move artifacts not code through acceptance union rehearsal and delivered Alright, so first. We're gonna talk about the service delivery canvas We're gonna start with the artifacts and this will all make sense in a second when I show you this thing
20:43
I call the service delivery canvas It's a canvas which means it is nonlinear like we all like to think about starting at the beginning and getting to the end The reality especially and it's a pipeline right like you start at the beginning of the pipeline you go through it And you eventually end well the canvas is not meant to work that way the canvas is really it's a document
21:04
It's an opportunity to think non linearly about your problem set Identify the operational concerns as you go I touched on these a little bit a little bit ago But as you're building out your applications understand What are operational concerns versus what are dependencies so an operational concern might be the f5 device because?
21:24
Yeah, that's an operational concern. I am only concerned about the VIP for this thing maybe the operational concern is That frankly we don't actually ever Launch features as part of the pipeline launching features is an operational concern because we tick on feature flags
21:42
That's an awesome way to roll by the way Identify the dependencies as you go once again. We're looking for runtime dependencies. We really want to Be in a place where we can actually test the thing that We're depending on because we're responsible for doing that
22:00
And there was a talk given by Jess mink earlier in our yesterday as a matter of fact I think gives a little bit more detail around the dependency graph model inside a delivery, but Think about this magic for just a second you have six services that you tell the services what they depend on and Every time I deploy my application
22:21
The things that told that I told Workflow that I depended on It they run their tests too, so all of a sudden. We now have the ability to actually do things like microservices safely so this is the canvas really simple and this is
22:41
the PowerPoint version because it looks pretty But this is the actual legit thing like I was in Palm Springs last week working through my talk And I pulled this from my backpack and sat and wrote down with a pen and worked through piece by piece what an actual application would look like and
23:01
This is actually available at see Weber dotnet delivery underscore canvas dot PDF a huge shout out to Mark Harrison who actually made this look nice and Omnigraff whole cuz like I'm a manager and tend to use PowerPoint for things that shouldn't use PowerPoint for So the original one was done in PowerPoint. He made it look really really pretty in on the grapple
23:21
and I may even be able to Post the on the grapple file, so let's talk about a Ruby app. Let's like get into this so really simple right we got some DNS a load balancer in some instances the Stupid simple application we've got Sinatra. There's no database and
23:41
just because We all like to have that mental model. It's run at unicorn and nginx cool so We're gonna start by Figuring out what we're gonna publish because once again I told you at the end of the day what we care about is the artifact what we care about is the service
24:02
I don't care about unit testing code at this point because frankly I care about the service So what's gonna get the service deployed so let's start by like let's build it Let's get it. Let's take it create a tarball create a cookbook We want to get to that point where we are able to actually go see did this even come up right and sometimes
24:22
It's a proof of concept. We just need to get it into the pipeline and get it running The other thing you write is if you turn on linting too early You're gonna spend all your time trying to figure out why rubocop is blowing up instead of like shipping code And sometimes that's good and sometimes that's bad it really depends on what you're doing
24:42
so Once again, we're provisioning provisioning easy to instances an elastic load balancer. We all kind of know how that works, right? I've got I use chef provisioning you may use terraform. It's all cool. Just pick the thing that makes the most sense to you In the deploy phase and once again, we're walking through this as we go right so
25:04
We're gonna go run the chef on the nodes to install and or upgrade the app, right so In this place, we're going to do things like hey, there was a cookbook change So now we're going to change the nginx config or hey like our application actually can't change
25:21
So we will do a chef run which will cause Unicorn to get bounced that sort of thing and then smoke like This is the simplest like we have to remember smoke should be super brain-dead simple you just want to check Did it work? So did I get a 200 at a particular path?
25:43
In my case, like I use a lot of SAML based applications so the first thing I ask is did I get a 302 like does it redirect because I need to off and That's a huge like awesome smoke test right is if I get a 200 on a page It should be sending me to go get authenticated. I want to know that and blow up like that
26:04
and then functional like Selenium You mean if it's an API Maybe you're pulling down some JSON and making making sense of the JSON like it all is about what makes sense to you From there I dive in and it's Ruby, right? So we're gonna write some mini-test. It's a cookbook, right chef spec
26:27
We'll run some linting so Rubo cop food critic Rubo cop works for both our Ruby code and for our cookbook code Food critic how many people are familiar with Rubo cop and food critic? That is awesome. I love to see that
26:44
so here's the thing right like If cook styles your thing You should totally do that my team actually just rolls straight Rubo cop because we write a ton of Rubo Ruby code outside of like Chef land
27:01
Ruby dash C. I've got some great stories about this in a few minutes here But we're just gonna check to see hey is the syntax right like we want to catch this as soon as possible And then finally in the security phase. We're actually just gonna make sure that It's Ruby. We're gonna make sure that there are no open CVEs against the gems that are in our bundle
27:25
If you are running Ruby stuff and like in production, you should totally be using bundler audit because it will tell you Hey, by the way that SAML gem you're using there's totally an open CVE against it. You should fix that So let's use a more more complex example. This looks a little bit more like our normal applications, right?
27:44
There's some DNS. There's three layers of caching because of course you have to have three layers of caching You know, we've got the load balancer. We've got the CDN. We've got Redis Postgres So what might that look like as you can tell not a whole lot changed
28:07
But we can look across and go. Oh, wow, we're provisioning a lot more things. We should think about that The canvas gives you the opportunity To at a glance get a feel for what you should be doing in your phases before you even write your code
28:24
Because we want to get to a place where before we sit down and go write build cookbooks We have an idea of what should go where um And I talked a little bit about this a few minutes ago you work in a real data center You may not have the ability to do the thing in the cloud. So maybe you're deploying a PHP application
28:46
You know my suggestion I this is totally not like paid for but info blocks You can actually hit it with an API. In fact, I think they now have a rest API back in my day It was all pearl. So you wrote some pearl to do the thing
29:01
But you can use info blocks to spin up your DNS and handle IP address like assignment that sort of thing load balancers You're probably going to talk about a VIP instead of the actual load balancers. We discussed earlier stand up some PHP instances some my sequel instances and some memcache and then As VMware instances and then you know, we need some NFS. So why not do it with Isilon, right?
29:26
That's API accessible it The key for me is we all have to understand I don't have to have AWS I don't have to have Google to get this today to get to this point The ultimate goal is that when you hit approve and you hit acceptance the entire thing comes up on its own when you hit deliver
29:44
the application comes into being you shouldn't have to spend your time going Oh, it's it's a production deploy. So, you know, did run through the checklist. Did we do the thing? Did we do the thing? As we're deploying it like really what we want to do is
30:03
Actually, no because we ran through the checklist in the code to verify that the code is compliant and does the right things instead of whether or not we hit the checklist and as you Standardize your code bases you get to a point where you stop caring about that because it's encapsulated in the code
30:22
And this is what that looks like, right Same general ideas. We've got a lot more operational concerns because like the other slides I probably should just put AWS Cuz yeah, but we now care about our f5 cluster and all that stuff. So I'm sure y'all would like to see some code. So we're gonna look at some code
30:42
This is just so that we have a starting point. This is Chef web purchase and application You see our wonderful naming scheme and it's a simple Sinatra app that handles and purchases for one-off services so if you'd like one of our Solutions architects to spend a day with you remotely To talk about all things chef whether it's to give you advice on how to build cookbooks
31:06
You know cultural questions that you can buy up to three non-contiguous days online On the internets in fact, like if you go to that website right now You can totally push those buttons in and like hit the credit card button and enter your credit card and I'll get email that says
31:23
You bought something So this is a service like we all have things where we accept money and whatnot so this As we started is our canvas, right? This is how the application gets built We're gonna do unit testing. We've got some lint some syntax
31:42
I didn't fill these all in at the first go-around right when I first deployed this we totally didn't have lint enabled in fact, there's actually a commit on the on The repo that says make see Weber not a liar Because I turned on a bunch of these things to make sure that I wasn't lying when I gave this talk
32:03
So let's actually go look at some code and I just want to point out like I'm skipping functional right now I don't the the amount of work it takes to do functional testing with things like Salesforce and Avalara and stripe like It's just not worth it for something that I don't know if it's gonna make any money at all yet
32:24
So at this point, we're just gonna skip functional testing and if it breaks my bad It's totally an experiment right now We'd love to see it successful Like if you all want to go spend two thousand dollars to have a day of solutions team I would love you all right now because that would be awesome
32:41
so This is my entire default RV recipe. It used to be super longer because back in the day We didn't have things like slack integration. We didn't have github integration like those were things It's now gotten really simple you do a default for delivery truck, which just basically sets up the environment
33:01
We have AWS prereqs So for those of you that know about interacting with AWS, you know that you have to have creds on the box You know that you have to have The actual AWS CLI if that's how you're going to interact with it There are a lot of little things you need to be useful. So we have a recipe that does that
33:22
We also install Ruby the same way that we install Ruby on The actual node because crazy thought if I can install Ruby the same way in two places Which seems like a miracle sometimes? It's probably gonna be more effective right so my unit recipe
33:44
And I've got to hustle We're going to do the delivery truck unit tests. So that's just gonna run unit testing against our cookbook, right? We want to actually care about what the cookbook does we're gonna install our dependencies from bundler
34:00
It's an application that uses dot-env so I'm going to have to link my dot-env file in place because that's kind of useful and then We've got a little helper method here to run rig test Same idea, right? We link to the cookbook We install our bundler dependencies
34:20
We run rubocop-d, which is to say I don't like to have to go figure out what in God's name Rubocop was complaining about Check for syntax and I mentioned earlier that whole idea of Ruby dash C I initially did that with the find only to find out that find always returns zero because it found things
34:44
Instead of that the thing that was inside broke once again Install bundle or install my dependencies Update bundle or audit check the bundle We've standardized and I'm happy to show anybody the code inside of this, but we are now at a point that I
35:05
Don't think about how a cluster gets stood up. It's What three four lines there? that stands up the X now the size number of EC2 instances and ELB terminates SSL and
35:21
Sets the run list as appropriate and This goes out to those nodes and tells them to run a chef do a chef run I told you I'm just checking the status code that path slash architect days is what matters to me Did it return 200 a? Couple of useful things to know about there is a cookbooks directory if you stick a cookbook in there
35:45
Delivery truck will just work. It's beautiful The config.json is where your actual configuration code goes You'll want to read up on it online, but it gives you the ability to do things like Skip phases and specify the search for the build nodes
36:01
And then I'm gonna say this to kind of tongue-in-cheek dot delivery slash build cookbook is kind of the standard It totally isn't because there isn't actually a standard But where my team normally puts our build cookbooks is in dot delivery slash build cookbook So we're not polluting the main part of the namespace And finally a couple just real brief thoughts take advantage of custom resources they will make your life better
36:26
Helper methods are awesome so you can drop things that you use throughout the cookbook all over the place in the libraries directory and it makes your life better and Finally put shared things in shared cookbooks. So you saw that CIA infra CIA delivery
36:42
That's where those come from. So I with three minutes left That's my talk. What can I answer for you? Okay, so the question is If I'm only going to do something in a certain phase should I switch on it, right so If I'm in unit linton syntax, I probably don't need terraform
37:03
The the answer really becomes it depends on what your coding standards Allow for it also depends on what you want to do So at this point build nodes are shared and the first time it runs it basically warms the cache It just makes sure it makes sure it is there
37:22
With terraform is a great example if I don't have to install as root I'm not going to so I'm just gonna put it in as the build user and that's really what I use as the Differentiator I don't tend to add The switches because it adds complexity to my default recipes that but that's me personally The question is where can I go to find out more about delivery truck and delivery sugar?
37:43
So there is info in the docks So if you search in the docks for delivery truck and delivery sugar additionally There are cook the cookbooks are up on github. I don't remember are they in the chef the the chef cookbooks or the ops code cookbooks or
38:00
Chef cookbooks. Awesome. I'll slings here. Um so Yeah, you get hub like not gonna lie I'm of the belief that the best thing you can do when you run into problems is go read the source code So I totally go read lots of source code So with that said am I at zero minutes?
38:20
awesome Thank you very much. I will be down at the chef booth if you have any questions after this talk. Thank you very much